View profile

Weekly Reading's from Anant - Week 1 Feb

Anant Shrivastava
Anant Shrivastava
Weekly Newsletter #2: Weekly roundup
Last week i wrote an extensive coverage of sudo bug “Baron Samedit” however this week i will try a different style and will try to cover various stuff I encountered in last 1 week rather then going for a deep dive into one subject.
This week has been a mix bag of things for me some infosec, some non infosec. I will try to cover bits and pieces from all of them here.
At the start of the week we welcomed the news that objective-see tools are now all opensource.
objective-see (Objective-See) · GitHub
When it comes to OSX, objective-see is one of the must have source of software for privacy enhancement and to increase your own visibility of system. If you are on OSX systems I would definitely recommend having a look at the toolset.
Friends over at RedhuntLabs have been neck deep in researching the Internet and periodically give everyone a glimpse of research that they do. This time around it was the second wave of project Resonance
The topic of internet scanning or mass scanning in general has been a fascinating topic for me. instead of having a laser focus you spread your wings in a larger span and you are bound to catch a lot more than you hoped for. The same applies with this “Project Resonance”.
From the dataset and results presented my observations are:
  1. Older Webserver in use is not that big a surprise.
  2. PHP version 5 which is now EOL (End of Life) and should be purged is still in larger use is a worry point. would have loved a co-relation on how much of it was on windows vs linux. Linux usage of php5 would also indicate almost EOL or already EOL'ed OS.
  3. Header title “RouterOS router configuration page” or “GPON Home Gateway” or “NETSurveillance WEB” making their way in top 50 headers posts a grim picture of state of security and a space where something should definitely be done.
Project Resonance.
Project Resonance.
Tools of Trade
Last week i have spend a lot of time dealing with Semgrep
Semgrep
semgrep by return2corp is a sementic greping tool which is a new way of grepping through your codebase but in a language aware manner. The. tool is under active development and have recently added support for PHP. which is what was my primary focus this week. The support is in alpha phase so be cautious with it. They are starting to build a ruleset for PHP but dont have high hopes as of now. Rulesets in my opinion are as good as what the community builds. The power of semgrep is not in running public ruleset but rather in fine tuning it as per your own organisation or project’s coding standards and getting the most out of it. I will probably be writing a more in-depth article around semgrep with regards to php in sometime once I have had enough of play with it till then few references to look for
  1. https://notsosecure.com/semgrep-a-practical-introduction/
  2. https://ajinabraham.com/blog/detecting-zero-days-in-software-supply-chain-with-static-and-dynamic-analysis
More Reading....
Troubleshooting
The week started with myself struggling with BigSur upgrade rendering my laptop useless for nearly a full day. Laptop booted fine on recovery and safe mode but not in standard mode. Internet seem to be filled with these issues. Few observations i had:
  1. Macbook Display resizing is graphics card heavy and as such causes sluggishness on display. Stick to recommended size if you want less load on system.
  2. NVRAM or SMC Reset are good first bet. However most of the time the issue is not solved by them now a days.
  3. With Big Sur kexts are not loaded normally rather kernel has them included
Answer to my problems came in form of a obscure comment
https://developer.apple.com/forums/thread/649886
With this We have reached the end of this week’s newsletter. Please do subscribe if you like the newsletter and do send in your thoughts if you like this style or you prefer concrete single topic newsletters.
Till next news letter, Have a good time.
Did you enjoy this issue? Yes No
Anant Shrivastava
Anant Shrivastava @anantshri

This infrequent newsletter contains my commentary around IT (sec) topics

If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.
Bhopal, India