Week 47 in Review – 2010

Events Related:

  • wXf Videos from AppSec DC 2010 – cktricky.blogspot.com
    Here are some of the videos from AppSec DC 2010 and our presentation (Seth Law, Chris Gates and I) on wXf (Web Exploitation Framework).
  • DeepSEC: Wrap-up – c22.cc
    It might not be as technical as DefCon, but DeepSEC had a good mixture of topics, and didn’t fail to deliver some unique and thought provoking content.
  • PacketWars: Hackers go head-to-head in first ever cyber sport – tgdaily.com
    What used to be a frowned upon and shady underworld of computer hackers is now emerging as a network of professionals that boasts teamwork and helps provide insight into the world of cyber security.

Resources:

Tools:

  • Websecurify Security Testing Runtime – code.google.com/p/websecurify/
    Websecurify web security testing runtime v0.8 alpha 3 is released.
  • AltoroMutual – owasp.org
    AltoroMutual is an vulnerable-by-design web application created by WatchFire (now AppScan Standard) as a demo test application for their BlackBox Scanner.
  • OWASP HTTP Post Tool – owasp.org
    This QA tool was created to allow you to test your web applications to test availability concerns from HTTP GET and HTTP POST denial of service attacks – This tool is GPLv3.
  • Ubertooth: first release – ossmann.blogspot.com
    This is a very preliminary release, but it includes the complete hardware design for Ubertooth Zero, firmware source code, and the host code needed to perform rudimentary Bluetooth sniffing as I demonstrated at ToorCon 12.
  • ScreenSpy – interactive view of remote desktops using meterpreter – metasploit.com
    The script will give an attacker the ability to view remote desktop of multiple hosts in order to use the script firefox is needed to be installed on the local machine.
  • Armitage – fastandeasyhacking.com
    Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day.
  • skipfish 1.80b – code.google.com/p/skipfish/
    High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.

Techniques:

  • SSL: the sites which don’t want to protect their users – zscaler.com
    It has been exactly a month since Firesheep was released to demonstrate the problem of session side-jacking, but these websites are still not willing to do anything about this problem.
  • Axis2 Deployer via SOAP – spl0it.wordpress.com
    At OWASP AppSecDC @willis__ and I talked about several attacks against SAP BusinessObjects. SAP BusinessObjects uses a module known as dswsbobje.war to deploy the Axis2 interface.
  • Episode #122: More Whacking of Moles – commandlinekungfu.com
    In my home town we have a college with a team who intends to compete in the CCDC Competition. The students are in control of a number of systems that are under attack by professional penetration testers (hackers) and the students need to defend the systems from the attackers.
  • Scanning for Client-Side JavaScript Vulnerabilities – watchfire.com
    For this research, we used a new IBM technology called JavaScript Security Analyzer (JSA), which performs static taint analysis on JavaScript code that was collected from web pages extracted by an automated deep web crawl process.
  • Additional Discussion of the April China BGP Hijack Incident – arbornetworks.com
    My blog post last week on the April 8th China BGP hijack incident generated significant discussion and raised additional questions in both the media and research / engineering community.
  • Metasploit with MYSQL in BackTrack 4 r2 – offensive-security.com
    With the Metasploit team moving away from sqlite3, it is vital to be able to make use of a properly threaded database. There have also been quite a number of additional database commands added to Metasploit and documentation tends to be rather sparse online when it comes to the less “glamorous” side of database management.
  • Using password cracking as metric/indicator for the organisation’s security posture – sans.edu
    The strength of passwords used is a good indication of the security posture of an organisation, considering the userid and password combination is in many cases the first and last line of defence. It is quite important to get it right.

Vulnerabilities:

  • New Windows zero-day flaw bypasses UAC – sophos.com
    The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

Other News:

Leave A Comment