Kevin Burns
More by Kevin Burns
Directory Traversal, File Inclusion, and The Proc File System
February 23, 2016
Directory traversal and local file inclusion bugs are frequently seen in web applications. Both of these bugs can be used to read arbitrary files from the server. In most cases, this means that an attacker can read the /etc/passwd file and the shell history files in order to find information leaks.
Stealing unencrypted SSH-agent keys from memory
July 21, 2014
If you've ever used SSH keys to manage multiple machines, then chances are you've used SSH-agent. This tool is designed to keep a SSH key in memory so that the user doesn't have to type their passphrase in every time. However, this can create some security risk. A user running as root may have the ability to pull the decrypted SSH key from memory and reconstruct it.
Using strace to monitor SSH connections on Linux
April 7, 2014
As a penetration tester, I like to avoid replacing binaries on running systems as it makes it more difficult to clean up the system after we're done. Occasionally a tester will come across a Linux server that is used to connect to other internal systems. It would be nice to be able to monitor the SSH sessions without replacing the SSHD daemon. This is where ptrace comes in handy.