Events Related

  • Notacon 8: At Least We’re Not Detroit – intrepidusgroup.com
    This weekend was Notacon 8, Cleveland, Ohio’s longest running hacker con.  Normally I don’t expect a lot of info sec related talks because in years past, Notacon emphasized the creative interpretation of the term hacker.

Resources

  • Final Report On Pan-European Cyber Security Exercise – enisa.europa.eu
    The report underlines the need for more cyber security exercises in the future, increased collaboration between the Member States and the importance of the private sector in ensuring IT security.
  • Microsoft Safety Scanner: Free On Demand Safety Scanner – microsoft.com
    Microsoft Safety Scanner has been designed with simplicity in mind. The program can be started right after downloading or transferring it to a Windows PC. Only the depths of the scan needs to be selected, everything else is handled automatically by the application.
  • State of Software Security Report, Volume 3 – info.veracode.com
    Today we’re proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months.
  • ClubHack Magazine April 2011 – docs.google.com
    ClubHACK has released another version of their magazine. It is the first  Indian “Hacking” Magazine.This issue has been dedicated to Mozilla.
  • Locks that can re-key themselves? – skullsecurity.org
    I was at Rona last week buying a lead/asbestos/mold-rated respirator (don’t ask!), when I took a walk down the lock aisle. I’m tired of all my practice locks and was thinking of picking up something interesting. Then I saw it: a lock that advertised that it could re-key itself to any key. Woah! I had to play with it.
  • NSTIC Strategy Released – blogs.cisco.com
    Last June, I blogged about a draft of the National Strategy for Trusted Identities in Cyberspace (NSTIC) that had been released for public comment. This past April 15, the finalized NSTIC strategy document was released at an event at the US Chamber of Commerce.
  • The Exploit Intelligence Project – goo.gl
    I got my slides up early.
  • IP address can now pin down your location to within half a mile – usenix.org
    In a research paper and technical report presented at the USENIX Networked Systems Design and Implementation (NDSI) conference at the beginning of April, researchers from Northwestern University presented new methods for estimating the exact physical location of an IP address tens or hundreds of times more accurately than previously thought possible.
  • Attacking Oracle Web Applications With MetaSploit – slidesha.re/dQvoJP
    Oracle talk slides here.
    [via Twitter]

Tools

  • Windows Credentials Editor v1.2 Released – hexale.blogspot.com
    Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials. This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems.
  • Directory Server Fingerprinting Tool – securityxploded.net
    DirectoryScanner is the FREE Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers running on the local network as well as Internet.
  • Bodgelt Store App – code.google.com
    There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.
  • Signed Spreadsheet with cdm.dll & regedit.dll – blog.didierstevens.com
    Paul Craig has a signed version of my spreadsheet on his iKAT site. Download ikat3.zip and look for officekat.xls. These signed macros are handy when you’re working in a restricted environment that requires Office macros to be signed.
  • Microsoft Makes Portable Anti-Virus Tool Ready To Download – h-online.com
    Microsoft has released its free Microsoft Safety Scanner.This scans for and removes malware from Windows systems without requiring prior installation. According to AV-Test’s Andreas Marx, the on-demand anti-virus scanner appears to be based on the Malicious Software Removal Tool, but with the addition of a complete signature database.
  • Malware Analyzer v3.0 – sourceforge.net/projects/securityanalyzers/files
    It can be useful for string based analysis for Windows registry, API calls, IRC Commands, DLL’s called and anit-VMWare code detection. It displays detailed headers of PE with all its section details, import and export symbols etc.
  • NMAP XML Parser – marcoramilli.blogspot.com
    After a couple of emails on this topic I decided to share some NMAP specific xml parsers. As many of you know through -oX flag it’s possible to save NMAP results into a well-structured xml file. But what about the visualization or the manipulation of such a file?
  • Malheur 0.5.0 – NA
    Malheur is a tool for automatic analysis of program behavior recorded from malicious software. It is designed to support the regular analysis of malicious software and the development of detection and defense measures.
  • NessusDB v1.4 – github.com/hammackj/nesusdb
    NessusDB is updated and new version v1.3 has been released. This release fixes some major ActiveRecord relation issues that seem to have popped up. I have also streamlined some of the command line options and added a config file for keeping track of different assessments.
  • GUI frontend for GoogleDiggity and BingDiggity – stachliu.com/tools/searchdiggity.msi
    SearchDiggity is a new GUI application that serves as a front-end to both GoogleDiggity and BingDiggity. Both are good information gathering tool. We have discussed about it in detail in our previous posts.
  • T50 v5.3 – pentestit.com/2011/04/22/update-t50-v53/t-50-5-3-websecforum-2/
    T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform “Stress Testing”. It is a powerful and an unique packet injection tool.

Techniques

  • The TDSS Guide
    In the two years since the Win32/Olmarik family of malware programs (also known as TDSS, TDL and Alureon) started to evolve, its authors have implemented a notably sophisticated mechanism for bypassing various protective measures and security mechanisms embedded into the operating system.

  • Exploiting Adobe Flash Player On Windows 7 – abysssec.com
    Here we have type confusion vulnerability in ActionScript bytecode language. The cause of these vulnerabilities is because of implementation of verification process in AS3 jit engine that because of some miscalculation in verifying datatype atoms, some data replaces another type of data and the confusion results in faulty machine code.
  • Running Commands In Restricted Command Prompt – r00tsec.blogspot.com
    Ok, so far so good. Unfortunately, it looks like the commands we want to run are restricted… How do we bypass this? Simple, run a command that isn’t restricted and pipe a restricted command in.
  • Memory Forging Attempt By A Rootkit – blogs.mcafee.com
    Some time ago a new rootkit appeared that at first glance seemed more similar to initial variants of TDL3 than to the updated TDL4 variants we have seen this year. Like TDL3, it also parasitically infected a driver by inserting code in the resource directory of the PE file.
  • Recent Facebook XSS Attacks Show Increasing Sophistication – theharmonyguy.com
    A few weeks ago, three separate cross-site scripting (XSS) vulnerabilities on Facebook sites were uncovered within a period of about 10 days. At least two of these holes were used to launch viral links or attacks on users – and it’s clear that attacks against Facebook users are becoming increasingly sophisticated.
  • Surveymonkey: IP spoofing – blog.c22.cc
    A few weeks back I was finalizing some of the survey results for my #BSidesLondon talk when I noticed something interesting, if a little strange. When somebody fills out a survey on the Surveymonkey website, they record a number of pieces of meta data along with the survey answers.
  • In-house developed applications: The constant headache for the information security officer – isc.sans.edu
    Although perimeter security controls are well publicized, there are many suppliers who can offer them in different countries and these devices can fit into all types of budgets, there are still security problems in custom applications developed within companies that are not so easily solved.
  • Crafting Overlapping Fragments (Eventually) Part 2 – packetstan.com
    In my last blog I covered the theory of fragmentation. Just to remind you – our ultimate goal is to use Scapy to craft overlapping fragments. So far, we’ve seen how Scapy can create normal fragments and the composition of normal fragments. That will come in very handy when we create our overlapping fragments.

Vulnerabilities

  • Adobe reader, Acrobat Update Nixes Zero-Day – krebsonsecurity.com
    Adobe shipped updates to its PDF Reader and Acrobat products today to plug a critical security hole that attackers have been exploiting to break into computers. Fixes are available for Mac, Windows and Linux versions of these software titles.

Other News

  • Grey Hat Hacks ESA Website – blogs.computerworld.com
    It seems that hardly a day passes without hearing of another breach, but what is unique about the high profile ESA breach was that it was allegedly an anniversary hack.
  • The Linux Security Circus: On GUI Isolation – theinvisiblethings.blogspot.com
    There certainly is one thing that most Linux users don’t realize about their Linux systems… this is the lack of GUI-level isolation, and how it essentially nullifies all the desktop security. I wrote about it a few times, I spoke about it a few times, yet I still come across people who don’t realize it all the time.
  • The Web Exploitation Framework Project – novainfosecportal.com
    In January of 2010, Seth Law and I had a conversation about using tools for our everyday testing and exploitation. Which tools we prefer, those we do not and those that are no longer maintained.
  • SQL injection: Why can’t we learn – isc.sans.edu
    Recently we have been all witnesses of two high profile incidents where the attackers exploited SQL injection vulnerabilities: the now infamous HBGary Federal hack and the Barracuda Networks hack. What’s even more worrying about these two incidents is that they happened to companies which are information security consultants/product developers.
  • Insufficiently Prepared Infrastructure Firms Increasingly Under Attack – h-online.com
    A new study written jointly by McAfee and the Center for Strategic International Studies (CSIS) concludes that utility companies are increasingly under threat from targeted attacks and yet many are simply not taking the proper precautions to protect their systems.
  • Windows Functions Disables Exploit Protection – h-online.com
    Security experts Chris Valasek and Ryan Smith have revealed how they are able to bypass Windows’ heap-exploitation mitigation feature. They have presented their findings at the hacker conference Infiltrate.
  • iPhone Keeps Record of Everywhere You Go – guardian.co.uk
  • Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.
  • Weaponizing GPS Tracking Devices – darkreading.com
    Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, car, pet, or shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location, a researcher has discovered.