Week 51 in Review – 2010

Resources:

  • Common Weakness Scoring System (CWSS) – cwe.mitre.org
    So for each weakness in the architecture, design, code or implementation that might be introduced into an application, which in some cases can contribute to a vulnerability within that software, we need to be able to reason and communicate about the relative importance of different weaknesses.
  • Brief Review of the PWB Class and the OSCP Certification – hackyeah.com
    Many people have asked what I thought about the class and the certification, and so I decided write a brief post about my experience.
  • SANS SEC580: Metasploit Kung Fu for Enterprise Pen Testing – Post Mortem – c22.cc
    This 2-day class is designed to “show students how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests”.
  • Web Application Scanner Benchmark (v1.0) – sectooladdict.blogspot.com
    I started searching for benchmarks in the field, but at the time, only located benchmarks the focused on comparing commercial web application scanners (with the exception of one benchmark that also covered 3 open source web application scanners), leaving the freeware & open source scanners in an uncharted territory.
  • AppSec USA 2010 Videos – vimeo.com
    31 videos from the recent event.
  • Robert Zigweid: Threat Modeling Best Practices – vimeo.com
    What does Threat Modeling mean to you?

    Tools:

    • Nessus Vulnerability XML Parser v7 – secure.bluehost.com/~melcarac/
      A few people asked for some changes to the output of the Nessus Vulnerability XML Parser, so I here they are.
    • Cisco ACL Parser – secure.bluehost.com/~melcarac/
      The tool takes the name of a cisco configuration as an argument and then parses the data and returns a CSV file.
    • WackoPicko – Vulnerable Website For Learning & Security Tool Evaluation – darknet.org.uk
      There are various vulnerable web applications out there to hone your skills or test the latest web vulnerability scanner you downloaded, one such package would be Damn Vulnerable Web App – Learn & Practise Web Hacking.
    • Web Application Vulnerability Scanner Evaluation Project – code.google.com/p/wavsep/
      A web application that contains a collection of unique vulnerable pages designed to help assessing the features, quality and accuracy of web application vulnerability scanners.
    • New Release: The Social Engineering Toolkit v1.1 – sectechno.com
      This release adds new Metasploit-based client-side attacks (4 in total), many optimizations on the SET web server including proper threading to make it run faster as well as an overall of optimizations through the entire code base.

    Techniques:

    • Facebook Security: Malware Analysis – marcoramilli.blogspot.com
      If the attacked user clicks on it, it executes 2 processes: The current Browser (in a safe mode) and a backgrounded program called vnsvc32.exe, which is the actual real Malware.
    • Sanitizing PCAP Files for Public Distrubution – chrissanders.org
      Unfortunately, divulging these packet captures can give away certain sensitive information such as an organizations internal IP range, IP addresses of sensitive company assets, MAC addresses of critical hardware that could identify the product vendors, and more.
    • d0z.me: use a URL shortener, get a DOS attack free!
      When users click on the link, they appear to be redirected to the requested content, but they are in fact looking at the page in an embedded iframe.

    • Cracking Private Keys Is As Easy As Lifting An SSL From A Database
      Many appliance vendors ship their units with a default private key for SSL communications. Even if you reissue a new certificate, your appliance could still be using the same private key as everyone else’s.. and it’s typically bundled within the firmware packages publicly distributed by the application vendor.

    • Network Security Monitoring with Dualcomm DCSW-1005PT – cyberarms.wordpress.com
      One of the best ways to do this is to monitor traffic from a live line tap. A tap is a port that provides a copy of the live data on a second port so it can be recorded, and analyzed.
    • thicknet: starting wars and funny hats – spiderlabs.com
      We used to get everyone’s usernames and passwords simply by listening to the wire. Now we had to get a little smarter. This time we beat up Address Resolution Protocol (ARP), steal its funny hat, and read all the great stuff going over port 110.
    • Expanding the Attack Surface – xs-sniper.com
      In some cases, it is possible to control seemingly unrelated applications on the user’s machine through the browser.
    • Rainbow Tables for Unix DES Crypt(3) Hashes – intrepidusgroup.com
      Some time ago, I started thinking about the possibility of using Rainbow Tables to crack old-school Unix crypt(3) passwords.
    • Analysis of the Gawker compromise – sucuri.net
      It seems it all started with one account getting stolen, followed by re-using the same password on another resources (email, basecamp, etc), followed by critical information stored on emails, followed by a mass compromise.
    • Delicious Webapp Hacking – room362.com
      I’ve seen people bookmark everything from internal web portals to urls with special no-auth passwords in them.
    • An Introduction To Fuzzing: Using Spike To Find Vulnerabilities In Vulnserver – grey-corner.blogspot.com
      I have written an article on how to use the SPIKE fuzzer to find vulnerabilities in Vulnserver, which you can read at the InfoSec Institute site.
    • WayBack WebApp Hacking – room362.com
      Archive.org allows you to check the history of sites and pages, but a service most are not aware of is one that allows you to get a list of every page that a Archive.org has for a given domain.
    • When A DoS Isn’t A DoS – breakingpointsystems.com
      It seems that denial-of-service (DoS) attacks are in the news nearly every day, including the recent buzz about a DoS vulnerability present in Internet Explorer 8 that surfaced on full-disclosure.

    Vulnerabilities:

      Other News:

      Leave A Comment