Resources

  • “Security Engineering” now available free online – lightbluetouchpaper.org

    I’m delighted to announce that my book Security Engineering – A Guide to Building Dependable Distributed Systems is now available free online in its entirety. You may download any or all of the chapters from the book’s web page.

  • The Anatomy of Unsecure Configuration: Reality Bites – blog.ioactive.com

    As a penetration tester, I encounter interesting problems with network devices and software. The most common problems that I notice in my work are configuration issues. In today’s security environment, we can accept that a zero-day exploit results in system compromise because details of the vulnerability were unknown earlier.

Tools

  • Effective AMF Remoting Message fuzzing with Blazer v0.3 – blog.nibblesec.org

    Blazer v0.3 includes a few interesting new features presented during my DeepSec talk, but even more important is the result of extensive testing on Windows, Mac OS X and Linux using multiple Java Runtime Environments and recent Burp Suite releases.

  • Weevely – epinna.github.com

    Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

  • Announcing Mercury v2.1 – labs.mwrinfosecurity.com/blog

    Based on the thousands of downloads we saw when Mercury v2.0 was published last December we know that you have found it to be a must have tool whether you are a security professional or app developer.

  • Stuffz – github.com
    This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
  • cfide-autopwn – ColdFusion CFIDE Directory Traversal Exploiter – code.google.com
    This program checks for the well known CFIDE directory traversal vulnerability in ColdFusion. It attempts to retrieve the password.properties located on the web server of which it is attempting to pentest.

Techniques

  • Speedtest.net
    • SpeedTest.net Pushing Java Exploit – novainfosec.com

      First of all we love SpeedTest.net. Even with its Flash-based War Games effects, it’s still our goto site when investigating slow network connections.

    • Popular Site Speedtest.net Compromised by Exploit…Drive-By STOPPED by Invincea – invincea.com

      In this blog Invincea security expert Eddie Mitchell dissects the attack against speedtest.net and shows the sophistication in how the attack uses polymorphism, uses standard encoding to evade detection of binaries it downloads, and was largely unknown to anti-virus vendors at the time of the analysis.

  • Password Cracking AES-256 DMGs and Epic Self-Pwnage – blog.whitehatsec.com

    FileVault is a full disk encryption feature utilizing XTS-AES 128 crypto. Enabling FileVault means that even if someone has physical possession of my computer, or obtains a full copy of the hard drive, they’d be the proud new owner of a cutting-edge machine, but unable to get any useful data off of it.

  • Server-Side XSS Attack Detection with ModSecurity and PhantomJS – blog.spiderlabs.com

    Client-Side JS Overriding Limitations In a previous blog post, I outlined how you could use ModSecurity to inject defensive JS into the HTML response page sent to the client web browser. The goal of this technique was to override many common JS elements that are often used by security researchers/attackers when conducting reconnaissance testing for XSS flaws.

Vendor/Software Patches

  • Evasion
    • Inside Evasi0n, The Most Elaborate Jailbreak To Ever Hack Your iPhone – forbes.com

      In Apple’s eternal cat and mouse game to control what you can and can’t run on your iOS device, score another one for the mice.

    • Evading evasi0n: iOS 6 Jailbreak Prevention – intrepidusgroup.com

      The latest iOS jailbreak was released yesterday. Called “evasi0n,” it can be used to bypass most all protections in iOS 6.1 on any device that supports it. It’s quite cool, and was certainly something I was looking forward to (since much of my work is greatly aided by working on a jailbroken device).

    • After Evasi0n, iOS Hackers Have More Exploits In Store For Apple – forbes.com

      The icon for the evad3rs’ new jailbreak app. As Apple’s engineers scramble to fix the security flaws exploited by evasi0n, the latest jailbreak tool to crack the restrictions on its iPhones and iPads, the company may be more than just one move behind the community of hackers targeting its products.

  • Adobe Flash
  • Packets of Death – blog.krisk.org

    Star2Star has a hardware OEM that has built the last two versions of our on-premise customer appliance. I’ll get more into this appliance and the magic it provides in another post. For now let’s focus on these killer packets.

Vulnerabilities

  • Lucky Thirteen
  • Operation Beebus – blog.fireeye.com

    FireEye discovered an APT campaign consistently targeting companies in the aerospace and defense industries. The campaign has been in effect for sometime now.

  • Microsoft, Symantec Join Forces to Take Down Bamital Click-Fraud Botnet – threatpost.com

    Microsoft and Symantec announced the takedown of the Bamitol botnet. The botnet was responsible for millions in click-fraud losses.

  • Security Firm Bit9 Hacked, Used to Spread Malware – krebsonsecurity.com

    Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software.

Other News