Imperva WAF Bypass
XSS and bypassing an Imperva WAF with JSFuck
Those of us who work within DFIR have probably at some time encountered inappropriate/criminal images and had to deal with the mental issues they bring with them (If not consider yourself lucky). Because of this fact I try as often as possible to educate young people I interact with regarding the internet and its very dark side, although without going into the full detail of the misery that exists there.
I decided I would use one of my blog posts to publish some of the advice I have gathered during my time in DFIR, in the hope that parents, carers teachers and other people in positions of responsibility/trust might be able to use it as a resource to spread the word.
In my younger day’s having a phone of your own or even access to a computer was unheard of but we now live in a very advanced technological age where children have smartphones, tablets and computers from a very young age. Each of these items has the capability to take photos and videos which can be shared to every corner of the World Wide Web at the mere press of a button.
The risks are numerous and this list is not exhaustive and are mainly common sense, but how many children do you know who have common sense? This is where we as adults need to be there to protect the children in our care and act as their conscience, educate them regularly but also monitor their usage to ensure they are not being targeted by nefarious individuals.
Here are some pieces of advice that can be used as part of that education:
This is all good advice that can be passed to your children, obviously it is up to you how much detail you go into with the warnings. This information is not meant as scaremongering but believe me when I say the internet is a very dark place filled with very scary individuals and content, please don’t let your child become part of that content.
What can you do as a parent to monitor the usage of the internet by your child? I realise like most people that privacy issues can be an issue especially when dealing with a child who thinks they are ‘Grown Up’. Again this will come down to how far you are willing to go to protect your child and whether you think the education piece above is enough or not. You may find that education is all that you require but if you were to become more concerned for your child’s welfare there are apps and software available which can be used to monitor your child’s internet usage. I will not be posting these in this blog as I have not tested any of those apps and would not want to endorse any app/software I have not personally used. There are although steps available which can be used to assist in restricting usage on many different devices which is referred to as ‘Parental Controls’.
Parental controls are an excellent resource and when installed correctly can indeed help to protect your child, but they should not be seen as total protection and need to be used in conjunction with education.
You may have noticed that I keep coming back to the education piece and that should bring home to you just how important it is to communicate with your child, if you do not talk to them how can you have any chance of knowing what they are thinking or if indeed they are being targeted or bullied?
So you arrive late to the situation and discover that an image or video has already been posted what can you do to limit the damage? Firstly you need to delete the image from your side. If that’s not possible or it has been posted by someone else then most social media sites offer the ability to report images and allow you to have them removed that way. Obviously if the image has already been downloaded by individuals there is nothing you can do about that and that is one of the first points raised above. Remember you lose all control as soon as you press the button to share to the internet.
Ok you have taken all steps possible to try and protect your child on-line but what if you suspect your child is being groomed or exploited on-line? Fortunately there is an organisation who specialises in dealing with these very valid concerns. The National Crime Agency (NCA) Child Exploitation and Online Protection (CEOP) is that organisation and it is to them you can report any concerns that you may have for a child via their safety centre here. Alternatively here is a direct link to their reporting page. It is not possible to do this anonymously as you are effectively reporting a crime. If you would feel better discussing your concerns with someone before taking that step there are some very experienced and highly trained individuals available via the NSPCC helpline on 0800 800 5000.
I hope that you as parents, carers, teachers and people in positions of responsibility/trust never need to use the details in that last paragraph but expect you all to use the information further up to ensure that we protect those who are unable to protect themselves during their early years. I know from personal experience of having to view some of the content from the darker areas of the web that I will do all I can to protect my children from becoming part of that.
I hope you have found this information useful and as always I am open to any suggestions or constructive feedback to improve.