Events Related:
- Conference swag
- Metasploit Express crucial to win in South Florida ISSA Hack the Flag – rapid7.com
Seven teams participated, defending systems running a variety of off-the-shelf services such as HTTP, SSH, FTP, while attempting to take control of other teams’ systems.
Resources:
- BlackHat 2010 – Slides / Paper / Rest. – thinkst.com
This year my talk was 50 minutes long (i wasn’t convinced that the topic could hold interest for longer periods), and my keynote deck was made up of 38 slides. - 20 Critical Security Controls – sans.org
The 20 Critical Controls are the most effective processes that organizations use to stop computer attackers from gaining entry to systems and networks, or to mitigate damage from attackers who get in. - SQL Injection Cheat Sheet – mavituna.com
Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences. - Reverse Engineering over Acrobat Reader using Immunity Debugger (RECON) – securitytube.net
Blind scanning using generic fuzzers and automated generic tools don’t have a significant level of success anymore. - Constricting The Web: Post Black Hat – neohaxor.org
The basic premise of our talk is that web architectures and technology are getting far more complicated and it is not sufficient just to run a vulnerability scanner on an application and call it done. - How to Render SSL Useless – threatpost.com
In this video from the OWASP AppSec Research conference in Sweden, security researcher Ivan Ristic of Qualys discusses practical methods for breaking SSL. - ClamAV for Windows – clamav.net
ClamAV for Windows utilizes advanced Cloud-based and community-based detection methods. - Is My Mail Secure? – ismymailsecure.com
Secure email transfers rely not only on the security of the connection between the mail client (email program) and the email server (or a secure webmail site in the browser), but also on secure connections between servers. - iPen: Hacking with the iDevice – nickmpetty.com
So this article/how-to/whatever is just that. A document of my experiences turning my iPod Touch into a all-in-one hacking/penetration-testing platform. - Steam Hardware & Software Survey: July 2010 – steampowered.com
Steam collects data about what kinds of computer hardware and software our customers are using.
Tools:
- MetasploitExpress::Parser – spl0it.wordpress.com
I coded for around 4 hours at Defcon and MetasploitExpress::Parser was ready before his presentation on Sunday. - Metasploit Java Meterpreter Payload – exploit.co.il
It is not fully implemented into the framework yet and in order to get it up and running some manual tweaking is needed. - RSMangler – Keyword Based Wordlist Generator For Bruteforcing – darknet.org.uk
The main new feature is permutations mode which takes each word in the list and combines it with the others to produce all possible permutations (not combinations, order matters). - Websecurify 0.7 – websecurify.com
This version contains numerous improvements including user interface changes, faster, more stable testing platform, among others. - Blind Elephant: A New Web Application Fingerprinting Tool – sans.edu
The tool uses the same techniques I’ve been using for a few years now, manually or through custom scripts, during web-app penetration tests to identify the available resources on the web application, and based on them, categorize its type and fingerprint its version. - Mobius Forensic Toolkit – freshmeat.net/projects/mobiusft
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. - cvechecker – cvechecker.sourceforge.net
The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. - Microsoft Baseline Security Analyzer 2.2 – filehippo.com
Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. - nmapsi4 0.2 beta3 released – nmapsi4.org
New nmapsi4 0.2 beta3 is out! - Blockfinder – github.com/ioerror/blockfinder
- Contrary to popular media claims, blockfinder is a simple text based console tool that returns a list of netblocks for a given country.
- FGET V1.0 Goes Live!! – hbgary.com
It’s primary function is collecting sets of forensicly interesting files from one or more remote windows machines. - skipfish 1.58b – code.google.com/p/skipfish/
A fully automated, active web application security reconnaissance tool. - Virtualization ASsessment TOolkit (VASTO) – nibblesec.org
VASTO is a Virtualization ASsessment TOolkit, a collection of Metasploit modules meant to be used as a testing tool to perform penetration tests or security audit of virtualization solutions. - Fast-Track v4.0.1 released – secmaniac.com
Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network.
Techniques:
- Creating a OS X Live IR CD-ROM – irhowto.wordpress.com
When building your incident response disk, you must copy the binary files to the CD-ROM along with the required libraries. - Scanning IPv6 Enabled Hosts – carnal0wnage.attackresearch.com
Nmap will scan IPv6 enabled hosts if you pass it the -6 switch, but only does TCP Connect scans and no OS identification, which makes sense because OS identification uses nuances of ipv4 responses. - Metasploit VxWorks WDB Agent Attack Automation – thesauceofutterpwnage.blogspot.com
My initial goal was to look at other possible vectors of exploitation, i.e., the boot flag manipulation. - Fix for Windows batch script arguments handling “feature” – skypher.com
Windows is full of “features” that probably seemed like a good idea at the time but which turn out to be a mayor pain in certain situation. - Quick introduction to using the SHODAN API – surtri.com
I released a simple JSON-based API for SHODAN today and thought I’d give some basic pointers on how to use it. - SET (Social Engineer Toolkit) PDF’s x AntiVirus & Scoring System – spookerlabs.blogspot.com
Since Social Engineer Toolkit aka SET is being using in the wild I solved to create their pdf’s and tests against AntiVirus Vendors and against new detection scoring based on Spiderlabs Research. - Using Scapy to Select a Range of pcap Records – packetstan.com
At first I thought of using tcpdump to select some records and write only those records to a new output file and reading the new output file into Wireshark. - Attacking and fixing the Microsoft Windows Kerberos Login Service -secgroup.ext.dsi.unive.it
The attack allows a malicious user to physically login on a target host in a Kerberos-based network, under the assumption that he knows a valid user principal and has the ability to manipulate network traffic. - Intercepting .NET SQL queries at runtime – codeproject.com
The purpose of this article is to show how with a quick knowledge of assembler language and pointers, the possibility to extract useful information without have the source code for any app. - Bypassing Restrictive Proxies Part 2, Modified Windows Shell via Metasploit PassiveX – grey-corner.blogspot.com
Since use of this method involves replacing some core Metasploit modules with modified versions, I was looking for some neater way of doing the integration required. - Using Cookies For Selective DoS – ha.ckers.org
One of the things Josh Sokol and I talked about in our presentation at Blackhat was a way to use over-sized cookies to cause a DoS on the site. - Using Cookies For Selective DoS and State Detection – ha.ckers.org
Well if the attacker can set a cookie with a particular path to a single image on the site, for instance, they can use JavaScript to check with an onerror event handler to see if the image has loaded.
Other News:
- Network Solutions Pwned By A Mere Widget
Hundreds of thousands of Web sites parked at NetworkSolutions.com have been serving up malicious software thanks to a tainted widget embedded in their pages, a security company warned Saturday.- More than 500,000 (or 5,000,000 according to Yahoo) Network Solutions parked domains actively serving malware – armorize.com
- SMCI widget and growsmartbusiness.com by Network Solutions still serving malware, part 1/3 – armorize.com
- NetworkSolutions Sites Hacked By Wicked Widget – krebsonsecurity.com
- 5 million domains serving malware via compromised Network Solutions widget – net-security.org
- Wi-Fi Aerial Surveillance Platform, WASP drone – suasnews.com
Using off the shelf equipment and an opensource autopilot, the Ardupilot a group of hackers have created an airborne platform designed to sniff out WiFi networks. - Study Reveals 75 Percent of Individuals Use Same Password for Social Networking and Email – securityweek.com
The study also revealed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts. - Alex Hutton on the Verizon Data Breach Investigations Report – threatpost.com
Dennis Fisher talks with Alex Hutton of the Verizon Business RISK team about the new Data Breach Investigations Report, the involvement of the Secret Service in this year’s report and the need for more and better data on attacks and successful defenses. - HP buys Fortify
HP has announced that it is acquiring Fortify Software, makers of security analysis and assurance tools for application developers.- HP to acquire Fortify Software – h-online.com
- HP picks up Fortify for ~$250M – imperva.com
- Intel to Acquire McAfee – marketwatch.com
Purchase of all of McAfee’s common stock for $48 per share in cash, valuing the deal at approximately $7.68 billion. McAfee will operate as a wholly-owned subsidiary, reporting into Intel’s Software and Services Group. - Social Engineering 101 (Q&A) – cnet.com
Today, people get duped over the phone, but also over e-mail and via Facebook and other online avenues. - Owning Virtual Worlds For Fun and Profit – threatpost.com
The great thing about this is that instead of an exploit being an email attachment, or malformed web page, the exploit may take a physical presence inside the virtual world. - The Most Dangerous Man in Cyberspace – rollingstone.com
The American hacker behind Wikileaks fights repressive regimes around the world. Now he’s on the run from his own government. - Your Password Should Be at Least 12 Random Characters Long to Be Safe – lifehacker.com
According to a study at Georgia Tech Research Institute, your password should be at least 12 random characters long (and include letters, numbers, and symbols) if you want to consider yourself safe from brute force password hacks. - Radio Frequency Identification Tags: Identity Theft Danger or Modern Aid? – pbs.org
In a recent NewsHour report on cybersecurity, we showed security expert Chris Paget, shown above, climbing on a 29th floor hotel balcony in Las Vegas to demonstrate how he could read radio frequency identification tags at “long distances.” - WinMHR: (Re)Introducing the Malware Hash Registry – krebsonsecurity.com
First, it is designed to supplement — not replace — anti-virus software. - (More) (Massive) Plagiarism in Security Books – mcgrewsecurity.com
With three books in the past year having a significant amount of plagiarism, I figured this would be a good time to share a little bit of my own commentary on the situation. - Researcher Cracks ReCAPTCHA – darkreading.com
Homegrown algorithms for cheating Google’s reCAPTCHA released earlier this month. - TECHNICAL BULLETIN: Jackpotting ATMs – atmequipment.com
Hantle (formerly Tranax) and Triton have recently released technical bulletins regarding the recent ‘hacking’ demonstration reported from the Black Hat conference. - Hoff’s 5 Rules Of Cloud Security… – rationalsurvivability.com
Cloud is only rocket science if you’re NASA and using the Cloud for rocket science. - Commercial web scanners and the word “suck” – lcamtuf.blogspot.com
Let’s begin with a relatively uncontroversial observation: we simply don’t know how to build decent web application scanners today – be it in the commercial or the open source world.
Leave A Comment