• Research for SharePoint (MOSS) – owasp.org
  This page contains research notes on Microsoft’s SharePoint MOSS and WSS
• MS SQL – Useful Stored Procedures for SQL Injection and Ports Info – pentesticles.com
  The following post lists and describes various useful stored procedures and port information for MS SQL.
• Portable Executable 101 – a windows executable walkthrough – code.google.com
  This graphic (PDF JPG) is a walkthrough of a simple windows executable, that shows its dissected structure and explains how it’s loaded by the operating system.
• SAP Slapping – labs.mwrinfosecurity.com
  Dave Hartley delivered his “SAP Slapping” presentation at the CRESTCon and BSides London security conferences recently. The talk provides a high level overview of common SAP system vulnerabilities and misconfigurations.
• Scanning the Web with Ammonite – resources.infosecinstitute.com
  Ammonite is a Fiddler extension used to scan web applications for common vulnerabilities like verbose and blind SQL injection, OS commanding, local file inclusion, buffer overflows, format string vulnerabilities etc.
• Exploiting Windows 2008 – esec-pentest.sogeti.com
  Internal network pentesting involving domain controllers requires a few steps in order to gain domain administrator access. One of them usually requires to gain local administrator access to a workstation.

Tools

• Gason - BurpSuite Plugin’s Project – Google Project Hosting - code.google.com
  This project contains a plugin to extend BurpSuite proxy. And know you can run gason stand alone!!
• Skipfish version 2.06b Update – code.google.com
  Skipfish is a fully automated, active web application security reconnaissance tool.

Techniques

• Android
• Android Emulator, Trusted CA, and Persistent Storage – carnal0wnage.attackresearch.com
  Android periodically updates it’s SDK and somtimes when this happens, old methods for importing a Trusted CA, necessary to proxy SSL traffic, will fail and you must find a new solution.
• Update – Android & SSL Cert – carnal0wnage.attackresearch.com
  Thanks to the comments left by Zach from our last Android post here, it has been brought to my attention there is an easier way to do all of this with the latest AVD (4.0.3).
• SecurityStreet: Unsupported Browser – rapid7.com
  The purpose of this post is to point out a little-known jewel — the -m flag to meterpreter’s execute command.

Vendor/Software Patches

• Microsoft Security Bulletin
• MS12-029 – Critical : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) – technet.microsoft.com
  This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-032 – Important : Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) – technet.microsoft.com
  This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
• Bulletin Management Process and the May 2012 Bulletins - blogs.technet.com
  Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034.
• Microsoft patches 23 Windows flaws, warns of risk of code execution attacks – zdnet.com
  The Patch Tuesday batch for May 2012 covers at least 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.
• Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
  Adobe and Microsoft today each issued updates to address critical security flaws in their software.
• PHP-CGI Vulnerability Exploited in the Wild – blog.sucuri.net
  When the PHP-CGI vulnerability was disclosed, we knew it would be just a matter of days before it started to be exploited in the wild.

Vulnerabilities

• Thousands of Twitter passwords exposed – news.cnet.com
  It’s unclear who’s responsible for posting passwords for Twitter accounts to a public Web site. The exact number of accounts is also unclear, as Twitter says many are duplicates and many had already been suspended.

Other News

• FBI Warns Travelers Using Hotel Networks About New Attack – darkreading.com
  The FBI says attackers are trying to trick users into installing malware with promises of software updates.
• Sniffer tool displays other people’s WhatsApp messages – h-online.com
  WhatsApp Sniffer is an app able to display messages from other WhatsApp users connected to the same network as the app user.

• Black Hat Europe 2012 Summaries, Updates and Tools
• BlackHat Europe 2012 Day #1 Wrap-Up – blog.rootshell.be
  BlackHat is back in Europe and, this year, they moved back to Amsterdam! This edition also introduced a new format: A three-days conference with three simultaneous tracks.
• BlackHat Europe 2012 Day #2 Wrap-Up – rootshell.be
  And I’m back with my wrap-up for the second day. Here are a review of the talks I followed today. Rafal Los and Shane MacDougall spoke about “offensive threat modeling on its head”.
• BlackHat Europe 2012 Day #3 Wrap-Up – blog.rootshell.be
  They presented their research about the security of keyword managers on smartphones. It’s recommended to not use the same password across several applications or services.
• BlackHat EU 2012 Day 1 – corelan.be
  After a 2 year detour in Barcelona, BlackHat Europe has returned to Amsterdam again this year.
• BlackHat EU 2012 Day 2 – corelan.be
  Welcome back friends, at day 2 of BlackHat Europe 2012, held in the Grand Hotel Krasnapolsky in the wonderful city of Amsterdam.
• BlackHat EU 2012 Day 3 – corelan.be
  Since doing live-blogging seemed to work out pretty well yesterday, I’ll do the same thing again today. Please join in for day 3 at BlackHat Europe 2012, in a cloudy and rainy Amsterdam.
• Black Hat Europe 2012 – Day 3 – Some thoughts on sandboxes – hp.com
  I’ve always found sandboxes interesting, particularly from a cost-benefit analysis perspective. As a developer you should be writing good code, period. But when the pace of developing new functionality outpaces the ability to do complete software security analysis we see security organizations turning to sandboxing as a method of limiting the amount of damage an exploited piece of code can do.
• Update: PDFid And pdf-parser Didier Stevens – blog.didierstevens.com
  To mark the occasion of my Malicious PDF Analysis workshop at Black Hat Europe 2012, I’m releasing version 0.0.12 of PDFiD and version 0.3.9 of pdf-parser.
• 3 Key take-aways from Amsterdam [Black Hat Europe 2012] – hp.com
  This blog is coming to you live from Amsterdam, one of my favorite cities in all the world for its laid-back attitude, it’s brilliant culture, and history beyond books.  The conference has grown again, and I’m having a great time learning.
• TesserCap v1.0 (Black Hat EU 2012 Edition) Released – mcafee.com
  Foundstone’s TesserCap is a GUI based, highly flexible, interactive, point and shoot CAPTCHA analysis tool with the following features.
• Pastemon v1.6 (Black Hat EU 2012 Edition) Released – github.com
  pastemon.pl is a script which runs in the background as a daemon and monitors pastebin.com for interesting content (based on regular expressions). Found information is sent to syslog.
• Black Hat Eu 2012 – notsosecure.com
  Anyways, I was privileged to speak at yet another Black Hat. This time i was a 2nd speaker and along with Tom Forbes we presented a talk on Hacking XPATH 2.0. One question which everyone wants to know, how many times have we found it in the wild? I have seen may be around 7-8 XPath injections in real life pentests and hence I agree this is not very common.
• Black Hat Europe 2012 Briefings – blackhat.com
  BlackHat Europe 2012 presentations and materials released.
• RSA Conference 2012
• Our Five Favorite Videos from RSA 2012 – tripwire.com
  It’s been a little over a week since the conclusion of the 2012 RSA Conference and Security B-Sides. Once again we had a great time interviewing and photographing lots of really smart people about information security.
• (IN)Secure Magazine Special Edition – net-security.org
  (IN) SECURE Magazine is a free digital security, to discuss some of the hottest issues of information security. (IN) magazine has been released! This is the March 2012 special edition!
• SANS Mobile Device Security Summit Recap – spylogic.net
  What I liked most about this event was that there were plenty of “real world” talks on how enterprises are deploying and managing mobile deployments. Real in the “trenches” types of talks. Here are some of the themes that I heard throughout all the talks.
• 44Penetration Testing considered harmful today – blog.thinkst.com
  Early last year we presented at 44con with a talk titled: “Penetration Testing considered harmful today”. 44con have just released the video so we figured it was worth a quick recap (for anyone not willing to tolerate the whiny voice!)

Resources

• Building Information Security Professionals – ethicalhacker.net
  A commonly posed question, particularly among people looking to get into the information security field, is “how do I get into information security?”
• Introducing the Symantec Smartphone Honey Stick Project – symantec.com
  A while back, my wife was mugged and her purse and all its contents were stolen. When she told me, I had three questions: Are you alright? Did you cancel the credit cards and call a locksmith to change our locks? Did they get your phone? My third question was about her smartphone because smartphones today are so integrated into our lives.
• Clickjacking, Cursorjacking and Common Facebook Vulnerabilities – infosecinstitute.com
  Clickjacking is one of the most used attacks by spammers on Facebook. Almost in every month, we face a new type of clickjacking attack on Facebook. Clickjacking is a new type of attack which is performed on web applications.
• Unsung Heros (the list) – blog.c22.cc
  I’ve created the following list in no particular oder, and tried my best to categorize them as best I can. Some things fall into multiple categories, but I’m sure, like many tools, you can use them for a lot of fun things.
• Web Application Pen-testing Tutorials With Mutillidae (Hacking
  Illustrated Series InfoSec Tutorial Videos) – irongeek.com
  When I started the Mutillidae project it was with the intention of using it as a teaching tool and making easy to understand video demos. Truth be told, I never did as much with it as I intended.

Tools

• WCE v1.3beta 64bit released – ampliasecurity.com
  WCE v1.3beta 64bit released. You can download it here. The same functionality recently added to the 32bit version was added to the 64bit version.
• Canape – contextis.com
  Canape is a network testing tool for arbitrary protocols, but specifically designed for binary ones. It contains built in functionality to implement standard network proxies and provide the user the ability to capture and modify traffic to and from a server.
• Open Web Application Security Project: OWASP Hacking-Lab – owasp.blogspot.com
  Hacking-Lab is providing free OWASP TOP 10 hands-on challenges to the OWASP community. This is an inner service of GEC (Global Education Commitee) as part of the Academy Portal project.

Techniques

• Fiddler and NTLM authentication – blog.opensecurityresearch.com
  I was testing a web application recently that used NTLM (over HTTP) to authenticate users. I was using Fiddler to test the web application and ran into the following problem which was hampering / slowing down my testing.
• 64-Bit System Driver Infected and Signed After UAC Bypassed – symantec.com
  What was just a theory not so long ago is now being used in-the-wild by threats such as Backdoor. Hackersdoor and its newer variant Backdoor.Conpee. Back in December we analyzed tdpipe.sys, an infected 64-bit Windows 7 system driver.
• Pwn2Own Challenges: Heapsprays are for the 99% – dvlabs.tippingpoint.com
  In case you arent familiar with the Pwn2Own rules this year, we asked people to exploit public bugs… here’s one of them. The cve in question (cve-2010-0248) is a use-after-free vulnerability in Internet Explorer 8 found by yours truly back in 2010.
• Intro to Chrome addons hacking: fingerprinting – blog.kotowicz.net
  tldr; Webpages can sometimes interact with Chrome addons and that might be dangerous, more on that later. Meanwhile, a warmup – trick to detect addons you have installed.
• Configuring Network Level Authentication for RDP – darkoperator.com
  CredSSP first establishes an encrypted channel between the client and the target server by using Transport Layer Security (TLS). Using the TLS connection as an encrypted channel; it does not rely on the client/server authentication services that are available in TLS but does uses it for validating identity.
• Drive-by FTP: a new view of CVE-2011-3544 – blog.eset.com
  Not long ago we received interesting information from an independent security researcher from Russia, Vladimir Kropotov. (We will be presenting our joint research with him at CARO 2012). We started to research this information and found an interesting way to distribute by FTP the payload for the most common java exploit, which ESET calls Java/Exploit.CVE-2011-3544.
• Framesniffing against SharePoint and LinkedIn – contextis.co.uk
  Framesniffing technique and show how it can be used by a remote attacker to steal sensitive information from users through their web browser.

Vendor/Software Patches

• Microsoft Patch Tuesday
• March 2012 Microsoft Black Tuesday – isc.sans.edu
  Overview of the March 2012 Microsoft patches and their status.
• Strength, flexibility and the March 2012 security bulletins – blogs.technet.com
  Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority.
• MS 12-020
• Microsoft Terminal Services – aluigi.org
  The Microsoft Remote Desktop Protocol (RDP) provides remote display
  and input capabilities over network connections for Windows-based
  applications running on a server. RDP is designed to support different
  types of network topologies and multiple LAN protocols
• Details about the ms12-020 proof-of-concept leak – aluigi.org
  The ms12-020 patch was released the 13 Mar 2012 (CVE-2012-0002).
  The bug was found by me in May 2011 and reported to Microsoft by
  ZDI/TippingPoint in August 2011.
• Why We Rated the MS12-020 Issue with RDP “Patch Now” – isc.sans.edu
  Microsoft’s March 2012 “Black Tuesday” announcement included the MS12-020 patch, which fixes a vulnerability in Microsoft’s implementation of RDP.
• CVE-2012-0002: A closer look at MS12-020′s critical issue – blogs.technet.com
  Microsoft Security Research & Defense: Microsoft information on security mitigations, workarounds, and other technical leadership for better actionable guidance.
• Microsoft warns: Expect exploits for critical Windows worm hole – zdnet.com
  There’s a remote, pre-authentication, network-accessible code execution vulnerability in Microsoft’s implementation of the RDP protocol.
• MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution – exploitshop.wordpress.com
  Crash PoCs are available now by cool guys from freenode co-work.
• Microsoft confirms MAPP proof-of-concept exploit code leak – zdnet.com
  The smoking gun that the leak came from Microsoft’s information was contained in a string found in the Chinese proof-of-concept.
• RDP and the Critical Server Attack Surface – dankaminsky.com
  MS12-020, a use-after-free discovered by Luigi Auriemma, is roiling the Information Security community something fierce. That’s somewhat to be expected — this is a genuinely nasty bug. But if there’s one thing that’s not acceptable, it’s the victim shaming.
• PoC code uses super-critical Windows bug to crash PCs – theregister.co.uk
  Security watchers have discovered proof-of-concept code that attempts to exploit a high-risk Windows security hole, causing computers to crash.
• INFOCON Yellow – Microsoft RDP – MS12-020 – isc.sans.edu
  As we feared the MS12-020 bulletin from last black Tuesday caused a race for finding an exploit.
  The last few evolutions in that process cause our worries to increase significantly. In order to help raise awareness and call administrators to action, we’re raising our INFOCON to YELLOW for 24 hours.
• Exploit code published for RDP worm hole; Does Microsoft have a leak? – zdnet.com
  The code publication has set off alarm bells in the corridors at Redmond because there are clear signs that Microsoft’s pre-patch vulnerability sharing program has been breached or has suffered a major leak.
• Microsoft Security Bulletin MS11-030 – Critical : Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) – technet.microsoft.com
  This security update resolves a privately reported vulnerability in Windows DNS resolution. The vulnerability could allow remote code execution if an attacker gained access to the network and then created a custom program to send specially crafted LLMNR broadcast queries to the target systems. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the LLMNR ports should be blocked from the Internet.
• The MAPP zero-day protection scam – erratasec.blogspot.com
  In the news, it appears that Chinese hackers got hold of the secret proof-of-concept (PoC) exploit for the recent Microsoft RDP bug. The most likely culprit was Microsoft’s MAPP program, which gives PoCs to security vendors 24 hours ahead of the patch so that they update their products to protect against the bug, to provide “zero-day” protection.

Other News

• FBI Can’t Cracked Android Phones
• FBI Can’t Crack Android Pattern-Screen Lock – wired.com
  Pattern-screen locks on Android phones are secure, apparently so much so that they have stumped the Federal Bureau of Investigation.
• Google subpoenaed by FBI to access a pimps pattern-locked Samsung smartphone – nakedsecurity.sophos.com
  The story of the Pimpin Hoes Daily gang founder Dante Dears, his pattern-locked Samsung phone, the feds, google, and subpoenas. Why couldn’t the FBI get into the locked phone? Get the popcorn – this is interesting.
• Passphrases: Maybe Not as Secure as You Think – readwriteweb.com
  The conventional wisdom seems to be that passphrases are much more secure than passwords, even if the password is complex. Passphrases are likely to be more secure than …
• GCHQ-backed competition names Cyber Security Champion – bbc.co.uk
  A 19-year-old university student has been named the UK’s “Cyber Security Champion” following a competition sponsored by the intelligence agency GCHQ and several leading tech firms.
• The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say) – wired.com
  The National Security Agency’s immensely secret project in the Utah desert will intercept, analyze, and store yottabytes of the world’s communications—including yours.
• Loose-lipped iPhones top the list of smartphones exploited by hacker – arstechnica.com
  Hackers looking for a way into high-value networks often consider smartphones the chink in an otherwise hardened defense. Topping the list is Apple’s iPhone, which indiscreetly broadcasts the unique identifiers of wireless routers it has recently accessed.

DoD Cybercrime Conference 2012: January 20 to January 27 in Atlanta

ShmooCon USA : January 27 to Januaryin Washington, DC

And here are the information security events in the other parts of the world:

BSides Vienna: January 21 in Vienna

eCrime Germany: January 31 in Frankfurt

• PacSec 2011 Presented Material – pacsec.jp
  English/Japanese versions of PacSec 2011 Tokyo event last month.
• @OWASP Tokyo Webservices: Attack, defenses, and hardening – twitter.com
• Archives for ClubHack 2011 Videos – clubhack.tv
• MalCon 2011 YouTube Channel – youtube.com

Resources

• Opensecuritytraining.info Welcome Message – opensecuritytraining.info
  New open source, creative commons powered teaching portal on computer security.
• Free Commercial Security Products? – reddit.com
  I just found out that ArcSight Logger is free for personal/home use (within some reasonable log size limits), and I’m wondering what other commercial enterprise security products are also free for personal use. I don’t mean trial/eval licenses that limit the user to 15 or 30 days, I’m looking for full blown, feature-full enterprise software that is free for personal use within reasonable limits.

Tools

• Router Audit Tool (RAT) – gse-compliance.blogspot.com
  The Router Audit Tool or RAT was designed to help audit the configurations of Cisco routers quickly and efficiently. RAT tests Cisco router configurations against a baseline. After performing the baseline test, it not only provides a list of the potential security vulnerabilities discovered but also a list of commands to be applied to the router in order to correct the potential security problems discovered.
• UPDATE: Cain & Abel v4.9.43! – www.oxid.it/downloads/ca_setup.exe
  Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of  passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
• UPDATE: Ettercap 0.7.4! –  sourceforge.net/projects/ettercap/files/ettercap/0.7.4-Lazarus/
  Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. It is a suite for man-in-the-middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
• Cookie Decoder: F5 BIG-IP – blog.taddong.com
  I still remember with excitement the first time I found my first F5 BIG-IP load balancer persistent cookie, disclosing the network details of the internal hosts: IP address and TCP port. Although it was a few years ago during a pen-test, still today is very common to find them on lots of target environments.
• Announcing SQL Invader – manvswebapp.com
  Today, we announced SQL Invader, a new free GUI-based tool that enables testers to easily and quickly exploit a SQL Injection vulnerability, get a proof of concept with database visibility and export results into a csv file. In just a few clicks, users will be able to view the list of records, tables and user accounts on the back-end database.
• CSRF Scanner v1.0 Released – vulnerabilitydatabse.com
  CSRFScan is a tool designed to find CSRF security flaws on forms. The tool uses a static analysis of pages to determine if the form is protected or not. It is written in Python and published under GPL v3. This tool analyse only forms present in an authenticated session, so it needs authenticated cookies to perform the analysis.

Techniques

• VLAN Hacking How To
  In Virtual LAN or VLAN is a group of hosts communicate with each other, even thoughthey are in different physical location. Virtual LAN provides location independence to the users, able to save the bandwidth, manage the device, cost effective for the organization are some of the facilities provided by the Virtual LAN.
• VLAN Hacking - resources.infosecinstitute.com
• Reddit Thread on VLAN Hacking - reddit.com

• Shellcode Detection Using Python – dvlabs.tippingpoint.com
  DVLabs has been collecting a large number of documents and files that are flagged as malicious and we’re trying to decrease the number that we have to do a full manual analysis on. One of the methods we’re using to aid in this is shellcode detection.
• Path of Least Resistance - fishnetsecurity.com
  I (Tim Medin) do a good number of internal penetration tests, and I have found one particular series of techniques that tend to be very quick and efficient at gaining Domain Administrator-level access. Of course, the viability of this depends on the environment and the configurations, and since this technique depends on default configurations, it is usually very effective because defaults aren’t usually changed.
• Aggressive Mode VPN — IKE-Scan, PSK Crack, and Cain – carnal0wnage.attackresearch.com
  In IKE Aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a vpn client that wants to establish an IPSec Tunnel (Hash_R). This hash is not encrypted. It’s possible to capture these packets using a sniffer, for example tcpdump and start dictionary or brute force attack against this hash to recover the PSK.
• Understanding Firefox and SQLite Tables For Computer Forensics – resources.infosecinstitute.com
  I was showing off a trick to export Firefox SQLite tables to a spread sheet, and while she is a forensics person, she had never ever heard of this trick. It is neat enough to know when working off an image to pull the entire history of a Firefox user by using the SQLite table manager Firefox plugin. You can also find this plugin for Chrome that makes things just as easy. This article though will focus on SQLite and Firefox.
• SQLMap — Searching Databases for Specific Columns/Data & Extracting from Specific Columns – carnal0wnage.attackresearch.com
  So assuming we have some sort of SQL Injection in the application (Blind in this case) and we’ve previously dumped all the available databases (–dbs), we now want to search for columns with ‘password’ in them.

Vendor/Software Patches

• Microsoft Updates
  With the release of the security bulletins for December 2011, this bulletin summary replaces the bulletin advance notification originally issued December 8, 2011. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
• Microsoft Security Bulletin Summary for 2011 – technet.microsoft.com
• Microsoft Unveils new Windows Defender Offline Tool – threatpost.com

Vulnerabilities

• Adobe, Acrobat Attacks
  Malicious hackers are targeting a previously unknown security hole in Adobe Reader and Acrobat to compromise Microsoft Windows machines, Adobe warned today.
• Attackers Hit New Adobe Reader, Acrobat Flaw – krebsonsecurity.com
• New Zero-Day Adobe Attack Under Way – darkreading.com
• Newest Adobe Flash 11.1.102.55 And Zero Day Update – isc.sans.edu

Other News

• The Carrier IQ Controversy
  Security researchers who have investigated the inner workings of the Carrier IQ software and its capabilities say that the application has some powerful, and potentially worrisome capabilities, but that as it’s currently deployed by carriers it doesn’t have the ability to record SMS messages, phone calls or keystrokes.
• Researchers Say Carrier IQ Not Logging Texts or Emails, But Has Some Worrisome Capabilities - threatpost.com
• How to find out if Carrier IQ is installe din your phone with one tap – bgr.com
• All Your Shreds Belong To Us – shredderchallenge.com
  Today’s troops often confiscate the remnants of destroyed documents in war zones, but reconstructing them is a daunting task. DARPA’s Shredder Challenge called upon computer scientists, puzzle enthusiasts and anyone else who likes solving complex problems to compete for up to $50,000 by piecing together a series of shredded documents.
• Google Researchers Propose Way Out Of The SSL Dilemma – h-online.com
  In a paper entitled Certificate Authority Transparency and Auditability, Google researchers Adam Langley and Ben Laurie have proposed new measures for improving the trustworthiness of the public key infrastructure (PKI) underpinning HTTPS. The researchers’ idea is based on a public list of all certificates ever issued by certificate authorities.

BSides PDX: October 7 in Portland

SANS Baltimore: October 9 to October 15 in Baltimore

SANS NCIC: October 11 to October 15 in Washington, D.C.

SecTor: October 17 to October 20 in Toronto

BSides Montana: October 21 to October 22 in Jefferson City

SANS Chicago: October 23 to October 28 Chicago

BSides KC: October 26 in Johnson County

And here are the information security events in the other parts of the world:

SANS Gulf Region: October 8 to October 22 in Dubai

e-Crime Turkey: October 12 in Istanbul

HITBSecConf 2011 Malaysia: October 10 to October 14 in Kuala Lumpur

SANS Singapore SOS: October 10 to October 18 in Singapore

e-Crime Mid-Year Meeting: October 20 in London

BSides New Delhi: October 22 to October 23 in new Delhi

SANS Las Vegas: Septemer 17 to September 26 in Las Vegas

RAID 2011: September 20 to September 21 in Menlo Park

AppSEC USA 2011: September 20 to September 24 in Minneapolis

DerbyCon: September 30 to October 3 in Louisville

And here are the information security events in the other parts of the world:

SANS Delhi: September 12 to September 17 in Delhi

SANS Incident Response Summit: September 21 to September 27 in London

• Notes from BlackHat 2011
  Below are more than a dozen updates and resource portals for the recently concluded BlackHat conference.
• Tavis Ormandy’s Sophail Presentation – anti-virus-rants.blogspot.com
• BlackHat 2011 Presentation – sensepost.com
• Black Hat USA 2011 – f-secure.com
• BH2011: Hacking Google Chome OS – nakedsecurity.sophos.com
• BlackHat 2011: Macs in the age of the APT – nakedsecurity.sophos.com
• Beresford @ Black Hat Part 1: Details – digitalbond.com
• Beresford @ Black Hat Part 2: Guru’s, Politics, and ICS Response – digitalbond.com
• Dan Kaminsky on Black Ops of TCP/IP – slideshare.net
• Battery Firmware Hacking , Dr. Charlie Miller - accuvant.com
• Don’t Drop the Soap Real World Web Service Testing – blog.securestate.com
• How To Follow Blackhat/Defcon/BsidesLV Without Being There - blog.security4all.be
• Attacking Home Automation Networks Over Power Lines – news.cnet.com
• When Hacking Chrome it’s All About Your Data – download.cnet.com
• Microsoft Offers $250,000 for security defense research – news.cnet.com
• Researchers Warn of SCADA equipment discoverable via Google - news.cnet.com
• At BlackHat Mobile Devices Under The Microscope – darkreading.com
• Strengths And Weaknesses of Apple’s MDM Systems – intrepidusgroup.com
• BlackHat 2011 Highlight: DIY Hacking UAV
  Yesterday at Black Hat, two security researchers demonstrated how a radio-controlled model airplane outfitted with a computer and 4G connectivity could be used to create a nearly undetectable aerial hacking device that could perpetrate aerial attacks on targets otherwise unreachable by land.
• Wardriving Evolves Into Warflying - darkreading.com
• DIY Spy Drone Sniffs WiFi, Intercepts Phone Calls - wired.com
• BlackHat 2011 Highlight: The Problem With Square Card Readers
  Security researchers at the Black Hat Briefings demonstrated a method for turning purloined credit card information into cash, this time using Square, a free credit card reader that promises to turn anyone with a mobile device into a merchant capable of accepting credit card payments.
• Researcher: Square Card Reader Provides Avenue To Illicit Cash? - threatpost.com
• Researchers Find Avenues For Fraud In Square - news.cnet.com
• BlackHat 2011 Highlight: The Shocking Siemens Vulnerability
  A researcher…has discovered a number of vulnerabilities in programmable logic controllers (PLCs) from Siemens that are used to automate mechanical devices in utilities, power plants, and other industrial control environments and which could be remotely controlled to cause damage if connected to the Internet.
• Researcher demos attack on Siemens industrial control system - news.cnet.com
• Making Sense of Siemens’ Vulnerability Conflation/Confusion - digitalbond.com
• Hard Coded Passwords And Other Security Holes Found In Siemens Control Systems - wired.com
• DefCon 19
  Notes and news about DefCon 19
• Dan Rosenug Remote Kernel Exploitation Slides from DefCon 19 - vulnfactory.org
• DefCon: The Event That Scares Hackers – cnn.com
• How To Follow Blackhat/Defcon/BsidesLV Without Being There - blog.security4all.be
• 10 year old hacker finds zero day exploit in games – download.cnet.com
• Android could allow mobile ad or phishing pop ups - news.cnet.com
• Hacking Home Automation Systems Through Your Power Lines – wired.com
• DefCon Kids Join Adult Hacker Conferences – news.cnet.com
• DefCon 19 presentations (PDF) – it.toolbox.com
• How To Follow Blackhat/Defcon/BsidesLV Without Being There - blog.security4all.be
  Well, I’m one of the poor souls who couldn’t make it to the Blackhat/Defcon / SecurityBsides fun. There are some ways to follow the events in Vegas (real time). The first tool is to use twitter and follow the hashtags #defcon, #blackhat and #bsideslv. If you have a twitter account, I would recommend installing tweetdeck and setting up 3 search columns.

Resources

• OWASP O2 Platform the History So Far- diniscruz.blogspot.com
  For the past couple years I have been using this personal blog to document O2 Platform’s history. Here are the most important blog posts, ordered chronologically and with some additional comments (made in August 2011).
• Tavis Ormandy and Sophos – nakedsecurity.sophos.com
  As a security company keeping our customers safe is our primary responsibility, therefore we investigate all vulnerability reports and implement the best course of action in order to protect our customers. Recently, researcher Tavis Ormandy contacted us about an examination he was doing of Sophos’s anti-virus product – not in terms of possible vulnerabilities – but instead looking at how various components of it were implemented.
• The Scanning Legion: Web Application Scanners Accuracy Assessment & Feature Comparison Commercial & Open Source Scanners – sectooladdict.blogspot.com
  I’ve always been curious about it… from the first moment I executed a commercial scanner, almost seven years ago, to the day I started performing this research. Although manual penetration testing has always been the main focus of the test, most of us use automated tools to easily detect “low hanging fruit” exposures, increase the coverage when testing large scale applications in limited timeframes and even to double check locations that were manually tested. The questions always pops up, in every penetration test in which these tools are used.
• Damn Vulnerable Web Services – dvws.secureideas.net/downloads/index.html
  In this presentation Tom, Josh and Kevin will discuss the new security issues with web services and release an updated web service testing methodology that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and a open source vulnerable web service for the Samurai-WTF (Web Testing Framework).
• Cisco 2Q11 Global Threat Report – blogs.cisco.com
  Data breaches dominated security news during the first half of 2011 and companies across all industry sectors were equally impacted. Many of these breaches resulted from advanced persistent threats; others resulted from SQL injection and other brute force intrusions. In all cases, customer data and corporate intellectual property were at risk.

Tools

• UPDATE: Skipfish 2.03b! - code.google.com/p/skipfish/downloads/list
  Skipfish is a fully automated, active web application security reconnaissance tool.
• UPDATE: Cain and Abel v4.9.41! – oxit.it/downloads/ca_setup.exe
  Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of  passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
• UPDATE: OllyDbg 2.01 Alpha 4! – ollydbg.de/odbg201b.zip
  OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
• UPDATE: The Social Engineer Toolkit v2.0! – secmaniac.com/download
  The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
• UPDATE: Context App Tool v1! – cat.contextis.co.uk/cat/CAT_Version_1.msi
  Context App Tool or CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test.
• UPDATE: Agnitio v2.0! – sourceforge.net/projects/agnitiotool/files/
  Agnitio is a tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. It aims to replace the adhoc nature of manualsecurity code review documentation, create an audit trail and reporting.
• HTTPS Everywhere opens to all – download.cnet.com
  The security add-on for Firefox called HTTPS Everywhere (download) that forces HTTPS encryption on numerous popular Web sites has graduated to its first stable release, about a year after it was released into public beta.
• Metasploit Framework 4.0 Released! - community.rapid7.com
  It’s been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products.

Techniques

• Framebusting-the dual protection core – zeroknock.blogspot.com
  Since the outcome of ClickJacking attacks, framebusting has become the unavoidable part of web application security. Considering the real world scenario, it has been noticed that still the appropriate protections have not been placed in the plethora of websites.
• SQL Injection (Primer 1) PHP Escaping And Light Operators - zeroknock.blogspot.com
  This post talks about exploiting the SQL queries with LIKE operator in use. However, this situation and target can be specific in nature but one can use the concept that is discussed below to go after exploiting the SQL injection.
• Injecting O2 into an .NET Process, in this case IBM Rational AppScan standard – diniscruz.blogspot.com
  Of course that this is just the beginning! Now that we have the full O2 scripting capabilities inside the AppScan .NET process, there is A LOT that can be done (namely the integration with .NET Static Analysis data).
• John The Ripper Hash Formats - pentestmonkey.net
  John the Ripper is a favourite password cracking tool of many pentesters.  There is plenty of documentation about its command line options. I’ve encountered the following problems using John the Ripper.  These are not problems with the tool itself, but inherent problems with pentesting and password cracking in general.
• Stuxnet Footprint In Memory With Volatility 2.0 – mnin.blogspot.com
  In this blog post, we’ll examine Stuxnet’s footprint in memory using Volatility 2.0. A talk was given at Open Memory Forensics Workshop on this topic (see the online Prezi) and the details will be shared here for anyone who missed it.

Vulnerabilities

• Tim Thumb
  A zero-day in a very commonly used WordPress library hit quite a few news sites. The flaw is in an image utility called TimThumb which is used in a LOT of premium themes for generating on the fly thumbnails.
• Zero Day Vulnerability In Tim Thumb Image Utility Threatens Many WordPress Sites - darknet.org.uk
• Timthumb.php Security Vulnerability - r00tsec.blogspot.com
• Zero Day vulnerability in many WordPress themes – markmaunder.com

Other News

• Shady RAT Revealed!
  Computer security company McAfee has said that it has discovered a massive global cyber spying operation targeting several US government departments, the UN and other governments across the world for five years or more.
• McAfee Uncovers Massive Global Cyber Snoop – security.cbronline.com
• Global cyber espionage operation uncovered - news.cnet.com
• Shady RAT hacking claims overblown says security firm – computerworld.com
• Android Users Twice As Likely To See Malware Than Six Months Ago – news.cnet.com
  If you’ve got an Android you are 2.5 times more likely to encounter malware on the device today than six months ago, while mobile users have a 30 percent likelihood of clicking on a malicious link, according to a report released today from mobile security firm Lookout.
• Anonymous Hacks US Department of Defense: Analysis of the Attack – acunetix.com
  On the 12th of July 2011, Booz Allen Hamilton the largest U.S. military defence contractor admitted that they had just suffered a very serious security breach, at the hands of hacktivist group AntiSec. Operation Anti-Security (AntiSec) is a hacking operation, carried out by two of the biggest names in the black-hat world – Anonymous, and LulzSec.

BSides Las Vegas: August 3 to August 5 in Las Vegas

DefCon 19: August 4 to August 8 in Las Vegas

SANS Boston: August 6 to August 15 in Boston

BSides Los Angeles: August 18 to August 20 in Los Angeles

SANS Security Architecture: August 29 to August 30 in Washington, DC

SANS Virginia Beach: August 22 to September 2 in Virginia Beach.

And here are the information security events in the other parts of the world:

Chaos Communication Camp 2011: August 10 to August 14 in Finowfurt, Berlin, Germany

ReCon 2011: July 8 to July 11 in Montreal

SANSFIRE 2011: July 15 to July 25 in Washinton, DC

SOUPS 2011: July 20 to July 23 in Pittsburgh

TRISC 2011: July 24 to July 27 in Austin

PETS 2011: July 27 to July 30 in Waterloo

Black Hat Las Vegas: July 30 to August 5 in Las Vegas

And here are the information security events in the other parts of the world:

SANS Canberra: July 1 to July 9 in Canberra

SyScan China 2011: July 21 to 22 in Shanghai

SANS Tokyo Summer 2011: July 25 to July 30 in Tokyo

BSides Detroit: June 3 to June 5 Detroit

Techno Security & Digital Investigations Conference: June 5 to June 8 in Myrtle Beach

SANS What Works In Forensics and Incident Response Summit 2011: June 7 to June 15 in Austin

SummerCon: June 10 to June 13 in New York

BSides Connecticut: June 11 to June 12 in Meriden

ToorCon Seattle 2011: June 18 to June 20 in Seattle

And here are the information security events in the other parts of the world:

AthCon 2011: June 2 to June 3 in Athens

AppSec Europe 2011: June 6 to June 9 in Dublin

8th Annual CISO Summit and Roundtable: June 8 to June 10 in Rome

e Crime Cloud Security Forum: June 8 in London

BSides St. John’s: June 10 in Newfoundland

FIRST: June 12 to June 17 in Vienna

Hack in Paris: June 14 to June 17 in Paris

Nuit du Hack: June 18 to June 19 in Paris

NinjaCon/BSides Vienna: June 18 in Vienna

SANS Malaysia: June 27 to July 2 in Cyberjaya Selangor

i-Society 2011: June 27 to June 29 in London