Events Related:
- EnergySec Summit Recap – digitalbond.com
The “Intersection of Security and Compliance” conference theme turned out to be largely an indictment of NERC CIP. - What I learned at Brucon 2010 – pauldotcom.com
Bottom line: Brucon was awesome! And now my “trademark” post on what I learned (with lots of pictures) - BruCon 2010 Training & Conference Wrap-up – tenablesecurity.com
It’s a decent sized conference of about 300 people total, including speakers and attendees. Everyone at the conference was extremely nice and very hospitable. - Sangria, tapas and hackers: SOURCE Barcelona 2010 – net-security.org
Apart from the one in Barcelona, there are two more affiliated SOURCE conferences that will be held throughout the year: the “original” one in Boston and the one they will be premiering mid June next year in Seattle.
Resources:
- Free Malicious PDF Analysis E-book – didierstevens.com
This is a document I shared with my Brucon workshop attendees. - BruCON 2010 slides, podcasts and other coverage – brucon.org
We will publish the remaining slides as soon as we can. Of course, it’s much more interesting to see the videos. - Transferring files on isolated remote desktop environments Turbo Talk – hexale.blogspot.com
The slides for the turbo talk “Transferring files on isolated remote desktop environments” I presented at Ekoparty are up for download here. - eEye Zero-Day Tracker: Your Vulnerability Watchlist – eeye.com
The tracker catalogs the latest Zero-Day vulnerabilities and provides detailed analysis of each, including affected software, severity level, potential impact, and mitigation and protection procedures. - [BruCON] GSM security: fact and fiction – c22.cc
Even if 2 cellphones are on the same BTS, calls are routed all the way up to the MSC and back down. This is due to billing and legal wiretaps. - [BruCON] Top 5 ways to destroy a company – c22.cc
Step 1: Your opinion doesn’t matter (unless you’re one of the execs that really are in the know). - Virus Bulletin 2010 papers – eset.com
By kind permission of Virus Bulletin, we’ve already put two of the papers written or co-authored by ESET researchers up on the White Papers page. - AppSec USA 2010′s videos – vimeo.com
All the videos we have on the AppSec USA presentations
Tools:
- HackAri – HackBar for Safari – 0x0lab.org
It is not exactly the same as HackBar, and it has a lot of limitations compared to it (e.g. you cannot resize the request, post data panels). - FireMaster: The Firefox Master Password Recovery Tool! – pentestit.com
According to the author, FireMaster is the first ever built tool to recover the lost master password of Firefox. - UA-Tester 1.0 released: Now with 38% more pimp! – c22.cc
After a few months of playing around with the UA-Tester Alpha release, I’ve finally got the code to a point where I’m happy enough to do a 1.0 release… UA-Tester 1.0, codename Purple Pimp! - New Version of PadBuster Available for Download – gdssecurity.com
Today we have released version 0.2, which includes some bug fixes and a few enhancements. - inspathx – code.google.com/p/inspathx/
A tool that uses local source tree to make requests to the url and search for path inclusion error messages. - JBroFuzz – sourceforge.net/projects/jbrofuzz/
The OWASP JBroFuzz Project is a web application fuzzer for requests being made over HTTP and/or HTTPS. - Web Security Dojo v1.0 – sourceforge.net/projects/websecuritydojo/
A preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions for download. - exploit.co.il Vulnerable Web App – sourceforge.net/projects/exploitcoilvuln/
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques. - On Free Log Management Tools – chuvakin.blogspot.com
The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. - Tools Released at DEF CON – defcon.org
This page is a repository for the great and innovative tools that have accompanied DEF CON talks over the years. - cvechecker 1.0 – cvechecker.sourceforge.net
The tool however needs your help as well. The most work is to tell cvechecker how to detect which software is installed and what version. - dirtyJOE – dirty-joe.com
dirtyJOE – Java Overall Editor is a complex editor and viewer for compiled java binaries (.class files). - THC-Hydra – thc.org
Good news: hydra is now maintained again by me! (as of June 2010), and is now under GPLv3! - tit – code.google.com/p/tit/
“TCP Input Text” implements the Google SOAP Search API to extract TCP Ports and Fully Qualified Domain Names (FQDN) from Google Search Results into a .csv file and individual shell scripts for nmap and nc aka netcat. - Ostinato – code.google.com/p/ostinato/
It aims to be “Wireshark in Reverse” and thus become complementary to Wireshark.
Techniques:
- Turning the Tables – Part I – xs-sniper.com
Boom… I’ve just taken over a Zeus C&C. I fire up a second, clean VM just to verify… yup it works. - Vulnerability Assessment Testing Automation and Reporting Part III – sans.edu
The nessus parse script has been updated as a number of people have recommended changes or improvements. - String Replace JavaScript Bad Design – thespanner.co.uk
After using JavaScript for a while one of the worst parts I found was the String.replace function. - Web Application Penetration Testing – Part 4 – pauldotcom.com
Many people are under the impression that this TRUE or FALSE questioning technique is the only way to extract data from a site that has a “Blind” SQL injection vulnerability. - A Padding Oracle Attack Implemented In Javascript – ampliasecurity.com
You have probably seen or at least heard about the amazing work done by Juliano Rizzo and Thai Duong where they use decryption oracles against different web applications in many different ways. - Decompiling Android Apps: undx, dex2jar, and smali – intrepidusgroup.com
If you have ever needed to know what a Java application is really doing, you have probably played around with a Java decompiler at some point. - Android App Decompilation Bake-Off – intrepidusgroup.com
Let’s take a look at the Open Source WordPress application for Android. Here is the actual source code for the signup class. - Fuzzing for RFI with Burp Intruder – n00blet 0×01 – l1pht.com
started tossing the idea of discovering remote file inclusion bugs and generating a list (read, scripting op) of decent fuzz values for playing with. - Smartphone Forensics: Cracking BlackBerry Backup Passwords – crackpassword.com
First, not only brute-force attack is available: the dictionary attack (our favorite, especially when used with permutations) is there as well. - “Hot Video” pages: analysis of an hijacked site (Part III) – zscaler.com
While doing the analysis, I identified other hijacked domains and found additional scripts used to create the “Hot Video” pages. - CSAW Exploit 3 Write-up – FreeBSD local root – stalkr.net
We can try to use @kingcope’s freebsd sendfile cache local root. Sadly it does not work out of the box because we do not have /tmp writable: we have to customize a bit the shellcode to use a different one. - UTL_FILE in PL/SQL – I/O, I/O, it’s off to work we go – mikesmithers.wordpress.com
Back in the mists of time, when Broadband was a way of describing a group of fat blokes with guitars, PL/SQL blinked it’s way into the world. - Taking control of a JSP environment – net-ninja.net
Recently I conducted two pentests in which I was faced with a JSP environment. Unfortunately, during the first pentest I had a lack of decent JSP webshell.
Vulnerabilities:
- Malware Running On Graphics Cards – slashdot.org
Given the great potential of general-purpose computing on graphics processors, it is only natural to expect that malware authors will attempt to tap the powerful features of modern GPUs to their benefit.
Vendor/Software Patches:
- ASP.NET vuln patched
Microsoft today issued an emergency patch for a vulnerability in its ASP.Net framework that could be used to read or tamper with data on a Web site.- Out of Band Release to Address Microsoft Security Advisory 2416728 – technet.com
- Microsoft Security Bulletin MS10-070 – Important – microsoft.com
- Microsoft fixes ASP.Net hole used in attacks – cnet.com
- Microsoft to Release Emergency Patch For ASP.NET Bug – threatpost.com
- MS10-070 OOB Patch for ASP.NET vulnerability – sans.edu
- New Attack Against ASP.NET – schneier.com
Other News:
- Stuxnet: The Final Chatter (Hopefully)
- stuxnet revisited – anti-virus-rants.blogspot.com
- Stuxnet Analysis Backs Iran-Israel Connection – slashdot.org
- New Nessus Feature: Public Exploit Availability – tenablesecurity.com
Nessus checks select sources for the presence of an exploit and updates this field accordingly. I purposely chose a “Medium” level vulnerability for this example, as exploits do not only have to be associated with “High” level alerts. - The HacKid Technology Conference For Kids & Their Parents… – rationalsurvivability.com
The gist of the idea for HacKid (sounds like “hacked,” get it?) came about when I took my three daughters aged 6, 9 and 14 along with me to the Source Security conference in Boston.
Tags: AppSec USA, BruCON, EnergySec, SOURCE, Virus Bulletin
No comments yet.