Event Related

Resources

  • DominatorPro
    • DOM XSS on Google Plus One Button – blog.mindedsecurity.com
      DOMinatorPro can be very useful to find DOM Based XSS on complex JavaScript web applications.
    • DOMinatorPro Fuzzer finds a DOM XSS on Google.com – blog.mindedsecurity.com
      A quite simple DOM Based XSS was found on https://www.google.com/ context using DOMinatorPro.
      What I think it’s interesting here, is to show how DOMinatorPro works in this real world case.
  • Q3 2012 Mobile Threat Report is Out! – f-secure.com
    Our Mobile Threat Report is out, covering mobile threats found throughout the third quarter of 2012. 67 new families and variants of existing families were discovered, and some platforms that were previously enjoying quiet time (e.g. iOS, Windows Mobile) are now seeing their peace disturbed thanks to the multi-platform FinSpy trojan.
  • Security Headers on the Top 1,000,000 Websites – veracode.com
    I would like to share with you all the results of my scan and review of the Alexa Top 1,000,000 Sites HTTP response headers as they relate to security. I was mostly curious about which sites were using Content Security Policy (CSP) but ended up becoming more interested in all of the various modern day security headers that sites specify. The results were pretty impressive and I certainly learned a lot from it.
  • Video: Owning a PC via GPRS/EDGE – blog.taddong.com
    We have decided to make public a video that we have used on several talks in the past, demonstrating a network attack against a PC, performed via GPRS/EDGE (which is the important point here), using a fake GSM/GPRS/EDGE base station. The video is available for online viewing at our YouTube channel (direct link here), and for direct download, at our lab.
  • InfoSec Institute Resources VMWare ESX Audit & Analysis, Part 1 – resources.infosecinstitute.com
    The VMware ESX source code (from 2004 according to VMware, Inc.) was partially leaked on November 4, 2012. Following due-diligence to determine the impact, the source code has been analyzed and audited for a number of common vulnerabilities.

Tools

  • TLS Tools for Black Box MobileTesting – isecpartners.com
    iSEC is pleased to announce that the mobile testing tools presented in iSEC’s Black Hat 2012 presentation by Alban Diquet and Justine Osborne have been publicly released as open-source software on iSEC’s GitHub page.
  • Patator – code.google.com
    Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules.
  • hstrings – when all strings attached. – hexacorn.com
    a new strings tool that attempts to extract localized strings e.g. French, Chinese from an input file; see example.

Techniques

  • Osmocom + CatcherCatcher tutorial – opensource.srlabs.de
    In this page, you can find all the needed information to set up an IMSI Catcher Catcher based on Osmocom.
  • Why Google Went Offline Today and a Bit about How the Internet Works – blog.cloudflare.com
    Today, Google’s services experienced a limited outage for about 27 minutes over some portions of the Internet. The reason this happened dives into the deep, dark corners of networking. I’m a network engineer at CloudFlare and I played a small part in helping ensure Google came back online. Here’s a bit about what happened.
  • Hacking an Android Banking Application – ioactive.com
    This analysis of a mobile banking application from X bank illustrates how easily anyone with sufficient knowledge can get install and analyze the application, bypassing common protections.
  • Abusing Windows Remote Management (WinRM) with Metasploit – community.rapid7.com
    WinRM is a remote management service for Windows that is installed but not enabled by default in Windows XP and higher versions, but you can install it on older operating systems as well.
  • Automating HalfLMChall Hash Cracking – netspi.com
    Frequently during penetration tests, we will capture halflmchall password hashes from the network. These can come from a variety of sources, but common sources include NBNS spoofing and SQL queries/SQL injection. Both methods can be easy ways to get halflmchall hashes during a pen test.
  • A blast from the past: How to protect yourself against SYSENTER/SYSCALL hooks – blog.fireeye.com
    In my last two blogs I discussed PDF exploits and shell code in general, so this time around I’ll make it a little different. Experienced Windows programmers (well, Linux can be included as well if you think about it) know that for a few years now Microsoft has been taking advantage of the evolution of microprocessors like Intel and AMD. A long time ago, when a function was called from user mode, the call would…
  • Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops – j00ru.vexillium.org
    To stand by my claim that the Microsoft Windows operating system has been built on the fundamental assumption that administrative privileges would always be

Vendor/Software Patches

  • Flash
  • Nmap NSE to Detect CoDeSys Insecurity Issues – digitalbond.com
    Reid Wightman and HD Moore wrote up an Nmap NSE script to detect if your PLC running the CoDeSys ladder logic runtime lacks effective authentication to access the application command shell, transfer files, … the insecure by design issues covered on the Project Basecamp CoDeSys page.
  • Cisco TACACS+ Authentication Bypass – isc.sans.edu
    Cisco has released a patch that addresses a TACACS+ Authentication Bypass vulnerability. Exploitation is likely very easy. If you are using Cisco ACS for authentication you should probably take note of this announcement.
  • WS-Attacker version 1.2 Update – sourceforge.net
    WS-Attacker the modular framework for web services penetration testing has been updated to version 1.2.

Vulnerabilities

Other News