Intro

Hi, I’m Ilya and I do security engineering and automation, threat analysis and research.

I’m an occasional open source contributor.

You can reach me by email, here is my PGP key.

ServeMux and a path traversal vulnerability

As a passionate Go developer, I’ve come to appreciate the language’s simplicity and power. However, even in a well-designed language like Go, security vulnerabilities can lurk in unexpected places. In this post, we’ll explore a common misconception about Go’s ServeMux that can lead to a path traversal vulnerability. TL;DR: Many developers assume that ServeMux always sanitizes URL request paths, but this isn’t always the case. The Issue Consider the following code snippet, where we let the user read the files content in /tmp folder:...

April 14, 2020 · 3 min

Rapid analyzing Sonar HTTP datasets

Sometimes you need to gather threat intelligence data as quickly as possible, and Rapid7’s Project Sonar Opendata can provide great insights. However, there’s a challenge: you can’t easily grep the HTTP response body with the lovely jq tool because the data field in the resulting JSON is base64 encoded: { "data": "SFRUUC8xLjAgNDAwIEJhZCBSZXF1ZXN0DQpTZXJ2ZXI6IEFrYW1haUdIb3N0DQpNaW1lLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAyMDgNCkV4cGlyZXM6IE1vbiwgMjMgQXByIDIwMTggMDc6NDA6MjkgR01UDQpEYXRlOiBNb24sIDIzIEFwciAyMDE4IDA3OjQwOjI5IEdNVA0KQ29ubmVjdGlvbjogY2xvc2UNCg0KPEhUTUw+PEhFQUQ+CjxUSVRMRT5JbnZhbGlkIFVSTDwvVElUTEU+CjwvSEVBRD48Qk9EWT4KPEgxPkludmFsaWQgVVJMPC9IMT4KVGhlIHJlcXVlc3RlZCBVUkwgIiYjOTE7bm8mIzMyO1VSTCYjOTM7IiwgaXMgaW52YWxpZC48cD4KUmVmZXJlbmNlJiMzMjsmIzM1OzkmIzQ2OzFmMzEzMjE3JiM0NjsxNTI0NDY5MjI5JiM0NjsyNDFiOGFmCjwvQk9EWT48L0hUTUw+Cg==", "host": "REDACTED", "ip": "REDACTED", "path": "/", "port": 80, "vhost": "REDACTED" } While you could probably grep this using a decent bash script, I believe I have a better option....

May 4, 2018 · 2 min