Events Related

  • SkyDogCon 2011 Videos – irongeek.com
    Here are the videos from SkyDogCon. Thanks to all of the SkyDogCon crew, especially SeeBlind for running the cameras.
Resources

Tools

  • UPDATE: SQLNinja 0.2.6! – sourceforge.net/projects/sqlninja/files
    Sqlninja is an exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell also in very hostile conditions. Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
  • UPDATE: ZAProxy v1.3.4! – code.google.com/p/zaproxy/downloads/list
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
  • UPDATE: w3af 1.1! – sourceforge.net/projects/w3af/files/
    w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
  • UPDATE: BeEF v0.2.4.11-alpha! – code.google.com/p/beef/downloads/list
    BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.

Techniques

Vendor/Software Patches

  • Critical Flash Update Plugs 12 Security Holes – krebsonsecurity.com
    Adobe has issued a critical software update for its Flash Player software that fixes at least a dozen security vulnerabilities in the widely-used program. Updates are available for Windows, Mac, Linux,  Solaris and Android versions of Flash and Adobe Air.

Vulnerabilities

Other News

  • Brazilian DNS Poisoning Attack
    In the past few days several Brazilian ISPs have fallen victim to a series of DNS cache poisoning attacks. These attacks see users being redirected to install malware before connecting to popular sites. Some incidents have also featured attacks on network devices, where routers or modems are compromised remotely.
  • Mysterious iOS Bug
    Apple’s iPhones and iPads have remained malware-free thanks mostly to the company’s puritanical attitude toward its App Store: Nothing even vaguely sinful gets in, and nothing from outside the App Store gets downloaded to an iOS gadget. Now serial Mac hacker Charlie Miller has found a way to sneak a fully-evil app onto your phone or tablet, right under Apple’s nose.
  • FBI Takes Out $14M  DNS Malware Operation – networkworld.com
    US law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware  in more than four million computers in over 100 countries while generating $14 million in illegitimate income.
  • Hackers Use MIT Server To Hack 10,000 Sites – dailytech.com
    Most content-heavy sites on the web today are driven by a mix of PHP and SQL.  Unfortunately, exploits abound from popular PHP database manager frontends like PHPMyAdmin. Thus, “hacking” many websites has been reduced from an art down to a “brute force” search for applicable SQL vulnerabilities.
  • Cinzec Licenses Patent Technology To NT OBJECTives – marketwatch.com
    Cenzic Inc., the leading provider of Web application security assessment and risk management solutions, today announced a patent license agreement with NT OBJECTives. Specifically, NT OBJECTives has agreed to pay Cenzic an undisclosed amount in exchange for certain rights to Cenzic’s United States Patent numbers 7,185,232 and 7,620,851.