Week 26 in Review 2010

Events Related:

  • Third SHB Workshop – schneier.com
    This is a two-day gathering of computer security researchers, psychologists, behavioral economists, sociologists, philosophers, and others.
  • HiTB News
    HiTB  organizes conferences for a while in Dubaï and Kuala Lumpur but this is the first time that an event is held in Europe and not too far from Belgium.

  • Notes from OWASP Bay Area Security Summit – michael-coates.blogspot.com
    However the portion on dynamic identification and quarantine of malicious scripts was very interesting.
  • Hacking the Next Hope Badge – travisgoodspeed.blogspot.com
    The following are some notes that will help enterprising neighbors to hack these badges, which will be running an MSP430 port of the OpenBeacon firmware.

Resources:

  • Comparing web application scanners, part 2 – portswigger.net
    Scanners were scored based on their ability to identify different types of vulnerabilities in different scanning modes.
  • Cisco IOS Auditing – digitalbond.com
    Earlier this month Tenable released a new policy compliance plugin for Nessus that allows auditing of Cisco router and switch configuration.
  • Third-Party Web Widget Security FAQ – jeremiahgrossman.blogspot.com
    Millions of websites such as online news, blogs, e-commerce, banks, webmail, social networking and more utilize third-party hosted content on their webpages in the form of JavaScript, Adobe Flash, Microsoft Silverlight, HTML IFrames, and images.
  • securityacts it security e-zine issue 3 – terminal23.net
    If you’re looking for a new security-related e-zine to read, check out SecurityActs.
  • New AMTSO guidelines – f-secure.com
    Anti-Malware Testing Standards Organization (AMTSO), which F-Secure is a member of, had a meeting in Helsinki in May.

Tools:

  • BackTrack
    BackTrack started as a personal side project well over 5 years ago and by now has been downloaded over 5 million times.

  • Autoruns and Dead Computer Forensics – sans.org
    It is essentially a targeted registry dump, peering into at least a hundred different Windows Registry keys that the boot and logon processes rely upon.
  • Netsparker Community Edition 1.5.0.0 Released – mavitunasecurity.com
    There are not many new features in Community Edition but this release addresses the most common issues and includes several improvements.
  • Skipfish 1.46beta – code.google.com/p/skipfish/
    A fully automated, active web application security reconnaissance tool.
  • FxCop – .NET Framework Security Analysis Tool – darknet.org.uk
    FxCop is an application that analyzes managed code assemblies.
  • bsqlbf v. 2.6 – notsosecure.com
    The new addition is the execution of any metasploit payload after executing OS code against Oracle database server by exploiting SQL Injection from web apps.
  • upSploit – Press Release – tmacuk.co.uk
    This Vulnerability Advisory Gateway (VAG) should break down the barriers for security researchers and professionals to pass details of vulnerabilities to vendors in a structured easy to follow process.
  • SandKit – s7ephen.github.com
    SandKit is a toolset that is intended to assist with the investigation of Sandbox technologies.
  • IDA Pro 5.7 highlights – hexblog.com
    We have released a IDA Pro 5.7 few days ago.
  • WinPcap – winpcap.org
    The latest stable WinPcap version is 4.1.2.
  • ostinato 0.1.1 – code.google.com/p/ostinato/
    Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI.

Techniques:

  • Got database access? Own the network! – bernardodamele.blogspot.com
    The presentation highlights techniques to exploit a MySQL, PostgreSQL or Microsoft SQL Server database server in real world.
  • SSL gives point-to-point, not end-to-end security – root.org
    SSL provides good point-to-point privacy and integrity protection. However, there is no guarantee to upper layers that SSL is indeed in use.
  • HCP Vulnerability Exploited in the Wild – pandasecurity.com
    This vulnerability disclosure has fueled an intense debate amongst security professionals on responsible disclosure, as the Google researcher only allowed Microsoft 5 days before going public with the flaw details.
  • The curious case of JBoss Hacking – inner-knowledge.blogspot.com
    It is not so rare seeing jboss where the jmx-console is not password protected.
  • Linux buffer overflow II – gunslingerc0de.wordpress.com
    In the first edition of my tutorial tutorial explains berbuffer 400-byte buffer overflow.
  • Set Wallpaper Meterpreter Script – room362.com
    Certainly nothing to fuss over, but I’ve had a fascination with setting my target’s wallpaper as sort of a calling card for years now.
  • Vulnerability Assessment Testing Automation Part I – sans.edu
    In my SANSFire presentation I described how and why to automate parts of the security testing process.
  • V3rity has released a redo log mining tool to extract DDL from redo logs – petefinnigan.com
    V3rity is the new company founded by David Litchfield in March 2010 since he left NGS and until recently his site had little on it.
  • Full-Disclosure, Our Turn – jeremiahgrossman.blogspot.com
    No Web applications, no forms, no log-in, no user-supplied input where XSS can hide.
  • Social Security Number Format – attackvector.org
    First, for those of you who live under a rock, or across the pond, a social security number is in the format of xxx-xx-xxxx.
  • CSRF flaws that pack a punch – holisticinfosec.blogspot.com
    A year after DEFCON 17, cross-site request forgery (still one of my favorite bugs) continues to present itself in some mighty interesting places.
  • Wifi Security Slides – trustedsignal.blogspot.com
    There are a few canned video demos in the PPT version that are obviously not in the PDF version and the PPT version contains copious notes, not found in the PDF.
  • Memory acquisition and the pagefile(s) – mandiant.com
    The easiest way to do this with Memoryze is to use the MemoryDD.bat script from the command line or to use the UI, Audit Viewer.
  • sqlmap and SOAP based web services – bernardodamele.blogspot.com
    Last week a sqlmap user, Chilik Tamir, provided me with a patch to add basic support for SOAP based requests to the tool.
  • Lessons from criminals – Good passwords matter – sophos.com
    Unless this is an elaborate public relations stunt, it appears the integrity of AES-256 as a military-grade encryption standard has been proven in a rather public way.
  • more with rpcclient – carnal0wnage.attackresearch.com
    Got asked to help remotely locate local admins on boxes on a network.
  • You want the BlackBerry Event Log? beg damnit! – chirashi.zensay.com
    If I succeeded at understanding this topic, I would be able to directly connect to a BlackBerry device and collect all the information that I wanted.
  • Twitter updates
    • Looks like it’s possible to infinitely brute force Windows passwords without hitting lockout policy using “Change Passwd” Is that old news? – ax0n
    • Arduino + MetaSploit + USB wireless presenter dongle == VNC remote access on the box. – hdmoore
    • @ax0n you have to be authenticated to the domain to access the SAM function though right? Once you have an account, it works – hdmoore
  • How to write shellcode – gunslingerc0de.wordpress.com
    I previously had written an article about buffer overflow, it is time I wrote an article how to write shellcode.
  • Secunia Survey of DEP and ASLR – taosecurity.blogspot.com
    At the FIRST conference last month, Dave Aitel said something to the effect that DEP and ASLR are the only two noteworthy technologies produced by Microsoft since starting their security initiative.
  • Hacking wireless presenters with an Arduino and Metasploit – teusink.net
    Someone in the audience can control the slides and can send any keystroke you want to the victim, as if they were sitting at the keyboard.
  • CiscoWorks TFTP directory traversal exploit – teusink.net
    So far I have not seen any details published so I decided to see if I could find the bug.

Vendor/Software Patches:

Other News:

2 Comments

  1. […] This post was mentioned on Twitter by Roer.com – the Blog! and Avnet SolutionsPath™. Avnet SolutionsPath™ said: Security Blogger Week 26 in Review 2010: Events Related: Third SHB Workshop – schneier.com This is a two-day gathe… http://bit.ly/9VtqP1 […]

  2. Apks store January 25, 2016 at 1:26 am

    wonderful information

Leave A Comment