User:Ranjith murali

Born in India, RANJITH is an autonomous cyber security consultant with extensive expertise in the field of cyber security and Information security, working for various classified organization and government institution; RANJITH has evolved as an international icon for India in the field of cyber security. From the year 2009 RANJITH has been tangled in various deployments of counter security measures for large classified establishments. He has designed and integrated vibrant blueprints to existing security models of numerous organizations across Private and Public sectors.

AAP
Discovered critical vulnerability in India’s 3rd largest political party's website. If an attempt was made to exploit the found vulnerability, might even expose all the email accounts which later can be extracted from website.

Summary of Findings:

The website was configured with (CMS) content management system which was deployed in a manner that is not in line with best practice guidelines for application and web servers facing the Internet. The application was found to be vulnerable to a number of attacks related to the authentication mechanisms and implemented authorisation controls that would result in unauthorised access to the application and compromise of the application and users’ data.

Specifically, the application is vulnerable to a number of exploitable issues that are a direct consequence of either inadequate or non-existent input validation routines. The majority of these issues are a result of Cross Site Scripting vulnerabilities. The potential impacts of successful Cross Site Scripting attacks can be disclosure of user credentials and use of the site to fool users into accessing other compromised or malicious sites, which could damage brand and reputation which would ultimately have a financial cost.

In a multi user shared working environment such as the AAP - portal, it is feasible that attackers would use Cross Site Scripting attacks to steal other users’ credentials and sessions, in order to masquerade as those users or elevate their privileges to perform actions that they may otherwise be unable to perform.

Given the ease of the attack, and what is at stake, AAP should urgently address this vulnerability by sanitising user supplied data. AAP should note that sanitising user supplied data addresses both the XSS and SQL injection issues at the same time if performed correctly

The findings from the test have been categorized according to the areas of control which should help prevent similar issue reoccurring. Multiple issues grouped into a single control area may indicate a root cause for those issues. “AAP” can use this information to target effort, resource or investment to areas that will mitigate most risks.

More Information: Click Here

Confidential
Discovered critical vulnerability in confidential Client Infrastructure, posing major Active threat to the infrastructure.

Summary of Findings:

Initial reconnaissance of the “confidential” Client network resulted in the discovery of a misconfigured DNS server that allowed a DNS zone transfer. The results provided me with a listing of specific hosts to target for this assessment. An examination of these hosts revealed a password-protected administrative webserver interface. After creating a custom wordlist using terms identified on the website I was able to gain access to this interface by uncovering the password via brute-force.

An examination of the administrative interface revealed that it was vulnerable to a remote code injection vulnerability, which was used to obtain interactive access to the underlying operating system. This initial compromise was escalated to administrative access due to a lack of appropriate system updates on the webserver. After a closer examination, i discovered that the compromised webserver utilizes a Java applet for administrative users. I added a malicious payload to this applet, which gave me interactive access to workstations used by enterprise administrators. Using the compromised webserver as a pivot point along with passwords recovered from it, I was able to target previously inaccessible internal resources. This resulted in Local Administrator access to numerous internal Windows hosts, complete compromise of a Citrix server, and full administrative control of the Windows Active Directory infrastructure. Existing network traffic controls were bypassed through encapsulation of malicious traffic into allowed protocols.

Topic: ICS (Industry Control System) Active Defense
As Technology advances, Cyber threats can have high impact on overall operation and business of organizations. ICS cyber security can’t just be left on IT department to fend the security wall. With the growing volume and sophistication of cyber-attacks, ongoing attention is required to protect sensitive business information, as well as safeguard Industrial security.

GCC ICS Cyber Security Forum – For Energy and Utilities was held in first week of September 2015, where several industry experts gathered to discuss and collaborate in making SCADA, DCS & ICS more secure.

The GCC ICS Cyber Security Forum was an event where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyse their causes and cooperate on solutions.

My talk was to address various vulnerability of ICS systems in a Nuclear Power Plant. I was appreciated by several industrial expert for my presentation. I hosted several discussion on the security of ICS systems in Nuclear Energy sector with Abu Dhabi government officials.

Event Highlight : Click Here

Topic: Cyberwar - Cybernetic Battlefield
The 10th MEESEC 2014 presents a highly focussed platform for the Security Community to listen, discuss, network and identify the potential, current and future security threats faced by Critical infrastructure owners and governments together with their possible solutions

Ranjith was Honored to present his topic “Cyberwar Cybernetic Battlefield” which was based on the realistic possibilities of cyber criminals simulating a war front by false identity hacks and rifting national critical infrastructure to potential disaster. The talk also impressed the gathering with live examples which was showcased to draw a closer line on possible threat and intelligence.

The delegates saw an in-depth analyses of cyber threat matrix to critical infrastructure, which will create an awareness for investing the right amount of resources and cost to guard any critical infrastructure

Event Highlight : Click Here