ua-parser-js Compromise

Obvious Disclaimer: I’m not a professional security researcher. I dabble in these things and more pursue these things out of curiosity. Let me know what I got wrong. Today I read that there was another victim of a Supply Chain attack, a NPM module author had a few of their modules compromised, one of which (the one I read about) was ua-parser.js. This module provides detection of various platform data from user agent strings....

October 24, 2021

TryHackMe: Vulnversity

Meta Information: This is a room I recently completed on TryHackMe. I figured I’d do a write up of what I found, how I got in, and things that a potential sysadmin would want to do to fix their server. I’m writing this from the point-of-view of a independent security consultant. Description of Server The machine in question appears to be an Ubuntu Linux machine, with a number of open ports and protocols:...

July 6, 2021