- Impersonating The Domain Administrator via SQL Server – commonexploits.com
A recent presentation I gave for 7Safe. It demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled.
- RuxCon 2010 Materials – ruxcon.org.au
Talk PDFs now posted. Nuff said.
- New SANS Course – Advanced Penetration Testing, Exploits, and Ethical Hacking (SEC660) – layeredsec.com
I’m excited to announce a brand new course that Stephen Sims, Joshua Wright and myself have just completed. It is running for the first time in London this week and will be on the schedule in 2011 in numerous locations.
- Tutorial: John the Ripper – Why You Are Doing It Wrong – ethicalhacker.net
In a professional penetration test, we don’t always have the time to allow JTR to run to completion, and we must rely on some additional techniques to speed things up including the use of wordlists or dictionaries.
- Yet Another WordPress Security Post – Part One – sucuri.net
Information security is everyone’s responsibility, which means It starts with you. If you’re doing everything in your power to mitigate risk from your end, you’re less likely to end up with a website serving Viagra ads on Google.
- Two New HTTP POST Attack Tools Released – sectechno.com
Currently there is two free utility that may perform this attack d “R U Dead Yet?” and OWASP HTTP POST Tool tool offers unattended execution by providing the necessary parameters within a configuration file.
- thicknet – github.com/SpiderLabs/thicknet
thicknet is a TCP session manipulation and take-over tool. The tool isinitially aimed at downgrading Oracle sessions and issuing SQL queriesusing an already-established session. This is an early proof-of-concept,version, but the basic concepts are there to write modules and do MITMagainst a variety of protocols.
- Meterpreter scripts for RunAs privilege escalation & other mischief – grep8000.blogspot.com
send_keystrokes.rb: Meterpreter script to interactively send keystrokes to an open application window using the vbscript SendKeys method. Can be used to escalate privileges into RunAs-invoked command shells on XP.
- sqlinject-finder – code.google.com/p/sqlinject-finder/
Simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.
- cvechecker 2.0 – cvechecker.sourceforge.net/
Version 2.0 is now available for this vulnerability detection tool.
- Javasnoop – code.google.com/p/javasnoop/
JavaSnoop attempts to solve this problem by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system.
- Social-Engineering Ninja v0.4 is out! – grey0.wordpress.com
This is the new release of ninja phishing framework.
- Episode #123: Bad Connections – commandlinekungfu.com
Similar to last week, this week’s challenge comes from Tim’s friend who is mentoring a CCDC team. The mentor was interested in creating some shell fu that lets them monitor all network connections in and out of a system and get information about the executable that’s handling the local side of the connection.
- Packet Payloads, Encryption and Bacon – packetstan.com
Over the years I’ve used a couple of techniques to evaluate the content of packet captures to determine if the traffic is encrypted or just obfuscated.
- Login notifications, pam_exec scripting – stalkr.net
If you like monitoring, you might want to receive notifications at every (or only root) login, in addition to logs.
- All your drives are belong to us – fortinet.com
A new Ransomware module was recently discovered by Fortiguard Labs. When a machine infected with this Ransomware is restarted, the user is greeted with the following boot screen.
Bam. 0-day with AV bypass? Yeah, you’re on the pwnie express. :} Thanks to Will Metcalf for pointing me in the right direction!
- Windows PE Header – marcoramilli.blogspot.com
Each executable file has a Common Object File Format COFF which is used from the OS loader to run the program. Windows Portable Executable (PE) is one of the COFF available in todays OS. For example the Executable Linking File (ELF) is the main Linux COFF.
- Shearing FireSheep with the Cloud – stratumsecurity.com
Enjoy surfing open wireless networks or hostile wired network securely!
- Internal Port Scanning via Crystal Reports – spl0it.wordpress.com
- Exploit Code Out For New Windows Kernel Flaw – threatpost.com
The new Windows kernel bug is considered a critical vulnerability, even though it can’t be exploited remotely, thanks to the fact that an attacker could use it gain powerful credentials on a compromised system and take complete control of the machine.
- New Tool Patches Offline VMs – darkreading.com
Nuwa, named after the Chinese goddess who patched a hole in the sky, aims to fix cloud computing security hole.
- Savannah.gnu.org hacked and currently offline – sucuri.net
There’s been a SQL injection leading to leaking of encrypted account passwords, some of them discovered by brute-force attack, leading in turn to project membership access.
- Calling all security researchers! Submit your new 2010 Web Hacking Techniques – jeremiahgrossman.blogspot.com
To keep track of all these discoveries and encourage information sharing, the Top Web Hacking Techniques acts as both a centralized knowledge base and a way to recognize researchers who contribute excellent work.
- FBI Identifies Russian ‘Mega-D’ Spam Kingpin – krebsonsecurity.com
Federal investigators have identified a 23-year-old Russian man as the mastermind behind the notorious “Mega-D” botnet, a network of spam-spewing PCs that once accounted for roughly a third of all spam sent worldwide.
- Attack of the Trojan printers – infoworld.com
Enterprising security testers dress rogue access points up as common office hardware to gain inside access to networks.
- Spyware threat invades BlackBerry App World – globalthreatcenter.com
In summary, threats posed by mobile applications exist –even if an application is hosted by Apple’s App Store or RIM’s App World both known for vetting submitted applications to ensure that the applications meet guidelines.
- U.S. Sees 93.7% Drop in Data Breaches from 2009 to 2010 – imperva.com
An analysis that used data from the Privacy Clearinghouse, a public database that records all breaches of U.S. citizens’ personal and sensitive information, showed 230M data records taken in 2009 and 13M taken in 2010.
- Simulation Testing and the EICAR test file – eset.com
At the EICAR 2010 conference in Paris, an interesting student paper was presented that used the EICAR file to make some points about the ways in which AV software works (or is presumed to work).
- History Sniffing: How YouPorn Checks What Other Porn Sites You’ve Visited and Ad Networks Test The Quality of Their Data – forbes.com
When a visitor surfs into the YouPorn homepage, a script running on the website checks to see what other porn sites that person has been to.
- BlackBerry wins U.S. government security approval – cnet.com
RIM announced today that its BlackBerry 6 operating system is now FIPS 140-2 certified.