Rafay Baloch is an author of numerous publications in the field of Cyber Security.
The following is the list of his publications:
Web Hacking Arsenal: A Practical Guide to Modern Web Pentesting
In the digital age, where web applications form the crux of our interconnected existence, Web Hacking Arsenal: A Practical Guide To Modern Web Pentesting emerges as an essential guide to mastering the art and science of web application pentesting. This book, penned by an expert in the field, ventures beyond traditional approaches, offering a unique blend of real-world penetration testing insights and comprehensive research. It's designed to bridge the critical knowledge gaps in cybersecurity, equipping readers with both theoretical understanding and practical skills. What sets this book apart is its focus on real-life challenges encountered in the field, moving beyond simulated scenarios to provide insights into real-world scenarios.
The core of Web Hacking Arsenal is its ability to adapt to the evolving nature of web security threats. It prepares the reader not just for the challenges of today but also for the unforeseen complexities of the future. This proactive approach ensures the book's relevance over time, empowering readers to stay ahead in the ever-changing cybersecurity landscape.
Poking A Hole In Whitelist For Bypassing Firewall
Domain Fronting is a widely popular technique that has been used for evading Firewalls, DPI’s and censors.
Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content
Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent
censorship or by malware for establishing a Command and Control C2 channel in restricted network
environments.
In this Paper, we look at various forms of Domain Fronting along with few other
techniques that can be utilized for circumventing firewalls, Deep Packet Inspection devices and captive
portals. We will be dissecting a well-known for bypassing internet
censorship bypass known as PSIPHON and will demonstrate how it utilizes Domain Fronting for bypassing
Captive Portals.
Bypassing Browser Security Policies For Fun And Profit
Mobile browsers in comparison to desktop browsers are relatively new and have not gone under same level of
scrutiny.
Browser vendors have introduced and implemented tons of protection mechanisms against memory corruption
exploits,
which makes it very difficult to write a reliable exploit that would work under all circumstances.
This leaves us with the "other" category of Client Side attacks. In this presentation, we will present our
research about
bypassing core security policies implemented inside browsers such as the "Same Origin Policy," and
"Content Security Policy," etc.
We will present several bypasses that were found in various mobile browsers during our research. In
addition,
we will also uncover other interesting security flaws found during our research such as Address Bar
Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content
Bypass, etc., as found in Android Browsers. We will also talk about the testing methodology that we used
to uncover several android zero days.
Apart from the theory, our presentation will also disclose a dozen
of the most interesting examples of security vulnerabilities and weaknesses highlighted above, which we
identified in the most popular Android third-party web browsers, and in Android WebView
itself.
We will explain the root cause of the bug and demonstrate their exploitation, show examples of vulnerable
code and, where possible, patches that were issued to address these vulnerabilities. Finally,
we will demonstrate a sample test suite which can be used to assess basic security properties of any
mobile web/browser.
Modern Day HTML5 Attack And Defence Vectors
IT has been more than six years since the advent of HTML5 (dated back 2008), and as the time has passed by we have seen more and more websites utilizing HTML5 features and have witnessed that technologies like flash and silverlight are dying slowly. However, each of the HTML5 features could bring security issues if not used correctly, one of the major security issues with HTML5 is DOM Based XSS due to the heavy use of javascript in HTML5 based applications which would obviously be the prime highlight of this paper.
Ethical Hacking And Penetration Testing Guide
This book introduces the steps required to complete a penetration test, or ethical hack. Requiring no prior hacking experience, the book explains how to utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Simple explanations of how to use these tools and a four-step methodology for conducting a penetration test provide readers with a better understanding of offensive security
Bypassing Modern WAF's XSS Filters - Cheat Sheet
Rsnake's XSS cheat sheet was one of the best resources available for bypassing WAF's, however overtime as browsers got updated lots of the vectors didn't work on the newer browser. Therefore there was a need to create a new Cheat Sheet. Over time i have developed my own methodology for bypassing WAF's and that's what i have written the paper on. The paper talks specifically about bypassing XSS filters, as for SQLi, RCE etc. I thought to write a different paper as the techniques differ in many cases.
Breaking The Great Wall of Web
Input Validation flaws such as XSS are the most prevailing security threats affecting modern Web Applications. In order to mitigate these attacks Web Application Firewalls (WAF's) are used, which inspect HTTP requests for malicious transactions. Nevertheless, they can be easily bypassed due to the complexity of JavaScript in Modern browsers. In this paper we will discusses several techniques that can be used to circumvent WAF’s exemplified at XSS.
This will paper talk about the concepts of WAF’s in general, identifying and fingerprinting WAF’s and various methodologies for constructing a bypass. The paper discusses well known techniques such as Brute Forcing, Regular expression reversing and browser bugs for bypassing WAF’s.