Event Related

Resources

  • 2012 Verizon Data Breach Investigation Report (DBIR)
  • How to Win CCDC -Slides – room362.com
    Since this is a constantly updating slide deck I figured I’d post it here so I didn’t have to keep emailing it out. If you have comments or if something is wrong grammatically, technically or in any other way I’d love input. Suggestions also welcome.
  • ROP and deROP – marcoramilli.blogspot.com
    Many different researches put theirs efforts in finding a good ways to fight ROP malware, for example Davi et Al. And Chen et Al. Implemented a threshold system able to count how many buckets of instruction followed by RETN are present in a executable, once the threshold is reached the security mechanism alerts the user about that.
  • CVSS – Common Vulnerability Scoring System – a critique [ Part1 ] – blog.zoller.lu
    Ever since I started my career in information security I was both interested and intrigued by metrics applied to vulnerabilities (or metrics in general for that matter). CVSS is certainly not new and I had to make the choice whether to use it or not in the past and I always wanted to share some issues I had with it. This blog post laid dormant in DRAFT state since 8 months and I decided to publish it in parts rather than wait another year to finish it.
  • Is Threat Modeling Overrated ? – curphey.com
    I few weeks ago I posted “Is Threat Modeling Overrated? I think so….” on Twitter. It was piggybacking on this blog post and my bait was a combination of a few glasses of red wine (aka “Dutch courage”) and less than 140 chars of expressiveness but I have come to think that despite the potential high value in analyzing an applications architecture from a security view point that threat modeling as generally practiced is not delivering on it’s potential.
  • Protecting Privileged Domain Accounts: Safeguarding Access Tokens – computer-forensics.sans.org
    This is the 4th in a multi-part series on the topic of “Protecting Privileged Domain Accounts”. My primary goal is to help incident responders protect their privileged accounts when interacting with comprised hosts, though I also believe this information will be useful to anyone administering and defending a Windows environment.

Tools

  • Smart Scapy By Lacofa – r00tsec.blogspot.com
    There are many areas on which they work from a security point of view, one of them are the tests carried out on these devices that manage information. Generally speaking, we can say that devices include a protocol stack, such as TCP/IP.
  • Mercury – labs.mwrinfosecurity.com
    Droid’s first assessment framework of its kind. A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android.

Techniques

  • Top 10 Oracle Steps to a Secure Oracle Database Server – blog.opensecurityresearch.com
    There are numerous resources on the Internet that detail secure configurations for Oracle; CISecurity, NIST, SANS, and Oracle just to name a few. Despite this, however, Foundstone continues to encounter vulnerable Oracle databases in our internal and external penetration tests. More often than not, we consultants are able to leverage the vulnerable Oracle databases to compromise additional hosts.
  • Creating WMI Filters and GPOs with PowerShell – darkoperator.com
    In my last 2 blog post I covered the creation of group policy objects for distributing certificates to all computers in a domain and enable Network Level Authentication on them plus also covered how to create and use WMI filters to specify which machines a Group Policy Object should apply to.
  • Blog Archive windows privilege escalation via weak service permissions – travisaltman.com
    When performing security testing on a Windows environment, or any environment for that matter, one of the things you’ll need to check is if you can escalate your privileges from a low privilege user to a high privileged user.

Vendor/Software Patches

Vulnerabilities

  • Java-based Web attack installs hard-to-detect malware in RAM – computerworld.com
    A hard-to-detect piece of malware that doesn’t create any files on the affected systems was dropped onto the computers of visitors to popular news sites in Russia in a drive-by download attack, according to security researchers from antivirus firm Kaspersky Lab.
  • FreePBX Exploit Phone Home – offensive-security.com
    During a routine scan of new vulnerability reports for the Exploit Database, we came across a single post in full disclosure by Martin Tschirsich, about a Remote Code Execution vulnerability in FreePBX.

Other News