Event Related

Resources

Tools

  • Webapp-Exploit-Payloads v1.0 Released – github.com
    Webapp-Exploit-Payloads is a collection of payloads for common webapps. For example Joomla and WordPress.
  • Cisc0wn Cisco SNMP Script – commonexploits.com
    I have created a new script that you might find useful. Cisc0wn is simply a bash script that pulls various tools and enumeration into one simple command for ease, so is not really a tool in itself.

Techniques

  • From LOW to PWNED [12] Trace.axd – carnal0wnage.attackresearch.com
    “Trace.axd is an Http Handler for .Net that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order, where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file.”
    http://www.ucertify.com/article/what-is-traceaxd.html
  • We Have the Port Scans, what now? – pentesticles.com
    It’s been a while, I hope you’re good. I’m fine thanks, busy as sin but isn’t that always the way? So where did we leave off? From reading back through my previous post, we’d scanned our little guts out and pulled a list of all ports that were open and all the services that can be interacted with. Boy haven’t we been busy!
  • Yes, you can have fun with downloads – lcamtuf.blogspot.com
    It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs; in more limited circumstances, even individual frames can be targeted. I discuss the consequences of this behavior in The Tangled Web – and several months ago, I shared this amusing proof-of-concept illustrating the perils of this logic.
  • Tiny 64-bit ELF executables – blog.markloiseau.com
    A while back, Brian Raiter wrote an excellent guide to ELF executables called “A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux.” It outlines some of the things that contribute to overhead in ELF executables, and goes to great lengths to make the smallest-possible ELF program.

Vulnerabilities

Other News

  • NIST Issues Long-Awaited Cloud Guidance – bankinfosecurity.com
    NIST has published its long-awaited cloud computing guidance, Special Publication 800-146: Cloud Computing Synopsis and Recommendations, that addresses risk management and other security matters.