- ToorCon related news
- Some Results from the ToorCon Security Conference – connectedinternet.co.uk
Hackers, security researchers at the ToorCon security conference in San Diego showed how easy it can be to poke holes in hardware and software with the right combination of tools, know-how, and good old fashioned cat curiosity.
- ToorCon: New Apps, Old Infrastructure Make Toxic Brew – threatpost.com
In a variety of ways, experts at this weekend’s ToorCon Conference warned that the tidal wave of new devices and Web based services is straining an already aging Internet infrastructure, with privacy and security as the first victims.
- Some Results from the ToorCon Security Conference – connectedinternet.co.uk
- Hack.lu wrap-=up posts
- Hack.lu Day #1 Wrap-up – rootshell.be
- Hack.lu Day #2 Wrap-up – rootshell.be
- Hack.lu Day #3 Wrap-up – rootshell.be
- Hack.lu CTF – sscat writeup – stalkr.net
- Hack.lu CTF – Challenge 9 “bottle” writeup, extracting data from an iodine DNS tunnel – stalkr.net
Challenge #9 entitled “bottle” was original and worth its 500 points. We were given the following network capture and instructed to find a message.
- Pentesting with Burp Suite: Taking the Web Back From Automated Scanners – securityaegis.com
Thanks to everyone at Toorcon who attended our talk: “Pentestng with Burp Suite, Taking the web back from automated scanners”.
- Hack3rcon 2010 Videos – irongeek.com
Below are videos of the presentations from Hack3rcon 2010.
- Nmap Scripting and Pcap Analysis – securityaegis.com
There were a lot of really great talks at Toorcon and two of my best friends, David Shaw of Redspin and Nate Drier of Spiderlabs were kind enough to send me their video and slides.
- Hardware Will Cut You (video) – adafruit.com
The hardware design process is fraught with pitfalls, from library component sketchiness, parts availability, erroneous data sheets, underestimates of complexity and long lead times.
- pci dss v2.0 released – terminal23.net
The PCI Council has released PCI DSS v2.0 along with a doc of the changes.
- Exploitation 101 – cryptocity.net
This week’s homework is to find and exploit the security vulnerability in homework.exe, which is a simple server very similar to the demo.exe from class.
- Security Talks – ucla.edu
A list of security talks at UCLA
- WATOBO – THE Web Application Toolbox – sourceforge.net/apps/mediawiki/watobo/
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated) web application security audits.
- USB Thief: A USB Social Engineering Tool! – pentestit.com
It is a tweaked USB that steals every passwords including licences. Probably, you could use it in one of your “physical access” heists.
- RSYaba Modular Brute Force Attacker – randomstorm.com
RSYaba is tool to run brute force attacks against various services in a similar way to Hydra and Medusa. The tool was written after bad experiences at getting existing tools working correctly with HTTP and SSH so it was decided to make a tool that would be easier to configure.
- Firesheep makes cookies crumble
In roughly 24 hours, Firesheep has been downloaded more than 104,000 times, as would-be-hackers — or the merely curious— downloaded the Firefox extension to test the exploit.
- I’ll take the Firesheep with a side order of ARP Poisoning please… – mcafee.com
- Lazy Hackers Unite: Firesheep Boasts +104,000 Downloads In 24 Hours – techcrunch.com
- Plugin, FireSheep, Lays Open Web 2.0 Insecurity – threatpost.com
- New Firefox Plug-In Offers WiFi Cookie-Jacking For ‘Average Joe’ – darkreading.com
- Firesheep: who is eating my cookies? – pandasecurity.com
- Firefox extension makes social network ID spoofing trivial – net-security.org
- Re: FireSheep – erratasec.blogspot.com
- Firesheep: Making the Complicated Trivial – f-secure.com
- Cooling Down the Firesheep – mozilla.com
- Firesheep: Baaaaad News for the Unwary – krebsonsecurity.com
- The Message of Firesheep: “Baaaad Websites, Implement Sitewide HTTPS Now! – eff.org
- Fireshepard – notendur.hi.is
The program kills the current version of FireSheep running nearby, but the user is still in danger of all other session hijacking mechanisms. Do not do anything over a untrusted network that you cannot share with everyone.
- Update: LoadDLLViaAppInit – didierstevens.com
This new version of LoadDLLViaAppInit allows you to load more than one DLL inside a process. You separate the DLL names with a semi-colon (;).
- Hashkill: A Multithreaded Open Source Password Cracker! – pentestit.com
Hashkill is a multi-threaded open source password cracker. It uses the OpenSSL library to crack different types of password hashes.
- WordPress SQL Injection Checker v1 – packetstormsecurity.org
- GMER – gmer.net
GMER is an application that detects and removes rootkits.
- Websecurify Security Testing Runtime – code.google.com/p/websecurify/
Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
- Evilgrade 2.0 – the update explotation framework is back – infobytesec.com
This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools.
- The Sleuth Kit – sleuthkit.org
The Sleuth Kit can be used with The Autopsy Forensic Browser, which can be downloaded here.
- Bluelog – digifail.com
Bluelog is a Linux Bluetooth scanner written to do a single task, log devices that are in discoverable mode.
- SIP Inspector – sites.google.com/site/sipinspectorsite/
New version (1.22) is just released.
- More about ATI 6XXX – golubev.com
It turns out that even Catalyst 10.6 can compile code for mysterious ISA id=15 and resulting disassembly looks very interesting — T unit indeed gone from ATI’s thread processors and XYWZ units now can process instructions they weren’t able to handle before, like 32-bit integer multiplies.
- ZigBee Lab – digitalbond.com
We purchased the ETRX3DVKA357 Developers Kit from Telegesis. It contains a number of ZigBee modules, a ZigBee USB adapter, three developer (dev) boards and software.
- Pentesting with Burp Suite: Taking the Web Back from Automated Scanners http://bit.ly/cl60yJ preso, ty @joelparish & @portswigger – twitter.com@Jhaddix
- Integrating Nikto with Nessus Video – tenablesecurity.com
A new video has been uploaded to the Tenable Security YouTube Channel titled, “Integrating Nikto with Nessus”.
- Analysis of a UDP worm – sensepost.com
From time to time I like to delve into malware analysis as a pastime and post interesting examples, and recently we received a malware sample that had a low-detection rate.
- BIOS Password Backdoors in Laptops – dogber1.blogspot.com
When a laptop is locked with password, a checksum of that password is stored to a sector of the FlashROM – this is a chip on the mainboard of the device which also contains the BIOS and other settings, e.g. memory timings.
- iPhone, meet Wireshark – Capturing Traffic from Mobile Devices – mudynamics.com
I wanted to see what the apps on my iPhone do and as I searched around, most of the current methods seem to involve jail-breaking, setting up hubs and access points and other such cumbersome nastiness.
- Exploitation using publicly available Base64 encode/decode code – zscaler.com
- JSREG BYPASSES – thespanner.co.uk
Another clever trick, the string is placed inside of an array and when the eval function is called it used to check the object type if it was a string then it rewrote the code if not it was assumed to be a already rewritten string however I didn’t expect an array to be used in this context so this would effectively bypass the sandbox
- Here we go again: Adobe has a new zeroday
Adobe says that version 10.1.85.3 and earlier of Flash Player for the Windows, Macintosh, Linux and Solaris operating systems are vulnerable.
- Critical zero-day vulnerability found in Adobe Flash, Reader, Acrobat – sophos.com
- CVE-2010-3654 Adobe Flash player zero day vulnerability – contagiodump.blogspot.com
- Fuzz My Life: Flash Player zero-day vulnerability (CVE-2010-3654) – fortinet.com
- VIDEO: Cross-platform malware runs on Windows, Mac and Linux – sophos.com
We made a quick video demonstrating the much-talked about “Boonana” malware threat, also being compared to Koobface as it appears that cybercriminals have been distributing links to it via Facebook, tempting unsuspecting users with the promise of a video.
- Critical Fixes for Shockwave, Firefox – krebsonsecurity.com
Adobe Systems pushed out a critical security update for its Shockwave Player that fixes nearly a dozen security vulnerabilities.
- iPhone Jailbreak Tool Sets Stage for Mobile Malware – threatpost.com
The success of a group of hackers in compromising the security of Apple’s iPhone may set the stage for more malware for the popular handset, including rootkit-style remote monitoring tools and data stealing malware.
- SCADA Vendors Still Need Security Wake Up Call – threatpost.com
Speaking at the ToorCon Security Conference in San Diego, Jeremy Brown, a vulnerability researcher at security firm Tenable said that many SCADA software vendors lag far behind other IT firms in vulnerability research and lack even a basic awareness of modern security principles.
- Researchers hack toys, attack iPhones at ToorCon – cnet.com
One researcher demonstrated how to take control of an iPhone using an exploit that targets a hole in Safari, which has been patched.
- Report: China hijacked U.S. Internet data – cnet.com
In several cases, Chinese telecommunications firms have disrupted or impacted U.S. Internet traffic, according to the excerpts.
- Impact of Artificial “Gummy” Fingers on Fingerprint Systems – cryptome.org
Potential threats caused by something like real fingers, which are called fake or artificial fingers, should be crucial for authentication based on fingerprint systems.
- Expert Advises Caution on SCADA Security Hysteria – threatpost.com
But the concern about spontaneous utility outages and surreptitiously poisoned food supplies are overblown and largely misplaced, an expert says.
- The Long Tail of Information Security – secmaniac.com
I wanted to blog about it because the talk itself resonated with me and directly correlates to a previous post on the current state of penetration tests.