Event Related

  • Layer One 2012 Security Conference – layerone.org
    All of the videos from the LayerOne 2012 security conference are now online! Check everything out on the 2012 Archives page.

  • RECON 2012 – GPUS FOR MOBILE MALWARE, MITIGATION AND MORE – viaforensics.com
    The following presentation was delivered by Jared Carlson at REcon 2012 on June 6, 2012. Browse the slide images in the gallery below. A PDF version is available; make sure you are registered on the site and then use this link.

  • Rooted CON 2012 – vimeo.com
    Rooted CON 2012 Security Conference in Madrid, Spain.

Resources

  • Pen Testing in the Cloud – pen-testing.sans.org
    With the phenomenal growth of cloud computing, many of us are engaging clients where one or more aspects of their cloud deployment is considered in scope. Penetration testing a cloud deployment can make for tricky waters to navigate, due to its shared responsibility model. In this article we’ll demystify the cloud, as well as provide tricks and tips for navigating those waters.
  • Tweaking Metasploit Modules To Bypass EMET – Part 1 – badishi.com
    Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is designed to increase the protection of your system against exploitation. It can render current Metasploit modules useless, as they’re currently not designed to bypass it. We discuss ways to tweak Metasploit modules in as much a generic way as possible, so they can work against targets utilizing EMET.

Techniques

  • How to Break Into Security, Schneier Edition – krebsonsecurity.com
    Last month, I published the first in a series of advice columns for people who are interested in learning more about security as a craft or profession. In this second installment, I asked noted cryptographer, author and security rock star Bruce Schneier for his thoughts.

  • Nmap Script to detect Poison Ivy Clients – labs.alienvault.com
    I have written a small Nmap script that sends the challenge handshake to the client and expects a 256 byte response. It is able to detect if the Poison Ivy’s password used is the default one (“admin”).

  • Some Practical ARP Poisoning with Scapy, IPTables, and Burp – webstersprodigy.net
    ARP poisoning is a very old attack that you can use to get in the middle. A traditional focus of attacks like these is to gather information (whether that information is passwords, auth cookies, CSRF tokens, whatever) and there are sometimes ways to pull this off even against SSL sites (like SSL downgrades and funny domain names). One area I don’t think gets quite as much attention is using man in the middle as an active attack against flaws in various applications. Most of the information is available online, but the examples I’ve seen tend to be piecemeal and incomplete.

Tools

  • iPv6
    • IPv6 Toolbox – ipv6securitylab.org
      A set of Linux-based open-source tools, developed to assist network owners with the difficult transition to IPv6.
    • THC-IPV6 – thc.org
      A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.

  • gui-for-sqlmap – code.google.com
    To make it work get and install python 2.7 python-tk and download the last version of sqlmap-dev.

  • CMOS De-Animator – st-ware.com
    CMOS De-Animator v2 is a service utility for your system’s CMOS RAM. Unlike its predecessor, the CMOS De-Animator 1.0, this new version includes a graphical interface and CMOS-backup options along with the “Clear CMOS” procedure, which was the original version’s only purpose. The application supports all 32-bit and 64-bit Windows operating systems except Windows 95 and Windows NT 3.51; for these old systems you will have to use De-Animator 1.0.

  • SamuraiWTF Course – sourceforge.net
    Download the latest version of Samurai.

Vendor/Software Patches

  • WS-Attacker 1.1 updated – sourceforge.net
    WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
  • An example of EggHunting to exploit CVE-2012-0124 – community.rapid7.com
    Recently, we added a module for CVE-2012-0124 which exploits a stack buffer overflow flaw in the backup management component of HP Data Protector Express. The overflow occurs during the creation of new folders, and allows an authenticated user on HP Data Protector Express to execute arbitrary code with SYSTEM privileges on Windows platforms. We figured this is a nice opportunity to demonstrate a good egghunter scenario.

  • Stack Smashing: When Code Execution Becomes a Nightmare – community.rapid7.com
    Last year at BSides Vegas, James Lee (egypt) and David Rude (bannedit) did a presentation about “Long Beard’s Guide to Exploit Dev”. During the talk, James said one thing that I’ll never forget: “exploit development is never an easy task, because pretty much every step you do — finding the offset, finding a return value, using a ROP gadget, etc — could lead to a failure.” Ain’t that the truth! But here’s the thing, exploits don’t just fail before you pop a shell, it can also happen WHILE you’re getting a shell… and that’s where my story is.

  • MySQL – websec.ca
    False means the query is invalid (MySQL errors/missing content on website). True means the query is valid (content is displayed as usual).

Vulnerabilities

Other News

  • OpenSSL 1.0 now with FIPS certification – h-online.com
    A FIPS 140-2 certificate is an entry requirement for many projects: there is often no way around the US government’s “Security Requirements for Cryptographic Modules”, particularly for government contractors.

  • Corrupt App Store binaries crashing on launch – marco.org
    This is now resolved. Go to the App Store and redownload any affected apps — they should show up in the Updates tab. Do not delete and reinstall: it’s no longer necessary and you may lose data in those apps.

  • Dutch ISP Discovers 140,000 Customers With Default Password – it.slashdot.org
    In Holland, a major ISP (KPN) has found a major security flaw for their customers. It seems that all customers have had the same default password of ‘welkom01’. Up to 140,000 customers had retained their default passwords.