Resources

  • Hakin9 Magazine Cloud Security Issue – mytalkoot.com
    Comprehensive cloud-centric resources and articles now available for download.
  • Club Hack Magazine May Issue On browser Security – professionalsecuritytesters.org
    Here we are again with the latest issue of ClubHack Magazine. This time also the issue is dedicated to Browser security.
  • Hacking Illustrated – irongeek.com
    In this section I’ll be posting AVIs and Flash files that show step by step how to execute various pen-testing tools. Since most of these videos are 640×480 it would be best if you use a screen resolution that is 1024×768 or better. If you have any requests or comments please let me know.
  • Pentesting Vulnerable Study Frameworks Complete List – felipemartins.info
    It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.
  • 25 Questions To Ask During An Information Security Interview – danielmiessler.com
    What follows is a list of questions for use in vetting candidates for positions in Information Security. Many of the questions are designed to get the candidate to think, and to articulate that thought process in a scenario where preparation was not possible. Observing these types of responses is often as important as the actual answers.
  • Secuirty Through Amnesia: A Software-Based Solution to the Cold Boot Attack On Disk Encryption – arvix.org
    Disk encryption has become an important security measure for a multitude of clients, including governments, corporations, activists, security-conscious professionals, and privacy-conscious individuals. Unfortunately, recent research has discovered an effective side channel attack against any disk mounted by a running machine\cite{princetonattack}.
  • Encrypted Google Docs Done Well – rdist.root.org
    There’s a nice new paper out called “Private Editing Using Untrusted Cloud Services” by Yan Huang and David Evans. They also provide a Firefox extension that implements their scheme. I like their approach for a few reasons.
  • Haroon Meer Reveals His Process For Security Research – resources.infosecinstitute.com
    In our ongoing series of interviews, this week Haroon Meer answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.
  • Microsoft Virtual Server Security: 10 Tips And Settings – resources.infosecinstitute.com
    Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware resources while introducing an increased flexibility in how organizations design and implement new solutions. However, it also introduces new security concerns.
  • Cisco 1Q11 Global Threat Report – cisco.com/en/US/
    The Cisco 1Q11 Global Threat Report has been released. The report covers the period from 1 January 2011 through 31 March 2011 and features data from Cisco Security Intelligence Operations. This quarter’s contributors includes Cisco Intrusion Prevention System (IPS), IronPort, Remote Management Services (RMS), Security Research and Operations (SR&O), and ScanSafe.
  • Assembly Language for Penetration Tester – r00tsec.blogspot.com
    Below are the useful resources to learn Assembley Language for pentesters to start learning Exploit writing.
  • Quickdraw IDS in Action – scada-hacker.com/igss-video.html
    Joel Langill of SCADAhacker.com has an excellent 18-minute video showing an example of an exploit of the IGSS SCADA HMI and then the Quickdraw IDS signatures. Most of the recently disclosed Luigi vulnerabilities resulted in denial of service, but the IGSS vulnerability he exploits in the video is a directory traversal file execution vulnerability.
  • Exploit Development Framework Design – gnucitizen.org
    Metasploit is great but there are three things that makes the framework sometimes inconvenient: it’s size, it’s dependency of the ruby platform and of course it’s speed. It will be great if for example we can take a single exploit (or a set of exploits) out of the framework and compile it into a standalone executable.
  • Beating Up On Android: Practical Android Attacks – immunityinc.com/presentations/Android_Attacks.odt.pdf

Tools

  • Backtrack 5
    The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution”. Today, we are proud to release our work to the public, and then rest for a couple of weeks.This new revision has been built from scratch, and boasts several major improvements over all our previous releases.

  • ZeuS source code anyone? – attackvector.com/viles/ZeuS.tar.bz2
    If you’d like to take a look at the ZeuS/SpyEye botnet source code and see how it ticks, you can download it below. I’m not sure how long this will be up (for obvious reasons), so get it while it’s hot.
  • Release of SWFRet Tools 1.1.0 – the-interweb.com
    Two weeks ago I gave a presentation at SOURCE Boston where I released a new collection of open-source tools for Adobe Flash SWF file reverse engineering. I am developing these tools, called SWFRETools, to help reverse engineers like vulnerability researchers and malware analysts that have to deal with SWF files regularly.
  • Virtualizing Junos On VMWare – darkoperator.com
    Many times when working with a client network or working on our own we have the need to test, document and validate certain networks configurations in a test environment. Sadly not many have the money to have one so as to test different scenarios so as to gage the impact that this changes might have on the production network.
  • UPDATE: Skipfish-1.87b! – code.google.com/p/skipfish/downloads/list
    Skipfish is a fully automated, active web application security reconnaissance tool. Its key features: High speed, Ease of use, Cutting-edge security logic.
  • Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10 – irongeek.com
    As I figure most people reading this know, I make infosec video tutorials for my site Irongeek.com. I wanted to start covering more web application pen-testing tools and concepts in some of these videos. Of course, I needed a vulnerable web app or two to use for these demos.

Techniques

  • The Buby Script Crash Course
    For those of you who are new to Buby, it is a platform to write Ruby based extensions for the Burp Suite API and I’m going to attempt to cover some of the basics.

  • dRuby For Penetration Testers – blog.recurity-labs.com
    I like Ruby somehow, a nice and shiny programming language. At some point last year, I decided to have a closer look at ‘Distributed Ruby’ (also called dRuby). dRuby is all about easily usable objects and method invocations over the network.
  • Journey Into Exploitation: Awbo2.exe – securityaegis.com
    In this series of blog posts, I will be documenting my journey into the art of exploitation.  My goal for this series is to experiment with some of the challenges that are out there and hopefully provide some guidance for others in my shoes.  I am targeting those of you with moderate amount experience in exploitation.  Hopefully, I will further my own knowledge and yours (the reader).
  • Hijacking NFC Intents On Android – intrepidusgroup.com
    Google IO had a “How to NFC” session today where they demoed and described using NFC on Android. One of the items they pointed out was the desire to use NFC for instant gratification and zero-click interactions. The only default application on the Nexus S that I’ve seen this in before today was Google Maps, but the desire is that other applications will incorporate this feature as well.
  • Keychain Dumper – github.com/Neohapsis/Keychain-Dumper
    In order to build keychain_dumper you must first create two symbolic links to the appropriate iOS SDK directories. At the time the tool was developed the iOS 4.2 SDK was current and you may need to update the target directories based on the current SDK that is installed.
  • Bittwiste: pcap Capture File Editor – lovemytool.com
    In this article I will show you how to replace portnumbers, IP and MAC addresses.
  • Bit-Twist – bittwist.sourceforge.net
    Bit-Twist is a simple yet powerful libpcap-based Ethernet packet generator. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic.
  • Sorting Packet Captures With Scapy – packetstan.com
    Today I spent a little time looking into a packet capture supplied by Vivek Ramachandran at SecurityTube. This packet capture is part of a series of WiFi hacking challenges he is putting together, and immediately after opening it I got freaked out.

Vendor/Software Patches

Vulnerabilities

  • The Skype Crisis
    Skype has been acquired by Microsoft few days ago and suddenly it inherited Microsoft’s weakness… I ‘m just kidding, of course. As many of you already know, a pretty big problem has been identified on all Skype versions running on Mac OS X pltaforms.

  • Silently Pwning Protected-Mode IE9 And Innocent Windows Applications – blog.acrosssecurity.com
    Those familiar with Windows COM servers know that they come in two types, in-process and out-of-process. For this post, the former type is of interest: an in-process COM server is a dynamic link library (DLL) that a COM client instantiates when needed, usually by calling the CoCreateInstance function with the class identifier (CLSID) of the said COM server.

Other News

  • AusCERT: Cisco IP phones prone to hackers – scmagazine.com.au
    Contact centres and businesses using a popular make of internet phone were at risk of having their communications intercepted and confidential information leaked, a hacking group demonstrated.
  • FBI vehicle Tracking Device: the Teardown – wired.com
    The FBI’s use of GPS vehicle tracking devices is becoming a contentious privacy issue in the courts, with the Obama administration seeking Supreme Court approval for its use of the devices without a warrant, and a federal civil rights lawsuit targeting the Justice Department for tracking the movements of an Arab-American student.
  • Frameworks and how I hack currently (and how I don’t) – carnal0wnage.attackresearch.com
    I got involved with HDM, skape, spoonm, et all and the metasploit project quite a long time ago, probably around msf 1ish time frame. It was an exciting time and metasploit was one of the best open source infosec (if not the best) projects out there.
  • Security Group Claims To Have Subverted Google Chrome’s Sandbox – krebsonsecuirty.com
    A French security research firm boasted today that it has discovered a two-step process for defeating Google Chrome‘s sandbox, the security technology designed to protect the browser from being compromised by previously unknown security flaws.
  • Catch A Clue From An EDU: Universities That Get Security Right – computerworld.com
    Professor Corey Schou was working in his school’s library when he realized his computer was picking up a particularly strong Wi-Fi signal. Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss.
  • “Binary Planting” vs. “DLL Hijacking” vs. “Insecure Library Loading” – blog.acrosssecurity.com
    When a new thing occurs or is invented, or when a previously obscure thing becomes popular, a need emerges to give it a name so we can talk and write about it. It was no different with binary planting, DLL hijacking, DLL preloading, insecure library loading, DLL load hijacking and DLL spoofing.
  • Whitehouse Proposes Cybersecurity Bill – darkreading.com
    The White House today proposed new cybersecurity legislation that would improve the protection of critical infrastructure, expand the sharing of security data, and impose national requirements for disclosing breaches.