Events Related

  • Cyber Defence Challenge: Analogies – holisticinfosec.blogspot.com
    I recently had the opportunity to interview Alexei Czeskis, the captain of the University of Washington (UW) team who won this year’s National Collegiate Cyber Defense Competition (CCDC). During my discussion with Alexei I was immediately drawn to the fact that his approach and tactics closely mirror those of mature security incident response teams.
  • Course Review: SANS SEC 569 Combating Malware in the Enterprise – ethicalhacker.net
    Your organization will get compromised!  The convenience and ease-of-use that your employees and customers demand will expose your network to a plethora of compromises.  As much as security paranoids, like myself, would like to completely lockdown our networks to prevent this, it is not practical.

Resources

Tools

  • Introducing msfvenom – community.rapid7.com
    The Metasploit Framework has included the useful tools msfpayload and msfencode for quite sometime. These tools are extremely useful for generating payloads in various formats and encoding these payloads using various encoder modules.
  • scapy Cheat Sheet – packetlife.net
    As a follow-up to my Introduction to scapy earlier this week, I’ve developed a scapy cheat sheet. While it would obviously be impractical to include every aspect of scapy’s functionality, the cheat sheet covers the fundamentals of building, sending, and receiving packets.
  • w3af 1.0–stable released! – professionalsecuritytesters.org
    Since our latest w3af release in mid January, and our new windows installer release a couple of months ago, we’ve got lots of encouraging words telling us we are going in the right direction. The objective was near and we could almost taste it. Having a stable code-base is no joke, it requires countless hours of writing unit-tests, running w3af scripts and most importantly: fixing bugs.
  • UPDATE: fimap v09! – code.google.com/fimap/downloads/list
    fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable.
  • TLSSLed v1.0 – blog.taddong.com
    The purpose of the TLSSLed tool (named from the idea of your website being TLS/SSL-ed, that is, using “https;//”) is to simplify the output of a couple of commonly used tools, and highlight the most relevant security findings of any target SSL/TLS implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool.

Techniques

  • Hacking Exposed VoIP/SIP -  sectechno.com
    VoIP systems becoming increasingly popular, attracted people are not only legitimate users that are looking to use it in their business but those who would like to make free calls at other people’s expense. SIP devices are often attacked, with the intent of finding the username/password of accounts on that device.
  • Cookiejacking: Another way of Attack Technique – sites.google.com/site/tentacoloviola
    Cookiejacking is a UI redressing attack that allows an attacker to hijack his victim’s cookies without any XSS. Any cookie. Any website. Clickjacking attacks have been widely adopted by attackers worldwide on popular websites (eg Facebook) in order to perform some drive to download attacks,click forging, message sending and so on. so beware before clicking!!!
  • EMET 2.1 Deployment – irhowto.wordpress.com
    If you have not used Microsoft EMET and your in charge of managing or securing Windows PC’s then you need to start looking at it. In short, EMET uses a number of techniques (DEP, ASLR, HeapSpray prevention ect…) to make it much more difficult to exploit an application.
  • Recent Developments In Java Signed Applets – community.rapid7.com
    The best exploits are often not exploits at all — they are code execution by design. One of my favorite examples of this is a signed java applet. If an applet is signed, the jvm allows it to run outside the normal security sandbox, giving it full access to do anything the user can do.
  • Use HxD to edit capture files (by Joke Snelders) - lovemytool.com
    In this article I show you how to use a hex editor to edit pcap capture files. You can use Microsoft Calculator in Scientific mode to convert decimal numbers to hexadecimal numbers or, for instance, an online conversion table.
  • Customizing SQLMap to ypass weak input filters – blog.mindedsecurity.com
    SQLMap is the most flexible Sql injection tool I have ever seen: written in python, opensource and fully customizable. Many times during penetration testing activities you will face the need to customize SQLMap. In the following example the tool is not able to extract any data in it’s default configuration since the application is filtering some particular characters.

Vulnerabilities

  • Symantec AMS Intel Alert Handler Design Flaw – foofus.net
    This is a very interesting flaw that I came across in Symantec Antivirus Corporate edition in July 2009 while trying to recreate the XFR.EXE design flaw (CVE-2009-1431). At first I thought this was the same flaw, but while running a serious of test against multiple versions of SAVCE. I realized I had tested it against the latest patched 10.1.8 version of the product and the vulnerability was still there.

Other News

  • Siemens’ SCADA Problem
    SCADA systems — computer systems that control industrial processes — are one of the ways a computer hack can directly affect the real world. Here, the fears multiply. It’s not bad guys deleting your files, or getting your personal information and taking out credit cards in your name; it’s bad guys spewing chemicals into the atmosphere and dumping raw sewage into waterways.

  • OWASP Mobile Top 10 Risks
    The OWASP Mobile Top 10 Risks is an overview of a generic list of the most common risks found in mobile applications. We see these risks in mobile applications every day. When we see them they often show up as vulnerabilities in the applications we are assessing.

  • LinkedIn profiles at hijack risk – scmagazine.com.au
    Vulnerabilities in how cookies were handled on LinkedIn profiles laid user profiles at risk of tampering, a security researcher said.
  • LulzSec Leak Sony’s Japanese website Database! – thehackernews.com
    LulzSec Hacking team today Release the Sony’s Japanese website Database dump via their Twitter Account. This is the 9th Attack on Sony. This attack is also using SQL Injection method.
  • A Brief History of Physical Memory Forensics – fasthorizon.blogspot.com
    Lately, we have been doing a lot of work around physical memory forensics. Recently, we released the free, community edition of our Responder™ product and plan to release the fourth generation of our memory analysis engine later this year.
  • Another Comodo SSL Registrar Hacked – h-online.com
    ComodoBR, the Brazilian partner of the Comodo Certificate Authority (CA), appears to have fallen victim to an attack. During the incident, parts of the company’s database, including customer data and submitted certificate requests, were accessed via SQL injection.
  • DHS Publishes Best ICS Vuln Statistics Available – digitalbond.com
    In 2008 DHS issued the first edition of Common Cybersecurity Vulnerabilities in Industrial Control Systems based on 15 ICS security assessments of either products or deployed systems they performed from 2004 to 2008.
  • Security researcher finds ‘cookiejacking’ risk in Internet Explorer – news.cnet.com
    A security researcher in Italy has discovered a flaw in Internet Explorer that he says could enable hackers to steal cookies from a PC and then log onto password-protected Web sites.Referring to the exploit as “cookiejacking,” Rosario Valotta claims that a zero-day vulnerability found in every version of Microsoft’s IE under any version of Windows allows an attacker to hijack any cookie for any Web site.
  • Vendor’s List of Backdoor Accounts Leaked Online – threatpost.com
    An internal document listing the backdoor accounts for switches manufactured by networking equipment vendor Allied Telesis was circulating online Friday, a day after an internal support page providing instructions on accessing hard coded back door accounts in the company’s products was found to be publicly accessible.