Events Related

  • Securitybyte CTF Walkthrough – securitylearn.wordpress.com
    SecurityByte is India’s largest hacking conference conducted in Bangalore. To make this event more interesting, they do arrange capture the flag events (Web & WI-FI hacking challenges).

Tools

  • Ncrack and the Morto Worm
    Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
  • TrueCrypt 7.1 brings full Mac OS X Lion Support – h-online.com
    The TrueCrypt project has announced the arrival of version 7.1 of its open source, cross platform, disk encryption tool. TrueCrypt 7.1, the project’s first new stable release in nearly a year, is a maintenance update that adds full compatibility with 32- and 64-bit versions of Mac OS X 10.7 Lion. The developers note that several minor improvements and bug fixes affecting all supported platforms are also included; however, specific details have not been provided.

Techniques

  • Bottom Up Randomization Saves Mandatory ASLR – blog.didierstevens.com
    I recently found out that pseudo-ASLR (or mandatory ASLR in EMET) has a lower entropy than real ASLR. While real ASLR has a 8-bit entropy for base addresses, mandatory ASLR turned out only to have about 4 bits of entropy, and the distribution was far from uniform. What I forgot to tell you in that post, is that I just enabled Mandatory ASLR as mitigation in EMET.
  • TTCP and Later – gse-compliance.blogspot.com
    NetCat is a great and simple tool with many uses, but it has a number of limitations in being such a simple and generalised tool. A tool that allows for some more specialised uses of sockets and connection testing is TTCP or “Test TCP”.
  • Heap Overflow For Humans 102 – net-ninja.net
    Initially I discussed techniques for exploiting heap overflows in older versions of Windows in an attempt to give the reader a practical working knowledge of how the unlink process works and how flink/blink from freelist
    [n] can be controlled to give an attacker an arbitrary write 4 primitive.
  • Search windows open shares with python – travisaltman.com
    It’s rare during a penetration test that I actually exploit a vulnerability to gain more information. Newcomers to my filed will often use the term “network security”. I don’t care about the network, have the network for all I care. What I’m more concerned about is the information inside the network. The better way to describe it is “information security”.
  • Viewing GPO’s on the Commandline – redspin.com
    Want a quick way to see what GPO’s are applied to your local system, just using built in utilities? Using the GUI to manually view what settings are applied is awkward and slow.  Use the following commands to see what policies are being handed down to the system you’re on and what they’re enforcing.  This info can be incredibly handy during a pentest in order to find out the limitations being imposed on a specific system you’ve compromised.
  • SSL certificate impersonation…for shits and giggles – blog.c22.cc
    How often as penetration testers do we see SSL protected services using self signed certificates… If you’re anything like the average penetration tester, it’s probably daily. We’ve all been through the song and dance of documenting it, saying it’s bad and that it might have security consequences. I’m sure we’ve all heard every excuse under the sun as well when it comes to why it can’t be fixed. Costs too much, no internal PKI, takes too much time, and some of my favourites…
  • Reverse Shell Cheat Sheet – pentestmonkey.net
    If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port.  This page deals with the former.

Other News