Events Related

  • Ekoparty aftermath
    Miscelaneous material on the recent Ekoparty
  • Post #BruCon Network Analysis –
    BruCON is over! As usual, when I attended a security conference, I’m trying to write a small wrap-up for me followers. With BruCON, it’s completely different: I’m on the other side of the stage. For the “0×03” edition, I was again involved in the “bits & bytes” stuff.


  • Top 10 Risks At AppSec USA
    The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation.
  • Collected 1st and 2nd Level Domains –
    After having the files on my disk without being used too much lately, I decided to put second-level-subdomain-transfers.txt.tgz up on our website ready for download.
  • Announcing BSIMM3 –
    Since the first BSIMM interview in October 2008, we’ve progressed from nine to 30 to 42 firms (and more, at this point). We’ve also measured 11 firms twice—about 19 months between measurements on average—and that has provided the BSIMM community with some unique insight on how software security initiatives change over time.
  • Password Secrets of Popular Windows Applications –
    In today’s Internet driven world, all of us use one or other applications starting from browsers, mail clients to instant messengers. Most of these applications store the sensitive information such as user name, password in their private location using proprietary methods. This prevents hassle of entering the credentials every time during the authentication.


  • oclHashcat-plus v0.06 –
    I am really proud to release this new version 0.06 of oclHashcat-plus to public. It contains a lot of new features, improvements, changes and bugfixes. As you may already know, the highlight is the new WPA/WPA2 kernel. This new oclHashcat-plus was faster than every other WPA cracker in every configuration i had tested.
  • EPPB: Now Recovering Blackberry Device Passwords –
    Before you get too excited, there is a catch. The new feature requires Media Card encryption to be switched on and set to either “Security Password” or “Device Password” mode.
  • Share-point-ing hash with friends –
    So I set up a SharePoint 2010 box and had a play to try finding where the issue was. Remembering about the same issue I found in SOAP which allowed gaining an SMB challenge, thought it should be possible to use with this bug too. So, set up meterpreter on a box and added a UNC path in to the XML file uploaded to SharePoint.
  • Websecurity 0.9 is out –
    Websecurify 0.9 is de facto not only the first web application security testing software ever created for iOS, Android, Blackberry and others, but it is also the very first fully functional integrated web application security testing solution which can run straight from your web browser.


  • SSL/TLS (Part 3) –
    The paper is an interesting read. To me it outlined the weakness in using CBC very nicely and the attack is well described.  Certainly one of the more readable crypto papers I’ve come across. I will suggest you read it whilst well fed, and rested.
  • hacked, infecting visitors with malware –
    Our HackAlert 24×7 Website malware monitoring platform today indicated that has been hacked and is currently serving malware.
  • File Disclosure Browser –
    I was reading the blog post “DirBuster -> Burp, the Missing Link” By Tim Tomes (LaNMaSteR53) on the PaulDotCom blog. The article discusses running DirBuster through Burp to populate Burp with any content found by DirBuster.
  • Don’t Upgrade Your Software –
    What does this mean to you? Lets say your software tries to go look for an update and instead of downloading the correct update, you man-in-the-middle the connection and send them a malicious update instead.
  • WPScan and Metaslploit’s Meterpreter –
    Video demonstrating the PoC of WPScan using Metasploit’s meterpreter to exploit a vulnerable WordPress plugin.
  • CSAW CTF: Inchbinge Writeup –
    No credentials were provided as a hint for this challenge, so we’ll have to brute force them. Some common combinations to try are administrator:123456, user:qwerty, admin:password, etc. It just so happens that the 3rd is the correct one.
  • Post Exploitation Shellbag ‘ing –
    When you start to massively own a network via pass the hash or some rampant vulnerability, you accumulate a lot of shells. If the target computer or network names don’t give a hint as to what that system does in specific, sometimes you don’t pay enough attention to the right boxes.
  • Puttering Around With Blackberry Forensics-Part 2 –
    Okay then. It apparently takes me a while between posts. I’ve been keeping a bit busy with several projects and it has been difficult to find the time to conduct much research or write blog posts. I do have an upcoming white-paper that I will release somewhere in November. It includes source code to the toolkit that I will release as well.
  • ncrack with domain creds –
    “little post on using ncrack to brute/check domain creds”

Vendor/Software Patches

  • Microsoft releases fix-it tools for SSL/TLS vulnerability –
    For this purpose, the vendor has released two fix-it tools that enable TLS 1.1 in Internet Explorer and on Windows servers. Only TLS 1.0 is enabled by default, although programs such as Internet Explorer do support TLS 1.1 and TLS 1.2.
  • Cisco Patches Slew of IOS Bugs –
    The most serious of the flaws in IOS, the company’s ubiquitous network operating system, is a bug in the way that the Smart Install application works on some Cisco Catalyst switches. The problem can allow an attacker to run arbitrary code on the switch.
  • Diebold e-voting systems vulnerable to hack –
    The e-voting system hack can be completed with “just $10.50 in parts and an 8th grade science education”; for another $15 worth of parts, a wireless RF remote control can be added to start and stop the attacks.

Other News

  • Mark Russinovich on his novel Zero Day –
    Dennis Fisher talks with Mark Russinovich of Microsoft about his novel Zero Day, the idea of a coordinated cyber attack by terrorists and the difficulty of writing a technical novel for a mainstream audience.