Events Related:

  • Security BSides Las Vegas announcements – uncommonsensesecurity.com
    The first few talks confirmed are great and there are plenty more killer talks to be announced.
  • KartCon2010 – owasp.org
    RSVP now to the 5th Annual OWASP KartCon 2010!
  • Penetration Testing Summit 2010 – tenablesecurity.com
    The SANS Penetration Testing Summit was held this year at the Hyatt Baltimore in Baltimore, MD on June 14 – 15 and was focused on “What Works in Penetration Testing”.

Resources:

Tools:

  • THC-Hydra – freeworld.thc.org
    A very fast network logon cracker which support many different services
  • THC-IPV6 – freeworld.thc.org
    A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.
  • Onapsis Bizploit – ERP Penetration Testing Framework – darknet.org.uk
    Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of ERP systems.
  • Astalanumerator 0.7 – thespanner.co.uk
    This version contains various CSS fixes and tracks each object within links and via the astalanumerator object.
  • WATOBO – THE Web Application Toolbox - sourceforge.net/apps/mediawiki/watobo/
    WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
  • Web Historian: Reloaded – mandiant.com
    This release is a complete rewrite and revamp of our very popular web history extraction tool.
  • Websecurify 0.6RC2 Is Available for Download – websecurify.com
    0.6RC2 fixes several bugs detected during the 0.6RC1 stage (thanks for the bug submissions), improves on the UI and introduces more internal changes to simplify and enhance future developments of the platform.

Techniques:

  • Turning XSS into Clickjacking – ha.ckers.org
    Those of us who do a lot of work in the security world have come to realize that there is a ton of cross site scripting (XSS) out there.
  • Interpolique – recursion.com
    Generic security flaws were supposed to go away with memory safe languages.
  • A Zero-day Connection – symantec.com
    While investigating the recent Adobe Remote Code Execution Vulnerability, we came across some interesting similarities to the malware and shellcode that were used in the ‘iepeers.dll’ Remote Code Execution tacks from March 2010.
  • Meterpreter for Pwned Home Pages – metasploit.com
    About a year ago, while looking through various buggy, backdoored PHP shells, I decided it might be useful to have some of Meterpreter’s networking features in the web’s most pwnable language.
  • Lighttpd and Slowloris – ha.ckers.org
    I had heard various different reports from people who use lighttpd during the initial investigation of slowloris that it was not vulnerable.
  • New Whitepaper: JBoss AS – Deploying WARs with the DeploymentFileRepository MBean – blogs.23.nu/RedTeam
    It explains how to deploy WAR files with the DeploymentFileRepository MBean and how this is even possible with Cross Site Request Forgery (CSRF).
  • Episode #99: The .needle in the /haystack – commandlinekungfu.com
    I whipped up a quick some PowerShell to give me a quick overview of the file types in the directory tree.
  • Browser headers and information leaks – attackvector.org
    In this post, I point out a few browser headers which leak information that can be used for malicious purposes.
  • Using DNS to Find High Value Targets – ha.ckers.org
    Because companies tend to point their DNS to those SaaS providers for white labeling, often you’ll see a convergence of a lot of sub-domains all pointing to a single IP address or set of IP addresses.
  • Post Exploitation Pivoting with the Windows 7 Vault – securitybraindump.blogspot.com
    While I generally agree with this, the emerging capabilities of attack and forensic tools that acquire volatile memory from a host (and consequently decrypted credentials), only require a bit more patience.
  • The Ozdok Botnet and DES Security – fortinet.com
    It soon developed that the encryption used was DES (Data Encryption Standard), in ECB mode.
  • Brute Force with THC Hydra – attackvector.org
    Sometimes the only way in is to resort to password cracking (or, “brute forcing”). I would consider this to be another one of those last resort methods that I use when all else has failed.
  • Clickjack Baddie Whack – symantec.com
    To prevent these kinds of attacks it’s important to use caution when browsing the Web, but unfortunately this can only go so far, and it’s not really feasible to disable JavaScript altogether because of the key role it plays in today’s Web.
  • Security Risks in Asynchronous Patch Release Schedules – fortinet.com
    As software becomes more complex and integrate, code becomes shared and recycled. If a security risk (vulnerability) were to be discovered and fixed in the main trunk of code, it should also be fixed through its derivatives at the same time.
  • Anti-waf-software-security-only-zealotry – jeremiahgrossman.blogspot.com
    Recently on Twitter I asked why some people feel oddly compelled to rely upon the shortcomings of Web Application Firewalls (WAFs) as a means to advocate for a Secure Development Lifecycle (SDL).
  • Sharing data remotely through Metasploit – happypacket.net
    I’m working on some more integration between tools, but for now I have written a db module for Metasploit’s XMLRPC engine which allows remote processes to get information from the database.
  • Finding Interesting Database Data – digininja.org
    In one of the early chapters he discusses the Asprox Botnet and explains the way it trawls through any databases it finds looking for columns that are of a type that will take text.
  • DNS Sinkhole ISO Available for Download – sans.edu
    Last week, during the SANSFire conference, I did a talk on DNS Sinkhole and made an ISO available for download.
  • XSS – f-secure.com
    A typical XSS demonstration showing a funny dialog box on somebody else’s site just emphasizes how harmless such an attack looks.
  • Bypassing Restrictive Proxies Part 1, Encoded Executables and DNS Tunneling – grey-corner.blogspot.com
    This scenario simply involves creating a vbscript file that contains an encoded copy of your chosen executable, that when run will decode the file, write it to disk, and then run it.

Vulnerabilities:

Vendor/Software Patches:

  • Apple plugs 28 Mac OS X security holes – zdnet.com
    Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem.

Other News: