Resources

  • ToorCon Seattle 2011 Browser Exploit Packs – secniche.blogspot.com
    We gave a talk at ToorCon about the high level details of BlackHole. We will be releasing more details and complete talk in the upcoming conferences that are scheduled later this year.
  • OWASP DC’s videos – vimeo.com
    Video archive of OWASP DC lectures and presentations.
  • Notacon 8 media now online – blog.notacon.org
    I’m happy to say that the media for Notacon 8 is now online…I want to thank everyone for their patience as I worked through all of the media to get it ready for release. I chose to use MP4 as the video format of choice and OGG as the audio format. As a reminder, all of the media is being released under the Creative Commons Attribution-ShareAlike 3.0 license.
  • Password mining, cracking, and GPUs – Errata Security
    People imagine that sophisticated hacking requires sophisticated computers. The truth is that almost everything a hacker does can be done with a cheap notebook computer, or even a mobile phone.

Tools

  • UPDATE: OWASP Mantra v0.61! – getmantra.com/download/index.html
    Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.
  • UPDATE: Skipfish v2.00b! – code.google.com/p/skipfish/downloads/list
    Skipfish is a fully automated, active web application security reconnaissance tool.
  • BSQLF v2.7 – code.google.com/p/bsqlbf-v2/downloads/list
    An updated version is now available for download. This supports “-nomatch” switch. The -nomatch switch is exactly opposite of the -match switch, ie, it will look for the supplied unique keyword which only appears in the false page and NOT in true page. Remember, the “-match” looks for a unique string which only appears in true and do not appear in false cases.
  • Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10 – irongeek.com
    What I’m attempting to do with Mutillidae is implement the OWASP Top 10 in PHP, and do it in such a way that it is easy to demonstrate common attacks to others. Feel free to use it in your own classes or videos, but if you do I’d love to hear about it.
  • Metaploit Framework 3.7.2 Released! – metasploit.com
    It’s that time again! The Metasploit team is proud to announce the immediate release of the latest version of the Metasploit Framework, 3.7.2. Today’s release includes eleven new exploit modules and fifteen post modules for your pwning pleasure. Adding to Metasploit’s well-known hashdump capabilities, now you can easily steal password hashes from Linux, OSX, and Solaris.
  • Google’s new tool, DOM Snitch, finds JavaScript flaws – threatpost.com
    Google announced on Tuesday the availability of a new free application testing tool, dubbed “DOM Snitch,” that it says will help Web application developers find vulnerabilities in client side Web applications.
  • John the Ripper Gets A Face Lift – darkreading.com
    One of the industry’s first open-source password-cracking tools just got a big boost in power and performance with sponsorship from Rapid7, which also plans to more tightly integrate the so-called John the Ripper tool with Metasploit.
  • Auditing/Hacking WPA & WPA2 Security – it-audit.sans.org
    Episode 3 of AuditCasts is a ten minute demonstration that shows, from beginning to end, how to attack the pre-shared key in a WPA or WPA2 network. This episode, unlike others to date, is a bit less “How To”, so I thought we’d give you some more details here in the Show Notes.

Techniques

  • Another Use of Clickjacking, Cookiejacking! – cgisecurity.com
    Rosario Valotta has published an interesting attack against IE that takes advantage of clickjacking. In a nutshell it combines origin flaws within IE with clickjacking to trick a user into copying/pasting their own cookies from any site! Demonstration below.
  • Restricted Citrix Excel Application Escapes – carnal0wnage.attackresearch.com
    Blow by blow account of restricted citrix environment break outs.
  • Metasploit Payloads Explained Part 1 – room362.com
    Payload selection is something that rarely gets talked about in detail. Most PoCs just use calc.exe, netcat, or some kind of socket. The vast majority of Metasploit tutorials, videos and documentation use the windows/meterpreter/reverse_tcp payload which is only one of 224 possible payloads.

Vulnerabilities

  • WordPress backdoors
    Following the discovery of a backdoor in three popular plug-ins, the developers of WordPress reset the passwords for WordPress.org and blocked access to all extension repositories while they “looked for anything else unsavory”. It is still unclear how the backdoors got into the AddThis, WPtouch and W3 Total Cache plug-ins.

  • OS X
    [is] safe yet horribly insecure – allthatiswrong.wordpress.com
    I have had this article planned since the end of 2009 and have had it as a skeleton since then. I wanted to point out the many problems with OS X security and debunk the baseless myth that OS X is somehow more secure. Despite 18 months passing by before I managed to finish it, not much seems to have changed.

Vendor/Software Patches

  • Mozilla Firefox And Thunderbird Security Updates – isc.sans.org
    Mozilla released Firefox 3.6.18 for Windows, Mac and Linux fixing several security and stability issues [1]. Mozilla Thunderbird released version 3.1.11 fixing vulnerabilities reported in version 3.1.10.

Other News

  • Many Amazon cloud users reveal confidential data – h-online.com
    Sharing Amazon Machine Images (AMIs) to run on Amazon’s Web Services (AWS) can open the door to attackers when users do not follow appropriate safety advice. The AMIs may contain private cryptographic keys, certificates and passwords, as researchers at the Darmstadt Research Center’s CASED (Center for Advanced Security Research Darmstadt) found.
  • US Builds Cyber War Virtual Firing Range – pcworld.com
    Showing how serious it is about the growing threat of cyber attacks, the U.S. government is spending about $500 million on “cyber technologies” to fight back. A portion of this is set aside for a virtual firing range of sorts to test out what they develop.
  • WhiteHat acquires Static Code Analysis (SCA) from Infrared Security – blog.whitehatsec.com
    WhiteHat Security today announced the acquisition of static code analysis technology (SCA) from Infrared Security, a firm of leading software security experts who also developed a key piece of technology. You may better recognize their names as Jerry Hoff, Jim Manico and Eric Sheridan.
  • What would a pentesting dream team look like? – blog.pentestify.com
    With a few ideas running through my head, i decided i’d conduct a completely formal poll via twitter. [Here are a few] Interesting responses.
  • 90% of Companies Sya They’ve Been Hacked In The Last 12 Months – gizmodo.com
    In a five-day survey that polled public and private organizations both large and small, Ponemon research found that 90% of the companies asked had been hacked in the las 12 months.