Events Related:
- The Ninth Workshop on the Economics of Information Security (WEIS 2010) – econinfosec.org
Program for the upcoming Harvard security event. - HackMiami Pwn-Off – n00bz.net
Time to fire up the test machines because we have a battle royal. - Workshop on the economics of information security 2010 – lightbluetouchpaper.org
The workshop kicked off with a keynote talk from Tracey Vispoli of Chubb Insurance.
Resources:
- Past, Present, Future of Windows Exploitation – abysssec.com
This is v0.1 of this post and in this post i’m going to have a review and brief history on exploitation with focus on windows. - Additional notes in PHP source code auditing – abysssec.com
Today, I decide talk about some of my experience about methods of vulnerability discovery techniques through source code auditing.
Tools:
- New Memoryze, Audit Viewer, and Training – mandiant.com
The new version of the software includes all of the memory analysis features that are available in the newly released MANDIANT Intelligent Response (MIR) 1.4. - Poet cracks server-encrypted session data
Two researchers have released a tool which can be used to crack web server-encrypted session data contained in cookies and parameters hidden in HTML pages.- Padding Oracle Exploit Tool – netifera.com
- Tool for cracking encrypted session data – h-online.com
- DirBuster Dictionary Populator – 0x0lab.org
Dirbuster and dirb are in the toolset of all web application security fans. - DIRB – dirb.sourceforge.net
DIRB is a tool for automating the search of (normally hidden) web applications. - Try Metasploit Express Edition – rapid7.com
Metasploit Express Edition was specifically designed for penetration testers and security professionals, addressing many of the key limitations of the existing market. - Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool – darknet.org.uk
Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist. - ArpON 2.0 released! – arpon.sourceforge.net
ArpON (Arp handler inspectiON) is a portable handler daemon that make Arp secure in order to avoid Arp Spoofing/Poisoning & co. - Wireshark 1.2.9, 1.0.14, and 1.4.0rc1 Released – wireshark.org
Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. - Samurai Web Testing Framework v0.8 Released – Pen Testing Security LiveCD – darknet.org.uk
This is quite a major release with the integration of metasploit, target applications and tons of tool updates.
Techniques:
- Evocam Remote Buffer Overflow on OSX – offensive-security.com
After discovering a buffer overflow vulnerability in EvoCam, a WebCam application on OS X, I thought it would be a good idea to try and develop an exploit for it. - Bypassing Safari 5 XSS Auditor – 0x0lab.org
It took me just under a couple of minutes to discover that the following bypassed the filter just fine. - Can All Mozilla People Look Away Now Please – thespanner.co.uk
Custom setters syntax are being removed from Firefox in the next version. - SensePost Corporate Threat(Risk) Modeler – sensepost.com
The original principle behind the tool, first released in 2007 at CSI NetSec, was to throw out existing threat modeling techniques and start from scratch.
Vulnerabilities:
- Exploit.PDF-Dropper.Gen – f-secure.com
Our telemetry indicates that several thousand customers have already been exposed to the exploit. - June security bulletins
Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important.- Assessing the risk of the June Security Bulletins – technet.com
- Microsoft Patch Tuesday – June 2010 – symantec.com
- June 2010 Security Bulletin Release – technet.com
- Microsoft Security Bulletin MS10-032 – Important – microsoft.com
- Microsoft Security Bulletin MS10-033 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-034 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-035 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-036 – Important – microsoft.com
- Microsoft Security Bulletin MS10-037 – Important – microsoft.com
- Microsoft Security Bulletin MS10-038 – Important – microsoft.com
- Microsoft Security Bulletin MS10-039 – Important – microsoft.com
- Microsoft Security Bulletin MS10-040 – Important – microsoft.com
- Microsoft Security Bulletin MS10-041 – Important – microsoft.com
- MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege – technet.com
- MS10-035: Cross-Domain Information Disclosure Vulnerability – technet.com
- MS10-041: XML Signature HMAC Truncation Bypass Vulnerability – technet.com
- Adobe Zero-Day in the Wild
We have received notification that a proof of concept (POC) has been found in malware taken from the wild and is currently being exploited.- Adobe POC in the Wild – sans.edu
- Analysis of a Zero-day Exploit for Adobe Flash and Reader – symantec.com
- Flash Player + VMware = Vulnerability – fortinet.com
- The Help Center Vulnerability
The vulnerability allows bypassing checks normally performed when helpctr.exe receives the “-FromHCP” command-line parameter when opening an HCP URI.- Help and Support Center vulnerability full-disclosure posting – technet.com
- Googler releases Windows zero-day exploit, Microsoft unimpressed – zdnet.com
- Microsoft Windows helpctr.exe Unofficial Hotfix Inadequate – secunia.com
- Windows Help Centre Vuln – ha.ckers.org
- Mass SQL Injection Attack Hits Sites Running IIS – threatpost.com
There’s a large-scale attack underway that is targeting Web servers running Microsoft’s IIS software, injecting the sites with a specific malicious script.
Vendor/Software Patches:
- Microsoft Patches IE Flaw Used In Attack That Bypassed Its Built-In Security Controls – darkreading.com
Winning ‘Pwn2Own’ flaw was memory corruption bug, its patch among 10 released by Microsoft today. - New Adobe Flash Version Plus Security Holes
As promised, Adobe has released a new version of its Flash Player software to fix a critical security flaw that hackers have been exploiting to break into vulnerable systems.- Security Bulletin – Adobe Flash Player – adobe.com
- Adobe Flash Player 10.1 Finalized, You Can Download Now – gizmodo.com
- Adobe Flash Update Plugs 32 Security Holes – krebsonsecurity.com
Other News:
- Military officer arrested in light of Wikileaks whistle blowing
High-profile hacker Adrian Limo turned over SPC Brad Manning after the latter allegedly delivered classified US military document to Wikileaks. - Big breach exposes email addresses of A-list iPad users
A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. - Hiring Hackers – schneier.com
Would you hire someone convicted of a computer crime to fill a position of trust in your computer network? - CERT’s role still unclear: government-owned and operated national CERT – theaustralian.com.au
Defence Minister John Faulkner launched CERT Australia in January, with the opening of a Cyber Security Operations Centre in the Defence Signals Directorate. - Drupal clarifies security rules after White-House gaper – theregister.co.uk
Webmasters running unfinished modules for Drupal do so at their own risk after the open-source CMS updated its guidelines on fixing security vulnerabilities. - Fierce 2.0 To Be Released – ha.ckers.org
Jabra completely re-wrote Fierce, taking in my wish-list and a whole new set of features he wanted, like XML support to quickly integrate with nmap and all kinds of other stuff. - Tool Automates Social Engineering In Man-In-The-Middle Attack – darkreading.com
Researchers demonstrate attack that dupes victims in online chats. - IRC server had backdoor in source code for months – Update – h-online.com
The backdoor allows anyone to execute commands on the server running UnrealIRCd, with the privileges of the user running the IRC daemon, even if the IRC server is a hub or requires passwords to access it normally.
Leave A Comment