Events Related:
- Security BSides San Francisco and Austin – uncommonsensesecurity.com
Reminiscing about past BSides. - Pwn2Own 2010 Day 1 Overview – liquidmatrix.org
A look back into the events of the first day of Pwn2Own. - Outerz0ne 2010 Videos – archive.org
Talks from their latest event.
Resources:
- VERIS Incident Classification Mindmap – verizonbusiness.com
VERIS employs the A4 Threat Model developed by Verizon’s Risk Intelligence team. - Security Book Review: The IDA PRO Book – radajo.com
Do you really want to master the art of disassembly? Start here!
Tools:
- iExploder v1.5 – code.google.com/p/iexploder/
iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of web browsers. - scRUBYt! – scrubyt.org
It’s purpose is to free you from the drudgery of web page crawling - SQLFury v1.1.6 – sqlfury.com
SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. - Freakin’ Simple Fuzzer v0.7.3.5 – code.google.com/p/fm-fsf/
This is missing some features however it has advanced RegEx capturing features for scraping data out of web applications. - SIFT 2.0 – sans.org
SIFT is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. - BURP2XML – securityaegis.com
We have developed a standalone Python script to process Burp’s session files into XML. - BinCrowd – bincrowd.zynamics.com
The core technology behind BinCrowd is basically a huge database of function information. - StreamArmor v1.0 – rootkitanalytics.com
StreamArmor is the sophisticated tool for discovering hidden alternate data streams (ADS). - Keykeriki v2 – remote-exploit.org
This opensource hardware and software project enables every person to verify the security level of their own keyboard transmissions. - OWASP Broken Web Applications Project v0.91RC1 – code.google.com/p/owaspbwa
It is distributed as a Virtual Machine in VMware format compatible with their no-cost VMWare player. - pwnat v0.1-Beta – samy.pl
Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party. - WeakNet Linux – weaknetlabs.com
Our new kernel, built with support for packet injection, faster boot time, and much, much more. - ZeroDayScan – zerodayscan.com
ZeroDayScan is a free security web scanning service brought to you by experienced security experts. - OpenSCAP v0.5.8 – open-scap.org
This new version has a new s-expr parser, new probes from unix schema and much more. - SIP Inspector v1.00 – sites.google.com/site/sipinspectorsite
SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. - PenTBox v1.3.2 – pentbox.net
PenTBox is a Security Suite with programs like Password Crackers, Denial of Service and more.
Techniques:
- A closer look at the Skipfish – sucuri.net
The author gave Skipfish a try against three different servers and applications to see how it works and the logs it generates. - CREATE SESSION to SYSDBA via Java and orapwd – oracleforensics.com
DBMS_JVM_EXP_PERMS can be used to grant Java privileges in the Oracle DB which can then be leveraged via DBMS_JAVA or DBMS_JAVA_TEST packages to gain DBA. - Automating the Metasploit Console – metasploit.com
If you create a resource script called ~/.msf3/msfconsole.rc, it will autoload each time you start the msfconsole interface. - A series of posts on DNS Tunneling
- DNS Tunneling Part 1: Intro and Nameserver setup – h-i-r.net
- DNS Tunneling Part 2: Windows Clients – h-i-r.net
- DNS Tunneling Part 3: Linux, Mac OS X and BSD clients – h-i-r.net
- DNS Tunneling Part 4: Honorable mention – h-i-r.net
- Top 25 Series from SANS continues…
- Top 25 Series – Rank 21 – Incorrect Permission Assignment for Critical Response – sans.org
- Top 25 Series – Rank 22 – Allocation of Resources Without Limits or Throttling – sans.org
- Top 25 Series – Rank 23 – Open Redirect – sans.org
- Top 25 Series – Rank 24 – Use of a Broken or Risky Cryptographic Algorithm – sans.org
- Top 25 Series – Rank 25 – Race Conditions – sans.org
- Cross-Site Scripting through Flash in Gmail Based Services – watchfire.com
Gmail uses a Flash movie, named uploaderapi2.swf, for file upload operations. - Website Auto-complete Leaks Data Even Over Encrypted Link – darknet.org.uk
The attack can succeed over SSL (https connections) or WPA encrypted wireless sessions. - Why NoScript Blocks Web Fonts – hackademix.net
The @font-face CSS rule allows web authors to download online typefaces (so called “web fonts”) on the fly. - Using custom viewers from IDAPython – hexblog.com
We are going to write an ASM file viewer in order to demonstrate how to create a custom viewer and populate it with colored lines. - Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device – irongeek.com
A programmable USB key stroke dongle could replace U3 switchblades in places where autorun from removable storage it is disabled. - msfencoded payloads into executables (-k) – joshuagauthier.com
For a while now it has been possible to add msfencoded payloads into executable. - Wireshark TCP Protocol Sequence Number Customized (by Ray Tompkins) – lovemytool.com
This simple but helpful tip is to turn on the TCP Analyze Sequence Numbers. - Side-Channel Attacks on Encrypted Web Traffic – schneier.com
We already know that eavesdropping on an SSL-encrypted web session can leak a lot of information about the person’s browsing habits. - The Energizer trojan taken apart
Like the bunny, hackers just keep on going at it.- Taking apart the Energizer trojan – Part 1: setup – skullsecurity.org
- Taking apart the Energizer trojan – Part 2: runtime analysis – skullsecurity.org
- Taking apart the Energizer trojan – Part 3: disassembling – skullsecurity.org
- Taking apart the Energizer trojan – Part 4: writing a probe – skullsecurity.org
- Pwn2Own 2010: Internet Explorer 8 Exploit on Windows 7 – djtechnocrat.blogspot.com
Yes, you read that correctly, them, I used 2 exploits to get the final code execution on W7. - Journey to the Center of the PDF Stream – symantec.com
In the particular file being analyzed, I spotted the use of no fewer than nine JavaScript compression and encoding filters applied to a single stream.
Vendor/Software Patches:
- Critical Firefox security hole fixed – have you updated? – sophos.com
Firefox 3.6.2 fixes a vulnerability first discovered by Evgeny Legerov which could allow malicious code on users’ computers. - Cisco Security Advisories and Notices – cisco.com
Cisco released 7 new security updates to various different products today.
Other News:
- Building the CCDC Badge System – pauldotcom.com
Ultimately I wanted the badge to be RFID enabled, have a form factor similar to those found in industry. - News on the TJX hacking incident
- Russia Arrests Alleged Mastermind of RBS WorldPay Hack – wired.com
Viktor Pleshchuk, 28, of St. Petersburg, was arrested by the FSB. - Malware delivered by Yahoo, Fox, Google ads – cnet.com
Viruses and other malware were found to be lurking in ads last year on high-profile sites like The New York Times. - The biggest cloud on the planet is owned by … the crooks – networkworld.com
In other words, the cloud is mobbed up. - Shodan gets monetized – h-i-r.net
That means that you could, in theory, buy all of the HTTP data (~22 million records worth) for around $55,000. - Would You Have Spotted this ATM Fraud? – krebsonsecurity.com
ATM jackers are getting craftier with less obvious scanning devices and outsourced theft. - 2009 iC3 Report on Internet Crime – absolute.com
According to the report, the majority of crimes reported involved fraud with a total dollar loss of $559.7 million. - Law Enforcement Appliance Subverts SSL – wired.com
Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. - Pwn2Own Wins
Reports on who, what and how stuff got hacked in CanSecWest’s premier security challenge- Pwn2Own winner tells Apple, Microsoft to find their own bugs – computerworld.com
- Charlie Miller on Pwn2Own – threatpost.com
- iPhone Falls in Pwn2Own Hacking Contest – pcworld.com
- Hacker Bypasses Windows 7 Anti-Exploit Features In IE 8 Hack – darkreading.com
- Mozilla Firefox Hacked at Pwn2Own Contest – threatpost.com
- Pwn2Own Safari Attack: Charlie Miller Hijacks MacBook – threatpost.com
- Yes, He Can–Hack Into President Obama’s Twitter Account – darkreading.com
French police arrested a man Thursday for allegedly hacking into the Twitter accounts of U.S. President Barack Obama and other famous individuals. - US-CERT: Broadcom NetXtreme network cards vulnerable – h-online.com
According to the relevant advisory, a buffer overflow can be triggered during the processing of Alert Standard Format (ASF) messages. - Malicious Mobile Code Meets Exploit Selling – veracode.com
The only thing really limiting researchers from selling their flaws on the open market is the threat of incarceration.
