Events Related

  • Mobile Security Summit 2011 – sensepost.com
    This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR. Charl was the keynote speaker and presented his insight on the impact of the adoption of mobile devices throughout Africa and the subsequent rise of security related risks.

Resources

  • SAP Direct browsing URLS for Pentesting – secuirtyaegis.com
    Files archive and directory.
  • Anatomy of A Pass Back Attack – foofus.net
    At Defcon 19 during my presentation we discussed a new attack method against printers. This attack method involved tricking the printer into passing LDAP or SMB credential back to attacker in plain text. We refer to this attack as a Pass-Back-Attack .
  • Show Me Your DNS Logs, I’ll Learn About You! – blog.rootshell.be
    During the last BruCON edition, we operated our own DNS resolver. Instead of using public servers or the ones proposed by our ISP, pushing our own DNS resolver to network visitors can be really interesting. Of course, addicted to logs, I activated the “queries_log” feature of bind to log every requests performed by BruCON visitors.
  • Homemade Hardware Keylogger/PHUKD Hybrid – irongeek.com
    The core goal of this project is to develop the code, circuitry and instructions necessary for building a hardware keylogger that is also a Programmable HID and key repeater with inexpensive hardware. Hardware keyloggers vary in price from around $33 to several hundred dollars. While I doubt I’ll be able to match the price of the very low end, I hope to be able to put together something that is inexpensive and flexible.
  • Windows Shares – blog.ncircle.com
    All Windows shares come from this registry key during the boot procedure, which means it controls which directories you will share with others and how they will be shared. Furthermore, it doesn’t mean the change in the registry will be applied to the system instantly. It needs a reboot to make it work.
  • Intro to HDMoore’s Law – cognitivedissidents.wordpress.com
    HDMoore’s Law concept came to me after a year of me asking “Is PCI the ‘No Child Left Behind Act’ for IT Security?” and subsequently my intuitive allergy to the following two pervasive, thought terminating clichés / platitudes… perhaps you’ve also heard them.

Tools

  • SecTools.Org: Top 125 Security Network Tools –  sectools.org
    For more than a decade, the Nmap Project has been cataloguing the network security community’s favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form.
  • Netsurveyor – nutsaboutnets.com
    NetSurveyor is an 802.11 (WiFi) network discovery tool that gathers information about nearby wireless access points in real time and displays it in useful ways.  Similar in purpose to NetStumbler, it includes many more features.
  • UPDATE: OWASP Mantra c0c0n 11 and AppSecLatam 11 release! – http://sourceforge.net/projects/getmantra/files/
    Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.
  • Android Reverse Engineering Virtual Machine available for download now! – honeynet.org
    Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering (A.R.E.) Virtual Machine, put together by Anthony Desnos from our French chapter, is here to help. A.R.E. combines the latest Android malware analysis tools in a readily accessible toolbox.
  • Registry Decoder 1.1. Released! – digitalforensicssolutions.com/registrydecoder/
    Digital Forensics Solutions is announcing the release of Registry Decoder 1.1, which has many completely new features and updates as well as bugfixes! Please see our previous blog post here for the initial release of Registry Decoder.
  • sqlsus v0.7 Released – sqlsus.sourceforge.net/download.html
    sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more.
  • Cvss2Calc – woanware.co.uk/downloads/Cvss2Calc.v.1.0.0.zip
    The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of 3 groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0 to 10, and a Vector, a compressed textual representation that reflects the values used to derive the score.
  • UPDATE: JavaSnoop 1.1 RC1! – code.google.com/p/javasnoop/downloads/list
    JavaSnoop is a tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer. It does so by allowing you attach to an existing process and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system.
  • Safely Dumping Hashes From Live Domain Controllers – pauldotcom.com
    The basis of the talk and the purpose for our research is that there are some really cool things you can do with Volume Shadow Copies in modern Windows Operating Systems. Our talk takes the approach of using Shadow Copies for hiding malware on Windows systems, but Mark mentions during the talk how one can access protected system files through Shadow Copies as well.
  • iSEC Partners Releases SSLyze to test your TLS and/or SSL setup – professionalsecuritytesters.org
    Transport Layer Security (TLS) and the Secure Socket Layer commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention to weak configurations, and the need to avoid them.

Techniques

  • Hacking Oracle From The Web: Part 2 – penetration-testing.7safe.com
    This paper examines new techniques to execute multiple statements via SQL Injection. No special privileges are needed to use these techniques and they work for all versions of Oracle Database from Oracle 9i to 11g R2. The paper specifically outlines how to achieve privilege escalation and OS code execution when exploiting SQL Injection vulnerability in a web app which in-turns connect to an Oracle database.
  • Making Blind SQL More Efficient – pen-testing.sans.org
    Look at this DATABASE filled with glamorous merchandise and fabulous prices just waiting to be extracted on WHEEL OF FORTUNE. What, did you hear that differently than I did? How can the wheel of fortune be used to extract data from a database? The player that knows the statistical probability of characters appearing around other characters will win on Wheel of Fortune.
  • Firewall Policy Creation In Group Policy – gse-cpmpliance.blogspot.com
    Tonight we are going to start by looking at creating an IPSec tunnel in Windows  Server. This will allow us to enforce authentication and connection rules between hosts and to ensure that our systems cannot be intercepted (at least not easily).
  • How To Pull Passwords From A Memory Dump – cyberarms.wordpress.com
    The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of 3 groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0 to 10, and a Vector, a compressed textual representation that reflects the values used to derive the score.
  • Damn Small XSS Scanner – unconsciousmind.blogspot.com
    Damn Small XSS Scanner (DSXS) is a fully functional XSS scanner (supporting GET and POST parameters) written in under 100 lines of code. As of optional settings it supports HTTP proxy together with HTTP header values “User-Agent”, “Referer” and “Cookie”.
  • Standalone Exploits Suck – community.rapid7.com
    There are many reasons why writing Metasploit exploit modules and submitting them to the Metasploit framework is a good idea. You’re not only going to help the community / professionals, but it will force you to think about various aspects of writing exploits and that should result in a better exploit.

Vendor/Software Patches

Vulnerabilities

  • Worth Reading: WOP protection in Windows 8 Bypassed – h-online.com
    Windows 8 offers a range of new protection mechanisms that are designed to hamper the efforts of exploit authors. However, shortly after the release of the Windows 8 Developer Preview, a way to circumvent one of these new obstacles has already been found.
  • Microsoft Excel 2007 SP2 Buffer Overwrite Vulnerability/Exploit (MS11-021) – abysssec.com
    A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files.An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CG’s Shared Items From Google Reader – carnal0wnage.attackresearch.com
    After testing a fair number of mobile applications I thought I would share 3 of the most common vulnerabilities I’ve come across thus far. In regards to scope, when referring to “mobile applications”, we really mean both the mobile application and the web-service.
  • Hackers ‘Timthumb’ their noses at vulnerability to compromise 1.2 million sites – darkreading.com
    A vulnerability in an obscure WordPress add-on script that was discovered in August is currently being used to compromise more than 1.2 million websites — and could be easily used to siphon data out of databases hosted on servers also hosting the compromised websites, security experts warned today.

Other News