Event Related

  • Offensive Defense – blog.ioactive.com
    I presented before the holiday break at Seattle B-Sides on a topic I called “Offensive Defense.” This blog will summarize the talk. I feel it’s relevant to share due to the recent discussions on desktop antivirus software (AV)
    [1], [2],[4], [3]

Resources

Tools

Techniques

  • BeEF Live – The quick and easy way to get your BeEF – blog.beefproject.com
    By far the most common queries or issues our users encounter is how to get BeEF dependencies running with a minimum of hassle on their systems. While our installation guide includes instructions for most *Nix distributions, we also put together a LiveCD which includes a working install or BeEF, Metasploit and sqlmap.
  • Exploiting printers via Jetdirect vulnerabilities – viaforensics.com
    A few weeks ago, I had the opportunity to test various printer models in order to better understand how they function. The tests revealed some interesting bugs worth sharing.
  • Pwning Through HTTP Headers Manipulation Scenarios – Part1 – pentesterlab.ir/blog
    Edition and manipulation of HTTP headers values in a penetration test help us for get access quickly and implemented in a different platform, so in this article we talking about some scenarios that formed in header based attacks.
  • Hacking like it’s 1985: Rooting the Cisco Prime LAN Management Solution -community.rapid7.com
    On January 9th Cisco released advisory cisco-sa-20130109 to address a vulnerability in the “rsh” service running on their Cisco Prime LAN Management Solution virtual appliance. The bug is as bad as it gets – anyone who can access the rsh service can execute commands as the root user account without authentication.
  • Heap Layout Visualization with mona.py and WinDBG – corelan.be
    Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime.

Vendor/Software Patches

  • Confirmed: Java only fixed one of the two bugs. – immunityproducts.blogspot.com
    One of things we tend to do when preparing our Java exploitation training as part of the INFILTRATE master class, is to analyze the past and the present in order to not only teach the specifics of exploitation but to build in our students their offensive “intuition”.
  • Hard coded encryption keys and more WordPress fun – pentestgeek.com
    The vulnerability was recently fixed before the new year (12/27/12), via an auto-update in the Razer Synapse software but we figure there are probably at least a few configuration files still sitting out there.
  • Security update: Hotfix available for ColdFusion – adobe.com
    Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
  • Update to the Metasploit Updates and msfupdate – community.rapid7.com
    In order to use the binary installer’s msfupdate, you need to first register your Metasploit installation. In nearly all cases, this means visiting https://localhost:3790 and filling out the form.
  • MySQL File System Enumeration – UPDATED – pauldotcom.com
    The scenario goes like this. I found a Windows 7 machine running a MySQL database configured with a username of “root” and a password of “root”.

Other News