Tools

Techniques

  • Porting Existing Security Tools To IronWASP Modules – blog.gdssecurity.com
    IronWASP is a high-extendable open source system for web application vulnerability testing. In this blog post Manish Saindane is going to walk through the process of porting existing security tools (with available source code) into IronWASP modules.
  • Finding Executable Hijacking Opportunities – carnal0wnage.attackresearch.com
    DLL Hijacking is nothing new and there are a number of ways to find the issue, but the best way Rob Fuller has found is a bit more forceful method using a network share. See the step by step technique.
  • IKEEXT Windows Local Privilege Escalation – rewtdance.blogspot.com
    High-Tech Bridge posted a notification of an issue affecting Vista to 2008 (the service exists in Windows 8 but rewt dance hadn’t checked it) which leads to a Local Privilege Escalation to System.
  • The Router Review: From nmap to firmware – codeinsecurity.wordpress.com
    The point of this blog post was to show just how much information you can dig out of a device without even touching it with a screwdriver, or opening a manual. Keep in mind that the techniques the author Graham Sutherland shown here should apply to many routers and other small embedded devices.

Vulnerabilities

Other News