Events Related:
- Security BSides Las Vegas announcements – uncommonsensesecurity.com
The first few talks confirmed are great and there are plenty more killer talks to be announced. - KartCon2010 – owasp.org
RSVP now to the 5th Annual OWASP KartCon 2010! - Penetration Testing Summit 2010 – tenablesecurity.com
The SANS Penetration Testing Summit was held this year at the Hyatt Baltimore in Baltimore, MD on June 14 – 15 and was focused on “What Works in Penetration Testing”.
Resources:
- Metasploit 101 – darknet-consulting.com
Are you a security professional that needs to learn the basis of metasploit but haven’t found a source? - Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10 – irongeek.com
What I’m attempting to do with Mutillidae is implement the OWASP Top 10 in PHP, and do it in such a way that it is easy to demonstrate common attacks to others. - Have you ever configured your Adobe Flash Player? – f-secure.com
Flash’s settings are rather curious as the controls themselves aren’t located on the computer but are instead accessed through a Flash object hosted by Adobe. - Internet Fraud Alert – ifraudalert.org
Internet Fraud Alert creates a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online to the appropriate institution responsible for that account. - Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish – jukt-micronics.com
To its credit, Chained Exploits: Advanced Hacking Attacks from Start to Finish is fairly well written. - Insecure 26 Now Available – net-security.org
Insecure 26 is available, and as usual, has plenty of interesting articles such as a lengthy one on analyzing Flash content for vulnerabilities. - Penetration Testing versus Vulnerability Scanning – plynt.com
Penetration Testing is usually referred to testing by an ethical hacker to break into a target network with limited information about the said network.
Tools:
- THC-Hydra – freeworld.thc.org
A very fast network logon cracker which support many different services - THC-IPV6 – freeworld.thc.org
A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. - Onapsis Bizploit – ERP Penetration Testing Framework – darknet.org.uk
Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of ERP systems. - Astalanumerator 0.7 – thespanner.co.uk
This version contains various CSS fixes and tracks each object within links and via the astalanumerator object. - WATOBO – THE Web Application Toolbox – sourceforge.net/apps/mediawiki/watobo/
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. - Web Historian: Reloaded – mandiant.com
This release is a complete rewrite and revamp of our very popular web history extraction tool. - Websecurify 0.6RC2 Is Available for Download – websecurify.com
0.6RC2 fixes several bugs detected during the 0.6RC1 stage (thanks for the bug submissions), improves on the UI and introduces more internal changes to simplify and enhance future developments of the platform.
Techniques:
- Turning XSS into Clickjacking – ha.ckers.org
Those of us who do a lot of work in the security world have come to realize that there is a ton of cross site scripting (XSS) out there. - Interpolique – recursion.com
Generic security flaws were supposed to go away with memory safe languages. - A Zero-day Connection – symantec.com
While investigating the recent Adobe Remote Code Execution Vulnerability, we came across some interesting similarities to the malware and shellcode that were used in the ‘iepeers.dll’ Remote Code Execution tacks from March 2010. - Meterpreter for Pwned Home Pages – metasploit.com
About a year ago, while looking through various buggy, backdoored PHP shells, I decided it might be useful to have some of Meterpreter’s networking features in the web’s most pwnable language. - Lighttpd and Slowloris – ha.ckers.org
I had heard various different reports from people who use lighttpd during the initial investigation of slowloris that it was not vulnerable.
- SANS PenTest Summit slides
- “Goal Oriented Pentesting” slides from @Jabra – spl0it.org
- “Post Exploitation: Doing the happy dance and more” slides from @pauldotcom – pauldotcom.com
- “Penetration Test Automation” from @hdmoore – metasploit.com
- New Whitepaper: JBoss AS – Deploying WARs with the DeploymentFileRepository MBean – blogs.23.nu/RedTeam
It explains how to deploy WAR files with the DeploymentFileRepository MBean and how this is even possible with Cross Site Request Forgery (CSRF). - Episode #99: The .needle in the /haystack – commandlinekungfu.com
I whipped up a quick some PowerShell to give me a quick overview of the file types in the directory tree. - Browser headers and information leaks – attackvector.org
In this post, I point out a few browser headers which leak information that can be used for malicious purposes. - Using DNS to Find High Value Targets – ha.ckers.org
Because companies tend to point their DNS to those SaaS providers for white labeling, often you’ll see a convergence of a lot of sub-domains all pointing to a single IP address or set of IP addresses. - Post Exploitation Pivoting with the Windows 7 Vault – securitybraindump.blogspot.com
While I generally agree with this, the emerging capabilities of attack and forensic tools that acquire volatile memory from a host (and consequently decrypted credentials), only require a bit more patience. - The Ozdok Botnet and DES Security – fortinet.com
It soon developed that the encryption used was DES (Data Encryption Standard), in ECB mode. - Brute Force with THC Hydra – attackvector.org
Sometimes the only way in is to resort to password cracking (or, “brute forcing”). I would consider this to be another one of those last resort methods that I use when all else has failed. - Clickjack Baddie Whack – symantec.com
To prevent these kinds of attacks it’s important to use caution when browsing the Web, but unfortunately this can only go so far, and it’s not really feasible to disable JavaScript altogether because of the key role it plays in today’s Web. - Security Risks in Asynchronous Patch Release Schedules – fortinet.com
As software becomes more complex and integrate, code becomes shared and recycled. If a security risk (vulnerability) were to be discovered and fixed in the main trunk of code, it should also be fixed through its derivatives at the same time. - Anti-waf-software-security-only-zealotry – jeremiahgrossman.blogspot.com
Recently on Twitter I asked why some people feel oddly compelled to rely upon the shortcomings of Web Application Firewalls (WAFs) as a means to advocate for a Secure Development Lifecycle (SDL). - Sharing data remotely through Metasploit – happypacket.net
I’m working on some more integration between tools, but for now I have written a db module for Metasploit’s XMLRPC engine which allows remote processes to get information from the database. - Finding Interesting Database Data – digininja.org
In one of the early chapters he discusses the Asprox Botnet and explains the way it trawls through any databases it finds looking for columns that are of a type that will take text. - DNS Sinkhole ISO Available for Download – sans.edu
Last week, during the SANSFire conference, I did a talk on DNS Sinkhole and made an ISO available for download. - XSS – f-secure.com
A typical XSS demonstration showing a funny dialog box on somebody else’s site just emphasizes how harmless such an attack looks. - Bypassing Restrictive Proxies Part 1, Encoded Executables and DNS Tunneling – grey-corner.blogspot.com
This scenario simply involves creating a vbscript file that contains an encoded copy of your chosen executable, that when run will decode the file, write it to disk, and then run it.
Vulnerabilities:
- SQL Injection Attacks Aimed at Stealing Gaming Credentials, Experts Say – threatpost.com
The mass SQL injection attack that has been ongoing for a week or so now is designed mainly to steal credentials for online games and is quite well planned and organized, experts say. - Unpatched Windows XP-related hole exploited in attacks – cnet.com
Malicious hackers were found to be exploiting a hole on Tuesday affecting Windows XP that a Google researcher disclosed last week before Microsoft had a chance to fix it, the software giant confirmed. - Bypassing ASLR and DEP under Windows – net-ninja.net
We will discuss this techniques in relation to stack based buffer overflows only for now.
Vendor/Software Patches:
- Apple plugs 28 Mac OS X security holes – zdnet.com
Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem.
Other News:
- Likejacking in Facebook
This is very similar to a campaign they ran over the weekend, where the lure was “96 hottest women”, so they either found five more, or they are just incrementing the numbers. - Offensive attacks and the World Cup 2010 – securelist.com
The cyber criminals didn’t want to lose such “good” opportunity for them and already took advantage in some ways like sending spam leading to phishing sites, to spread malware and so on. - The Untold Story of the World’s Biggest Diamond Heist – wired.com
In February 2003, Notarbartolo was arrested for heading a ring of Italian thieves. - News on the iPad fiasco at AT&T
- AT&T Breach May Be Worse Than Initially Thought – slashdot.org
- Website Vulnerability Research and Disclosure – veracode.com
- iPad hack vs. OWASP Top 10 – erratasec.blogspot.com
- AT&T is Wrong About the iPad Breach & I have code to prove it – vodun.org
- Money trumps security in smart-meter rollouts, experts say – cnet.com
In a rush to take advantage of U.S. stimulus money, utilities are quickly deploying thousands of smart meters to homes each day–smart meters that experts say could easily be hacked. - Card cloners nabbed
According to Spanish police the organization stole more than 20 million Euros, and was also involved with robbery, fraud, extortion, sexual exploitation, and money laundering.- Police Arrest 178 in U.S.-Europe Raid on Credit Card ‘Cloning Labs’ – krebsonsecurity.com
- 178 International Credit Card Fraudsters arrested – garwarner.blogspot.com
- Kaminsky Issues Developer Tool To Kill Injection Bugs – darkreading.com
Researcher’s new startup offers up new approach to preventing common SQL injection, XSS vulnerabilities in software . - Lieberman’s cyber-security bill: The good, the bad, the ugly – zdnet.com
There is little in our world today that is as poorly managed, rapidly changing and outright dangerous as “cyberspace”. - Some blog stirrings from the Wikileaks fiasco
- My .02 on Lamo – The Media Whore. – attackvector.org
- Wikileaks Source Outed To Stroke Hacker’s Own Ego – slashdot.org
- Wikileaks: a somewhat less redacted version of the Lamo/Manning logs – boingboing.net
- Researchers Find Government Site Hosting Phishing Data – threatpost.com
Phishing gangs have been getting bolder of late, and there’s no clearer evidence than the cache of phishing data that researchers at Sunbelt found on a site owned by the Paraguayan government. - New Crypto-Cracking Tool To Target Databases – darkreading.com
‘Poet’ takes advantage of commonly weak encryption-key deployment. - HTTPS Everywhere Encrypts Your Connection with Major Websites – mashable.com
It encrypts your web communication with several major websites that support — but may not default to secure — HTTPS connection. - Can Obama Shut Down the Internet? – thedailybeast.com
A new bill rocketing through Congress would give the president sweeping powers to police the Web for national-security reasons. - Huge Security Flaw Makes VPNs Useless for BitTorrent – torrentfreak.com
Millions of BitTorrent users who have chosen to hide their identities through a VPN service may not be as anonymous as they would like to be. - Did LIGATT Security’s CEO Threaten the Life of a Security Professional? – praetorianprefect.com
So how did one of these men come to threaten the lives of the other and his family? - TEHTRI-Security released 13 0days against web tools used by evil attackers – neohapsis.com
We have given new methods to counter-strike intruders with our new exploits giving you remote shells, remote SQL injection, permanent XSS and dangerous XSRF, against remote tools used by attackers. - Fighting back against web attacks – bbc.co.uk
Hi-tech criminals are not very good at securing the tools they use to attack websites, suggests research. - LIGATT’s Evans Strikes Back – praetorianprefect.com
Gregory Evans, the CEO of LIGATT Security, is not taking the criticism heaped upon himself and his firm or his latest book lying down.
[…] This post was mentioned on Twitter by Avnet SolutionsPath™, Roer.com – the Blog! and kakroo, Roer.com – the Blog!. Roer.com – the Blog! said: Security news: Week 24 in Review – 2010 – Events Related: Security BSides Las Vegas announcements uncommonsensesec… http://ht.ly/17P37J […]
Code Historian…
I found your entry interesting do I’ve added a Trackback to it on my weblog :)…
Practical suggestions , I learned a lot from the points , Does someone know where my company might be able to get ahold of a template a form version to complete ?