Securing Vendor Webapps - A Vulnerability Assessment on HELK

IppSec · Intermediate ·🔐 Cybersecurity ·7y ago

Skills: Network Security90%

More detailed notes: https://gist.github.com/IppSec/137a9f8870bed2763048072f321073e5 00:50 - My Vulnerability Assessment methodology 03:00 - Starting a Nessus Scan to see what it thinks 04:20 - Running nmap and deciding what ports are needed 09:35 - Reviewing the Nessus Scan 12:02 - Examining what leaving KSQL/Kafka (8088) open can do 13:58 - Using iptables to block ports that don't need to be routable 15:53 - Preventing NMAP from detecting the port as filtered, doing REJECT --reject-with tcp-reset 18:30 - Using Draw.io to explain what we are doing with a Reverse Proxy 20:40 - Installing Apache2 21:33 - Creating the reverse proxy HTTPS Configuration, then enabling modules ssl, proxy, proxy_http 25:10 - Our Apache Server doesn't like self-signed certificate of remote server adding: -- SSLProxyVerify, SSLProxyCheckPeerCN, SSLProxyCheckPeerName, SSLProxyCheckPeerExpire 28:44 - Enabling Universe Repo then installing mod-security 29:50 - Briefly going over the mod-security configuration file 32:35 - Setting ModSecurity to blocking mode then modifying the rules to allow Kibana to work 36:25 - ModSecurity doesn't like "application/x-ndjson", adding this to the allowed content types 40:13 - Beginning of creating a Certificate Authority to handle Mutual SSL Authentication 42:20 - Creating the CA Private/Public Keys with OpenSSL 44:11 - Creating the WebServer's private key with OpenSSL, then signing 46:00 - Creating the users private key with OpenSSL, then signing 47:20 - Copying the Webserver's keys to the reverse proxy, then updating Apache2 to use the certs 49:50 - Showing the SSL is working by adding the CA to firefox and checking if cert warnings go away 51:10 - Configuring Apache to force SSL Client Authentication which requires user certificates 52:00 - Creating the PFX File in order to allow Firefox to import our user certificate 53:00 - Demonstrating SSL Mutual Authentication is working 53:30 - Modifying iptables on HELK to only allow HTTP/HTTPS Connections from the

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

The Hidden Security Problem in IoT Asset Tracking Systems

Discover the hidden security risks in IoT asset tracking systems and how to mitigate them

Medium · Cybersecurity

I Managed WordPress Security Across 1500+ Clients. The Main Reason WP Sites Get Hacked.

WordPress sites are commonly hacked due to vulnerable plugins, not sophisticated attacks, and learning to manage plugin security is crucial

What Is YubiKey Authentication & How It Works

Learn about YubiKey authentication and how it works to enhance security

Dev.to · Mrunank Pawar

I Used to Ignore “Boring” Vulnerabilities… Until One Paid More Than a Critical

Don't underestimate small vulnerabilities, as they can lead to bigger problems and significant payouts

Medium · Data Science

Chapters (25)

0:50 My Vulnerability Assessment methodology

3:00 Starting a Nessus Scan to see what it thinks

4:20 Running nmap and deciding what ports are needed

9:35 Reviewing the Nessus Scan

12:02 Examining what leaving KSQL/Kafka (8088) open can do

13:58 Using iptables to block ports that don't need to be routable

15:53 Preventing NMAP from detecting the port as filtered, doing REJECT --reject-wit

18:30 Using Draw.io to explain what we are doing with a Reverse Proxy

20:40 Installing Apache2

21:33 Creating the reverse proxy HTTPS Configuration, then enabling modules ssl, pro

25:10 Our Apache Server doesn't like self-signed certificate of remote server adding

28:44 Enabling Universe Repo then installing mod-security

29:50 Briefly going over the mod-security configuration file

32:35 Setting ModSecurity to blocking mode then modifying the rules to allow Kibana

36:25 ModSecurity doesn't like "application/x-ndjson", adding this to the allowed co

40:13 Beginning of creating a Certificate Authority to handle Mutual SSL Authenticat

42:20 Creating the CA Private/Public Keys with OpenSSL

44:11 Creating the WebServer's private key with OpenSSL, then signing

46:00 Creating the users private key with OpenSSL, then signing

47:20 Copying the Webserver's keys to the reverse proxy, then updating Apache2 to us

49:50 Showing the SSL is working by adding the CA to firefox and checking if cert wa

51:10 Configuring Apache to force SSL Client Authentication which requires user cert

52:00 Creating the PFX File in order to allow Firefox to import our user certificate

53:00 Demonstrating SSL Mutual Authentication is working

53:30 Modifying iptables on HELK to only allow HTTP/HTTPS Connections from the