Events Related:

  • Save the date: 23 & 24 Sept 2011 – brucon.org
    For those who like to plan ahead, keep Friday and Saturday 23 & 24 September 2011 free.
  • BSidesOttawa Schedule Confirmed! – andrewhay.ca
    BSides Ottawa is fast approaching and today we can share the schedule of superb talks that cover a broad spectrum of Information Security subjects.
  • WACCI Digital Forensics (Part 2) – sans.org
    The day began with a light breakfast followed by a few conference announcements.  There were to be no keynote speeches that day, so next up were the breakout sessions.

Resources:

  • CIS Apple iPhone Benchmark v.1.2.0 – cisecurity.org
    This document, Security Configuration Benchmark for Apple iOS 4.1.0, provides prescriptive guidance for establishing a secure configuration posture for the Apple iOS version 4.1.0.
  • Free Online Course & Downloads – benchmarkdevelopment.mitre.org
    The PowerPoint briefing slides below are used in MITRE’s E-Learning Benchmark Development Course.
  • Verizon PCI Report is Out – chuvakin.blogspot.com
    Organizations struggled most with requirements 10 (track and monitor access), 11 (regularly test systems and processes), and 3 (protect stored cardholder data).
  • Cross-site scripting explained (video) – itsecuritylab.eu
    Actually it’s a live scenario of persistent XSS exploitation, so may be quite interesting for you to watch as well.
  • DEF CON 18 Talks – Video is Live! – djtechnocrat.blogspot.com
    DEF CON 18 talks with the speaker video and slides has been processed and posted.
  • The Open Checklist Interactive Language (OCIL) – scap.nist.gov
    The Open Checklist Interactive Language (OCIL) defines a framework for expressing a set of questions to be presented to a user and corresponding procedures to interpret responses to these questions.
  • Security Checklists – disa.mil
    STIGs, and checklists

Tools:

Techniques:

  • Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem – mindedsecurity.com
    Consider the following points: Java DNS Rebinding: an attacker can point a controlled host to any IP of the web. Java applet same IP Host access: an attacker can read the response of any host which points to the same IP the applet originates.
  • Adobe Shockwave player rcsL – exploit-db.com
    There is a 4bytes value in the undocumented rcsL chunk in our sample director movie and it may be possible to find similar rcsL chunks in other director samples.
  • Upstream Attacks from Distributed Devices – digitalbond.com
    Control4 doesn’t necessarily fall into the category of a device that has upstream connectivity but there are some parallels about the device design that I think are going to present some security challenges for those that do need to communicate back to the local utility company.
  • Cracking 14 Character Complex Passwords in 5 Seconds – cyberarms.wordpress.com
    One article in March of this year stated that the technique using SSD drives could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.
  • Decoding Javascript Hex Encoding – securityonion.blogspot.com
    So how does it work? “xxd -r -p” converts from hex to ASCII, but it’s expecting the hex digits to be space delimited.
  • [0Day] Moxa MDM Tool 2.1 Buffer Overflow – reversemode.com
    The 0day I’m releasing today took exactly 2 minutes to find it out. Any decent code review or blackbox pentest would had uncovered it so I assume it didn’t happen before releasing the product.
  • In Memory Fuzzing – corelan.be
    In memory fuzzing is a technique that allows the analyst to bypass parsers; network-related limitations such as max connections, buit-in IDS or flooding protection; encrypted or unknown (poorly documented) protocol in order to fuzz the actual underlying assembly routines that are potentially vulnerable.
  • How to Add XSSF to Metasploit Framework? – pentestit.com
    It contains some interesting payloads (if we may call it!) – .pdfs that exploit different vulnerabilities to launch cmd.exe on unpatched systems, JAVA vulns and clones of GMail and Facebook.
  • Integrating Hydra with Nessus Video – tenablesecurity.com
    When installing Hydra on Ubuntu-based systems, here are a few tips to get all of the modules working properly.
  • PDF RCE et al. (CVE-2010-3625, CVE-2010-0191, CVE-2010-0045) – xs-sniper.com
    Naturally, when a string that looks like URI is encountered one of the first things that’s attempted is to point the URI value to a file:// location and observe whether the local file is opened.
  • Analysis of multiple exploits – zscaler.com
    The JavaScript code is heavily obfuscated. It cannot be de-obfuscated by a simple copy-paste of the code into Malzilla, some of the decoding has to be done by hand.
  • Checking for user-agent header SQL injection vulns – holisticinfosec.blogspot.com
    As I analyze various web applications in the name of fun or fortune, I am sometimes treated to those little reminders that result in a “doh!”.
  • PenTestIT Post Of The Day: Automated detection of CSRF-worthy HTML forms through 4-pass reverse-Diff analysis! – pentestit.com
    In general, the majority of vulnerability detection techniques depend on fairly simple injections of strings and subsequent blind pattern matching of the body of the induced HTTP response.
  • Peach + someawesome.xml + xml.XmlAnalyzer == Free Pits? – l1pht.com
    Fuzzing is a lazy man’s game.  We’re like toothless hill people, sitting on the porch of our minds in a rocking chair, a shotgun loaded with crackable data resting soundly on our filthy little laps.  Waiting.
  • Malicious USB Devices: Is that an attack vector in your pocket or are you just happy to see me? – irongeek.com
    Programmable HID USB Keyboard Dongle Devices along with detection and mitigation techniques involving GPO (Windows) and UDEV (Linux) settings.
  • Java Applet Same IP Host Access – mindedsecurity.com
    By taking advantage of this design issue, if an attacker can control at least one host on a virtual server pool (uploading an applet), it will be possible for the attacker to use an applet against a legit user and read every information from the other domains on the same IP.

Vulnerabilities:

    Other News: