Event Related

  • 29C3
    • 29C3: When USB memory sticks lie – h-online.com

      USB memory sticks are thought to be among the less exciting hardware components – simple storage media that have many uses and function the same way in almost any hardware environment.

    • 29C3: Budget mobile turns into GSM base station – h-online.com

      Belgian hacker Sylvain Munaut presented a proof of concept at the 29th Chaos Communication Congress (29C3) in Hamburg on Saturday.

Resources

  • A prototype model for web application fingerprinting: w3 scrape – resources.infosecinstitute.com

    Web application fingerprinting is one of the most important aspects of the information gathering phase of ethical hacking. This allows us to narrow down the criteria instead of playing around with a large pool of possibilities. Fingerprinting simply means identification of objects using a certain methodology.

  • bAdmin Project – The “bad admin” project – whitehatsec.com

    WhiteHat provides this informational database as a public service to all members of the Web Security Community.

  • 10 Skills Needed to be a Successful Pentester – blog.securiteam.com

    Mastery of an operating system. I can’t stress how important it is. So many people want to become hackers or systems security experts, without actually knowing the systems they’re supposed to be hacking or securing.

  • Password Analysis of Journal News LoHud Subscriber Database Dump – cyberarms.wordpress.com

    As usual, I like to take sanitized lists (user account information stripped) of public password dumps and analyze them for password strength and patterns.

  • Root Certificate Authority research – 0xdabbad00.com

    asteriskpound on reddit has pointed out a flaw in how I determine the root certifcate, and how I calculate the length of the certificate. The flaw is that I thought that the last certificate in the “certificate chain” from openssl’s output would always be the root of the chain, but actually this “chain” can be very broken (as is the case with me thinking www.olivenoel.com had 21 certificates in it’s chain).

Tools

  • Be Off the Beaten XPath, Go Blind – blog.spiderlabs.com

    XPath (XML Path Language) is a language used to query XML documents in order to extract data. XML files are commonly used to store information on the server and particularly configuration settings.

  • Jingle BOFs, Jingle ROPs, Sploiting all the things with Mona v2!! – corelan.be

    Ho Ho Ho friends, It has been a while since we posted something on the Corelan Team blog, I guess we all have been busy doing … stuff and things, here and

  • Padding oracle attacks: in depth – skullsecurity.org

    This post is about padding oracle vulnerabilities and the tool for attacking them – “Poracle” I’m officially releasing right now. You can grab the Poracle tool on Github!

  • Username Anarchy – morningstarsecurity.com

    This is useful for user account/password brute force guessing and username enumeration when usernames are based on the users’ names. By attempting a few weak passwords across a large set of user accounts, user account lockout thresholds can be avoided.

  • Pentest Geek WordPress Pingback Portscanner Metasploit Module – pentestgeek.com

    The latest version of WordPress, version 3.5 was recently released on December 11, 2012. This latest version of WordPress comes pre-packaged with the XML-RPC interface enabled by default.

Techniques

Vendor/Software Patches

  • ColdFusion servers
  • Happy New Year Analysis of CVE-2012-4792 – blog.exodusintel.com

    A new year has arrived and, although a little late, the time has come for me to unpack the present that Santa gave to the Council on Foreign Relations this Christmas. Quite a few blogs have already been written in this issue that has gotten CVE-2012-4792, including one by Microsoft, but that didnt stop me from doing my own analysis.

Vulnerabilities

  • SQL injection vulnerability hits all Ruby on Rails versions – h-online.com

    An SQL Injection vulnerability has been found in Ruby on Rails that affects all versions of the web framework. The problem was originally discovered by a researcher who used it to bypass Ruby on Rails user authentication

  • EMET 3.5: The Value of Looking Through an Attacker’s Eyes – isc.sans.edu

    So it’s probably worth talking about the recent IE 8.0 0-day. While the use-after-free exploit specifically targets IE 6 through IE 8 web browsers, its worth of mentioning because of its widespread use in targeted attacks seen in the US, China, and Taiwan.

  • New year and new CA compromised – isc.sans.edu

    In december 24 2012, google detected a non-authorized certificate for the google.com domain. After investigations, it was confirmed that Turktrust Inc incorrectly created two subsidiary certificate authorities: *.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org.

  • what’s the deal with the cisco phone eavesdropping hack? – terminal23.net

    A few weeks ago a new physical attack against Cisco phones was announced

    [YouTube clip]. A few days ago, this was detailed further in a 29C3 presentation by Ang Cui and Michael Costello [YouTube clip].
  • iOS Hubris Security Aegis – securityaegis.com

    This is absurd people. I have seen a few articles recently praising iOS6 for its security. It’s become a bit of broken record lately.