How To: Hunting For Data Leaks In Google FireBase

Background In mid-2018, Appthority released a report detailing a vulnerability in Google's firebase.io, a database backend used by thousands of mobile apps. Details Potentially sensitive data is available via accessing URLs of the form https://<APPNAME>.firebaseio.com/.json. By so doing, you can gain access to all unprotected data in that particular database. If your organization develops and/or deploys mobile apps, you should check to see whether they are using FireBase, and if so, whether any data is being exposed. [Read more...]

How To: Asset Discovery Using DNS And SSL

Background There are times, more often than we’d like to admit, that we need to do asset discovery on our own organization (or, for you red teamers, other people’s!). This is actually simpler than you’d think, as long as you know the domains associated with the organization. Process First, create a text file containing the domains you’re interested in, one per line. Next, use OpenSSL to get a list of Subject Alternative Names (SANs) from any certificates present on the domains: [Read more...]

Solving The WHOIS GDPR Problem

Identifiers, not identities Recently, ICANN received a letter explaining that the WHOIS database, which contains registration information for all existing domain names on the Internet, will be in violation of the European General Data Protection Regulations (GDPR) law when it goes into effect on May 25, 2018. ICANN has responded, stating in essence that it has no solution to put in place prior to that date, and it needs an exemption, at least temporarily. [Read more...]