Events Related:
- Announcing 1st Workshop: Malicious PDF Analysis – brucon.org
Didier Stevens talks about PDFiD and pdf-parser at Brucon this year. - MSU Red Team – Fun, Success – mcgrewsecurity.com
This CCDC was a “practice” run for two Alaskan teams and two Hawaiian teams.
Resources:
- Cell Phone Security – cellphones.org
With the increased capabilities and conveniences of today’s cell phones comes the increased risk of viruses, malware and identity theft. - How to choose your Information Security Training – offensive-security.com
Welcome to our “10 questions you should be asking your Information Security Training Provider“. - Vulnerable Sites Database – vs-db.info
Just what it says, a database of vulnerable sites on the web - phpBB Exploits aggregator v1 – phpbbexploit.com
A collection of phpBB flaws.
Tools:
- Suricata v0.8.1 – openinfosecfoundation.org
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. - winAUTOPWN v2.2 – winautopwn.co.nr
winAUTOPWN is an auto (hacking) shell gaining tool. - JBroFuzz 2.1 – owasp.blogspot.com
Some new features are daily logs, custom fuzzers and more. - x5s – Automated XSS Security Testing Assistant – xss.codeplex.com
x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. - bsqlbf v2.5 – notsosecure.com
SYS.KUPP$PROC.CREATE_MASTER_PROCESS() and BMS_JAVA_TEST.FUNCALL now included. - Web App Testing Tools – sans.org
Security testers are always on the lookout for new or updated tools to test the security of web based applications. - netcatscripts – packetstormsecurity.org
This tarball has a couple of bash scripts that use netcat to brute force ftp and scan for local and remote file inclusion vulnerabilities. - PBNJ – Network Architecture Monitoring Tool – darknet.org.uk
PBNJ is a suite of tools to monitor changes on a network over time. It does this by checking for changes on the target machine(s). - Ubuntu Pentest Edition v2.03 – netinfinity.org
Ubuntu Pentest Edition is a gnome based linux designed as a complete system which can also be used for penetration testing. - Flint 1.0.6 – runplaybook.com
Just fixing some parser bugs that Jacob Kitchel helped us track down.
Techniques:
- Pentesting – securitybalance.com
It is important to differentiate between Risk and vulnerability assessments, pentests and vulnerability research. - Man-in-the-Middle attacks at upcoming Black Hat Europe – red-database-security.com
A upcoming talk on how to steal credentials by downgrading authentication mechanisms as well as overtaking existing user sessions. - Man-in-the-Middle Attacks Against SSL – schneier.com
A discussion on MITM, SSL and more. - WinPE 3.0 & Forensics – praetorianprefect.com
You may find this analysis interesting if you are a Windows expert performing a forensics analysis. - Exploring the Facebook API – pauldotcom.com
The Ethical Hacker Challenges are always a lot of fun. - An anti-forensics dd primer – sans.org
dd is the swiss army knife of file tools – with /dev/tcp it can also be a network tool (but nc is simpler). - Persistent Meterpreter over Reverse HTTPS – metasploit.com
Botnet agents and malware go through inordinate lengths to hide their command and control traffic. - Exploiting a Cross Site Scripting vulnerability in Mambo CMS – acunetix.com
In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5). - Top 10 Wireshark Filters (by Chris Greer) – lovemytool.com
The filtering capabilities of Wireshark are very comprehensive. - Much ado about NULL: Exploiting a kernel NULL dereference – ksplice.com
I’ve prepared a trivial kernel module that will deliberately cause a NULL pointer derefence. - GlypeAhead: Portscanning through PHP Glype proxies – sensepost.com
The proxy industry flourished with many proxy owners generating passive incomes from their proxy networks. - Reversing the Symbian Enoriv malware – fortinet.com
On Symbian phones, most malware are either implemented natively in C++ (over the Symbian API) or in Java (midlets). - Buby.kicks_ass? => true – carnal0wnage.attackresearch.com
Buby combines two things I use on at least every web application penetration test, if not every penetration test. - Next-Generation Clickjacking Attacks Revealed – darkreading.com
Researcher at Black Hat Europe will also release new, free tool for executing these attacks. - Burp Suite Tutorial – Sequencer Tool – securityninja.co.uk
This blog post will explain how to use the Sequencer tool. - Software Security == People && Process && Technology – technet.com
Despite some popular misconceptions in order to be an effective Agile team you need to be disciplined, which actually plays in well to thinking about security. - All about cracking Oracle
Dennis Yurichev has released a new password cracker (brute-force) called ops_sse2 for Oracle DES passwords.- My two oracle passwords crackers – conus.info
- New fast Oracle DES password cracker OPS_SSE2 – red-database-security.com
- The Java Web Start Argument Injection Vulnerability – metasploit.com
This service controls whether or not the WebDAV Mini-Redirector functionality is enabled. - Response to Dan Geer Article on APT – taosecurity.blogspot.com
This “least expensive defense” is not insane, just ineffective because the offense is a sentient being with a strategic advantage. - Abusing Internet Explorer 8′s XSS Filters – djtechnocrat.blogspot.com
Internet Explorer 8 implements an anti Cross-site Scripting (XSS) mechanism to detect certain types of XSS attacks. - Taking Penetration Testing In-House – darkreading.com
Weighing the risks and benefits of do-it-yourself pen testing. - WebOS: Examples of SMS delivered injection flaws – intrepidusgroup.com
An informative post on exploits delivered via cellular. - Amazon EC2 SIP Brute Force Attacks on Rise – voiptechchat.com
There are various techniques to assist with minimizing DDoS and Brute Force attacks. - Events and blackhat SEO – sophos.com
I had an opportunity to sit down with one of our researchers who helped write the paper, Onur Komili.
Vulnerabilities:
- Java Exploit found
Tavis Ormandy said he could abuse a feature in Java to launch arbitrary applications on a Windows PC using a specially-crafted Web site.- Unpatched Java Exploit Spotted In-the-Wild – krebsonsecurity.com
- Sun Java 0-Day Being Exploited In-The-Wild – djtechnocrat.blogspot.com
- Java Zero-Day Attacks In The Wild – threatpost.com
- Java zero-day flaw under active attack – zdnet.com
- Most Java Versions Affected By Latest Zero-Day Vulnerability – darkreading.com
- Who is Exploiting the Java 0-day? – fireeye.com
Vendor/Software Patches:
- VMWare patches things with their products
Virtualisation specialist VMware has released security updates for a number of its products, closing a total of ten security vulnerabilities.- VMware patches vulnerabilities in its products – h-online.com
- VMware Remote Console Plug-in – exploit-db.com
- Adobe fixes Reader and Acrobat holes
Adobe has also released updates for their Reader and Acrobat products.- Security update available for Adobe Reader and Acrobat – adobe.com
- Adobe Releases Quarterly Patches, Enables Auto Updater – threatpost.com
- Critical flaws haunt Adobe PDF Reader, Acrobat – zdnet.com
- Adobe Reader 9.3.2 Security Update Released – ghacks.net
- An Update on Staying Up-To-Date – adobe.net
- Microsoft introduces a slew of patches
- April 2010 Security Bulletin Release – technet.com
- Assessing the risk of the April Security Bulletins – technet.com
- Microsoft Security Bulletin MS10-019 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-020 – Critical – microsoft.com
- MS10-020: SMB Client Update – technet.com
- Microsoft Security Bulletin MS10-021 – Important – microsoft.com
- Registry vulnerabilities addressed by MS10-021 – technet.com
- Microsoft Security Bulletin MS10-022 – Important – microsoft.com
- Microsoft Security Bulletin MS10-023 – Important – microsoft.com
- Microsoft Security Bulletin MS10-024 – Important – microsoft.com
- Microsoft Security Bulletin MS10-025 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-026 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-027 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-028 – Important – microsoft.com
- Microsoft Security Bulletin MS10-029 – Moderate – microsoft.com
- Microsoft Security Bulletin Summary for April 2010 – microsoft.com
- Microsoft, Adobe, Oracle offer fixes in big Patch Tuesday – cnet.com
- Microsoft Plugs Critical Drive-By Download Holes – threatpost.com
- MS Patch Tuesday: Exploits expected for severe drive-by-download flaws – zdnet.com
- Microsoft Security Updates April 2010 – ghacks.net
- Microsoft Patch Tuesday – April 2010 – symantec.com
- Oracle releases a fix for 47 security issues
Oracle Corp. has shipped a new version of its Java software that nixes a feature in Java that hackers have been using to foist malicious software.- Oracle has released 47 critical patches (Includes SUN patches) – sans.org
- Sun About Face: Out-of-Cycle Java Update Patches Critical Flaw – threatpost.com
- Java Patch Targets Latest Attacks – krebsonsecurity.com
- Oracle Releases Emergency Patch for Java Vulnerability – darknet.org.uk
- Cisco Plugs Critical Secure Desktop ActiveX Hole – threatpost.com
The company issued a patch alongside a warning that successful exploitation of this vulnerability could result in a “complete compromise of the affected system.”
Other News:
- FarmVille used in PoC data harvesting exploit
Security engineer Joey Tyson has detailed a major security hole in Facebook Platform — one that would allow a malicious website to silently access a user’s profile information.- Facebook Platform Vulnerability Enabled Silent Data Harvesting – theharmonyguy.com
- Researcher Uncovers (Another) Major Facebook Security Exploit – techcrunch.com
- More on the Bank of America ATM tech-heist
A Bank of America worker was able to siphon at least $200,000 from hacked machines before he was caught.=- Take From ATM Malware Caper Exceeded $200,000 – wired.com
- Bank Worker Pleads Guilty to Hacking 100 ATMs – wired.com
- News on the WordPress Hack
Malicious hackers have found a way to hijack WordPress database credentials.- WordPress Hack Linked to Database Password Hijack – threatpost.com
- WordPress blogs hacked, redirecting to malware – zdnet.com
- ‘Design Flaw’ Led To Wave Of Attacks On Hundreds Of WordPress Blogs – darkreading.com
- How to Diagnose and Remove the WordPress Pharma Hack – pearsonified.com
- Researchers get funding to build new secure OS – zdnet.com
Researchers have received a $1.15 million grant to build a new computer operating system based on virtual machines and the concept of isolation. - HR 4061: What Three Bucks buys you… – eset.com
According to the CBO report, three dollars from every citizen of the United States each year for four years is what the final cost of the new Cybersecurity Act will be. - Dubbo airport PIN taped to security gate – news.com.au
Federal Government officials will next week review security at Dubbo airport in the state’s Central West after it was alerted to the blatant breach of security. - Shift Your Fingers One Key to the Right for Easy-to-Remember but Awesome Passwords – lifehacker.com
Stick with your weak, dictionary password if you must; just move your fingers over a space on the keyboard. - Please do not change your password – boston.com
Most security advice simply offers a poor cost-benefit trade-off to users. - Apache hit by a direct attack
The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users.- Apache Foundation Hit by Targeted XSS Attack – threatpost.com
- Apache.org hit by targeted XSS attack, passwords compromised – zdnet.com
- Hackers Penetrate Apache.org In Direct Targeted Attack – darknet.org.uk
- The road to glory, from XSS to Root on apache.org – acunetix.com
- Apache’s Atlassian JIRA system compromised – h-online.com
- Apache.org Compromised Through XSS – tacticalwebappsec.blogspot.com
- VB100-related news
A total of 60 anti-virus products running on the Windows XP platform were put to the test. - Brokerage Firm Fined $375,000 for Unsecured Data – wired.com
Brokerage firm DA Davidson has agreed to pay a fine of $375,000 for failing to protect confidential client data from Latvian hackers. - China’s Internet Paradox – technologyreview.com
A woman who uses the online pseudonym Xiaomi sat down for another day of outwitting Internet censorship. - Air Force to add cyberwarfare training – cnet.com
U.S. Air Force recruits will be trained in the basics of cyberwarfare, according to statements made by four-star Air Force Gen. Robert Kehler. - Attackers Using Malicious PAC Files in Phishing Attacks – threatpost.com
Attackers have begun using proxy auto-config (PAC) files, which are designed to enable browsers to automatically select which proxy server to use to get a specific URL. - Senate hearing on response to cyber attacks
Lt. Gen. Keith Alexander said the U.S. should not be deterred from taking action against countries such as Iran and North Korea just because they might launch cyber attacks.- Military asserts right to return cyber attacks – google.com
- Cyberwar Commander Survives Senate Hearing – wired.com
- NSA Director Tells Senate He Won’t Overstep In Role As U.S. Cyber Command Director – darkreading.com
- Boy, 9, accused of hacking into Fairfax schools’ computer system – washingtonpost.com
A 9-year-old McLean boy hacked into the Blackboard Learning System used by the county school system to change teachers’ and staff members’ passwords, among other things. - Java flaw hits lyrics website
It was found exploit code on servers in Russia that was triggered by computers visiting English-language site Songlyrics.com.- Unpatched Java hole exploited at lyrics site – cnet.com
- Java vulnerability – when lyric sites attack – Update – h-online.com
- Final Conspirator in Credit Card Hacking Ring Gets 5 Years – wired.com
Damon Patrick Toey was sentenced in Boston on Thursday to 5 years in prison. - Almost all Fortune 500 companies show Zeus botnet activity – arstechnica.com
Up to 88% of Fortune 500 companies may have been affected by the Zeus trojan. - Don’t Use Office RC4 Encryption. Really. Just don’t do it. – msdn.com
The paper really just shows how an attack discovered by Hongjun Wu where we committed the error of key stream reuse can actually be implemented. - iPack Exploit Kit Bites Windows Users – krebsonsecurity.com
The software vulnerabilities targeted by exploits contained in this package are all for Windows platforms. - Vulnerable Sites Database: More Intrusion as a Service – taosecurity.blogspot.com
With www.vs-db.info we get details like “local file inclusion” or “SQL injection.” - Security researchers demo Cisco Wi-Fi flaws – cnet.com
Enno Rey and Daniel Mende of German testing firm ERNW demonstrated how to hack into two separate generations of the Cisco Wi-Fi kit. - Researcher shows new clickjacking methods – networkworld.com
Stone showed one demonstration that used the drag-and-drop API (application programming interface) implemented in all browsers. - RIAA, MPAA would like to scan your hard drive for infringing content – crunchgear.com
There really isn’t any particular point to the following story other than to get you riled up as your begin your weekend. - GCHQ: Cracking the Code – bbc.co.uk
Gordon Corera gains unprecedented access to Britain’s ultra secret listening station. - Security researcher: ‘Trivially easy’ to buy SSL certificate for domain you don’t own – betanews.com
Those keys can then be used to sign certificates as any other Web site, enabling a law enforcement authority to spoof virtually any other site. - Network Solutions hacked again – sucuri.net
Just today we were notified of more than 50 sites hacked with a malware javascript. - Celebrity Hacker: Microsoft Leads Industry In Security – gizmodo.com
Security expert Marc Maiffret parlayed his teen hacking skills into getting paid to find holes in Microsoft software.
