- OWASP AppSec 2011
Capture The Flag briefings
- Whitepaper “Python Arsenal For Reverse Engineering” – dsecrg.com
This whitepaper (beta release) is a collection of various Python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. The collection consists of more than 40 projects. This document is intended to show the power of Python for RE and also an attempt to systematize a knowledge of the python for RE. This document is useful for beginners and advanced professionals of RE.
- Australian Department of Defence – iOS Hardening Configuration Guide – djtechnocrat.blogspot.com
Parts of this guide refer to features that require the engagement of the technical resources of your telephony carrier, firewall vendor, or Mobile Device Management vendor. While every effort has been made to ensure content involving these third party products is correct at the time of writing, you should always check with these vendors when planning an implementation.
- Smartphone Whitepapers – iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html
Smartphone (iOS, Android, Blackberry, Windows) guidance documents.
Skipfish is a fully automated, active we application security reconnaissance tool. Its key features are high speed, ease of use, and cutting edge security logic.
- UPDATE: Skipfish 2.01b! – code.google.com/p/skipfish/downloads/list
- UPDATE: Skipfish 2.02b! – code.google.com/p/skipfish/downloads/list
- UPDATE: SQLNinja 0.2.6-rc1! – sourceforge.net/projects/sqlninja/files/sqlninja/
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
- UPDATE: Risu v1.4.5! – github.com/hammackj/risu/archives/master
Risu is a Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
- UPDATE: BeEF v0.4.2.7-alpha! – code.google.com/p/beef/downloads/list
BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
- UPDATE: ZAProxy v1.3.1! – code.google.com/p/zaproxy/downloads/list
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
- Vega – Open Source Cross Platform Web-Application Security Assessment Platform – darknet.org.uk
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
- TLSSLed v1.1 – blog.taddong.com
A few weeks ago we released TLSSLed v1.0 with the goal of helping organizations to test their SSL/TLS (HTTPS) implementation for common flaws and misconfigurations. Today, we release an updated version, v1.1, that includes some additional tests.
- Durandal: A Distributed CPU/GPU Hashcracker! – durandal-project.org/download.html
Durandal is a distributed GPU/CPU computingsoftware that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment x64 platforms.
- Sniffer files – github.com/sirg3/Sniffer
Sniffer is an unoriginally-named packet sniffer with the unique ability of determining which application a packet is coming from (or going to). At the moment it is little more than a prototype to prove that the idea works.
- WebSurgery: A Web Application Secuity Toolkit – www.surgeonix.com/blog/downloads/websurgery/websurgery.zip
It is a suite of tools for security testing of web applications. It is designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer and Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms.
- Twitter Archiver – blog.stalkr.net
Twitter is great to get and share information, quickly. But it is all web 2.0 and you cannot use a simple cat or grep to view or search your tweets. I would like to have tweets saved in simple text format: date, user, text – one per line. So here comes Twitter Archiver, a small python script using PTT to archive any public timeline of tweets, in simple text format. Script: archiver.py, patch: archiver.diff.
- Shellcode Anatomy
Hackers are becoming more sophisticated and are investing resources to evade anti-malware detection. As recent breaches have shown, hackers are already seeing the fruits of their labor. In these spear-phishing attacks, the hacker gained access by sending out files (whether PDF, Excel or Word docs) to company employees. All that was needed was a single individual to open that file – and the attacker penetrated the organization.
- Part I of IV – blog.imperva.com
- Part II of IV – coming next week!
- Detecting LDAP Injections – rapid7.com
It all started to go wrong when Web applications started to replace internal desktop applications in many companies around the globe and one manager proposed: “We should authenticate access to this application using our Active Directory!”
- Reversing Jailbreakme.com 4.3.3 – intrepidusgroup.com
Wednesday, @comex came out with a new user-level jailbreak available on jailbreakme.com. I wanted to understand exactly how this exploit is able to get root so easily. Here is my workflow, and preliminary analysis of the exploit.
- Decoding Data Exfiltration – Reversing XOR Encryption – crucialsecurityblog.herris.com
One of the first and most important questions that intrusion analysts are asked after a network attack is “did they steal anything?”. And if so, “what did they take?”. Often, this is also one of the most challenging questions to answer when the analyst only has a post-intrusion forensic image to work with. Frequently, the analyst’s primary objective becomes identifying and locating data exfiltration files.
- SRF Exploit for Joomla 1.6.3 or Lower – sectechno.com
New exploit has been published that are targeting Joomla 1.6.3 or lower version the vulnerability allow an attacker to create a specially crafted URL that would execute arbitrary script code on victim’s browser.
- Injecting O2 into another .NET Process (in this case NUnit.exe) – o2platform.wordpress.com
Here is a pretty powerful example of what can be done with O2′s .NET reflection APIs. The objective is to start NUnit under the control of an O2 script and to add a new feature to NUnit (in this case a new error viewer)
- Hacking With JSP Shells – netspi.com
Most enterprise datacenters today house at least a few web servers that support Java Server Pages (JSP). In my experience, at least one will suffer from vulnerabilities that can be leveraged to upload JSP shells and execute arbitrary commands on the server (this especially seems to be the case with preconfigured appliances).
- Exclusive first interview with key LulzSec hacker – newscientist.com
It was early May when LulzSec’s profile skyrocketed after a hack on the giant Sony corporation. LulzSec’s name comes from Lulz, a corruption of LOL, often denoting laughter at the victim of a prank. For 50 days until it disbanded, the group’s unique blend of humour, taunting and unapologetic data theft made it notorious.
- iOpener: How Safe is your iPhone data! – h-online.com
The greatest current risk for iPhone owners is not viruses or malicious web pages, it is the danger that the phone might fall into someone else’s hands. Although iPhones do offer elaborate security mechanisms, these mechanisms won’t stand up to an imaginative hacker.
- AusCERT jumps the gun on BIND bug release – risky.biz
AusCERT has broken an embargo, accidentally and prematurely broadcasting a security bulletin pertaining to multiple vulnerabilities in the BIND DNS server earlier today.
- Vsftpd backdoor discovered in source code – update – h-online.com
Chris Evans, aka Scary Beasts, has confirmed that version 2.3.4 of vsftpd’s downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd – which is described on its web site as “probably the most secure and fastest FTP server for Unix-like systems” – was alerted on Sunday to the fact that a bad tarball had been downloaded from the vsftpd master site with an invalid GPG signature. It is not known how long the bad code had been online.
- Cracking DES faster with John the Ripper – h-online.com
Version 1.7.8 of John the Ripper, a free password cracker, promises to be up to 20 per cent faster when cracking the Data Encryption Standard (DES) algorithm. The increase in speed is achieved by improvements in the processing of S-box. Although AES (Advanced Encryption Standard) has long been the encryption standard of choice, encryption and decryption with (triple) DES remain useful techniques.
- Which Banks Are Enabling Fake AV Scams? – krebsonsecurity.com
Fake antivirus scams and rogue Internet pharmacies relentlessly seek customers who are willing to trade their credit card numbers for a remedy. Banks and financial institutions become partners in crime when they process payments to fraudsters.
- Malware Exploit Found for iOS Devices By German Researchers – readwriteweb.com
Germany’s Federal Office for Information Security issued a warning today that iPhones, iPads and the iPod Touch have “critical weaknesses,” the Associated Press reports. The malware is delivered by an infected PDF that can affect the user’s device without them knowing. The same result would occur when a user visits a website with an infected PDF.
- ‘Sophisticated Cyberattack’ Hits Pacific Northwest National Lab – darkreading.com
Pacific Northwest National Labs, a research and development facility operated under contract to the Department of Energy, was attacked during the long holiday weekend and is still struggling to restore IT services.
- DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools – fastcompany.com
A top Department of Homeland Security (DHS) official has admitted on the record that electronics sold in the U.S. are being preloaded with spyware, malware, and security-compromising components by unknown foreign parties.
- Exclusive first interview with key LulzSec hacker – newscientist.com