Events Related

  • OWASP ATL Presentation – intrepidusgroup.com
    I recently gave a presentation at OWASP ATL on the OWASP Mobile Top 10 and how to assess mobile applications. This was a light weight discussion of the OWASP Mobile Top 10 and some topical and technical concerns related to securing mobile applications.
  • OWASP Benelux Days 2011 – blog.rootshell.be
    The OWASP Benelux Days is a two-days event organized by three OWASP chapters (Belgium, Netherlands and Luxembourg). The 2010 edition was organized in Eindhoven(NL). This year, it was organized in Luxembourg. After a safe trip, sharing my car with a friend, we arrived at the Luxembourg University.
  • BSIMM Community Conference – cigital.com
    Cigital recently hosted a second BSIMM Community Conference near Portland, Oregon. The Conference was outstanding, and was a great opportunity for like-minded software security professionals to compare notes.

Resources

  • Netsec’s Q4 2011 Information Security Hiring Thread – reddit.com
    If you have open positions at your company for information security professionals and would like to hire from the/r/netsec user base, please leave a comment detailing any open job listings at your company.
  • Restricted Character Set Vulnserver Exploit Tutorial – resources.infosecinstitue.com
    Vulnserver is a Windows server application that deliberately includes a number of exploitable buffer overflow vulnerabilities, and was designed to act as a target application to teach and practice basic fuzzing, debugging and exploitation skills. More information on Vulnserver, including a download link, is available here.
  • November 2011 OWASP Newsletter – owasp.blogspot.com
    November OWASp newsletter now available for download.

Tools

  • Pipal, Password Analyser – digninja.org
    On most internal pen-tests I do I generally manage to get a password dump from the DC. To do some basic analysis on this I wrote Counter and since I originally released it I’ve made quite a few mods to it to generate extra stats that are useful when doing reports to management.
  • Intercepter NG-An Advanced Sniffing Tool! – intercepter.nerf.ru/Intercepter-NG.v09.zip
    Intercepter-NG is a new and improved sniffing tool with many added features. It supports several sniffing modes. For instance, in raw mode, it acts like a pure sniffer with appearance similar to Wireshark, providing enough functionality to perform a quick research of the network traffic. In the eXtreme mode Intercepter-NG will analyze all TCP packets without checking ports.
  • USRP For NFC Part 1 - intrepidusgroup.com
    The USRP from Ettus Research is an awesome tool for radio analysis. It’s a really complex tool that is capable of doing almost anything involving radio signals (see these two previous Insight posts by Corey and myself, and Raj). That doesn’t even scratch the surface, though. This post will go into the detailed hardware setup for investigating NFC over the air communication using the USRP.
  • Signed TaskManager – blog.didierstevens.com
    This new version 0.1.1 of my TaskManager spreadsheet is exactly the same as version 0.1.0, except that it is digitally signed.
  • Android Web Content Resolver – labs.mwrinfosecurity.com
    When assessing Android devices and applications we regularly come across vulnerabilities in Android Content-Providers. These vulnerabilities are often similar to those found in web application security tests. In particular SQL Injection and directory traversal vulnerabilities are common problems in Content-Providers.
  • How To Find Android 0Day In No Time – labs.mwrinfosecurity.com
    Today we are releasing WebContentResolver, an Android assessment tool which allows you to find Content-Provider vulnerabilities in no time. A Content-Provider is one of Androids IPC endpoints; it is commonly used to implement data storage in applications and to offer access to this data to other applications on the device.
  • The Mole – Automatic SQL Injection SQLi Exploitation Tool – darknet.org.uk
    The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Techniques

  • DNS Hacking (Beginner to Advanced) – resources.infosecinstitute.com
    DNS is a naming system for computers that converts human readable domain names e.g. (infosecinstitute.com) into computer readable IP-addresses. However some security vulnerabilities exist due to misconfigured DNS nameservers that can lead to information disclosure about the domain.
  • POP POP RET: SEH Exploiting Process – marcoramilli.blogspot.com
    This morning I want to talk a little bit about Structured Exception Handling (SEH) exploitation. Some readers, during a Skype meeting early last week, pointed me out that I never wrote about it, se lets talk a little bit about it.
  • "Hacking" Printers – PJL Basics – hackonadime.blogspot.com
    A short while later in my career, I got to be known as the AIX “hacker” because I knew more about AIX than even some IBM techs I’d talk to on the phone. That’s why the term “Hacking” in the title has quotes. What we’re going to talk about today is understanding some very basic features that most people have forgotten about and being able to manipulate those features to help us do some bad stuff.
  • CSRF with JSON – Leveraging XHR and CORS – sheeraj.blogspot.com
    Same Origin Policy (SOP) dictates cross domain calls and allows establishment of cross domain connections. SOP bypasses allow CSRF attack vector, an attacker can inject a payload on cross domain page that initiate a request without consent or knowledge of the target user.
  • Embedding A Link To A Network Share In A Word Doc – carnal0wnage.attackresearch.com
    Someone asked me how to embed an HTML Link to an smb share into a word doc. End result would be to use the capture/server/smb or exploit/windows/exploit/smb/smb_relay modules. Easy right? Well it wasn’t THAT easy… In office 2010 when I’d go to pull in a picture to the document by adding a picture from a network share the picture would become part of the doc and not be retrieved every time the document opened. The solution was to add some html to the document.
  • SQL Injection Attack Happening ATM – isc.sans.edu
    Typically it is inserted into several tables.  From the information gathered so far it looks targeted at ASP, IIS and MSSQL backends, but that is just speculation.  If you find that you have been infected please let us know and if you can share packets, logs  please upload them on the contact form.

Vulnerabilities

  • 1% of CMS-Powered Sites Expose Their Database Passwords – feross.org
    Nearly 1% of websites built with a content management system (like WordPress or Joomla) are unknowingly exposing their database password to anyone who knows where to look.
  • Researchers Find Big Leaks In Pre-Installed Android Apps – arstechnica.com
    Researchers at North Carolina State University have uncovered a variety of vulnerabilities in the standard configurations of popular Android smartphones from Motorola, HTC, and Samsung, finding that they don’t properly protect privileged permissions from untrusted applications.

Other News