Events Related
- Outerzone 2011 Hacker Con – irongeek.com
The following are videos of the presentations from the Outerzone 2011 hacker conference.
Resources
- web.config Security Analyzer
This little beauty let’s you feed in a Web.config then it comes back and tells you everything you’ve done wrong in the world of security configuration.- web.config Security Analyzer – wcanalyzer.com
- Continuous Web.config security analysis with WCSA and TeamCity – troyhunt.com
- OWASP Top 10
If you’ve spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, you have likely utilized or referenced the OWASP Top 10.- OWASP Top 10 Tools and Tactics – resources.infosecinstitute.com
- A Deliberately Vulnerable Set of PHP Scripts That Implement the OWASP Top 10 – irongeek.com
- Focusing on the Spirit of NIST’s Guidance For Continuous Monitoring – blog.coresecurity.com
The National Institute of Standards and Technology (NIST) has regularly recommended new guidance to help give agencies a clearer deployment path to a more robust information security program. - Viewpoint Paper on Threats and Vulnerabilities – jps.anl.gov
I would go even further and argue that understanding Vulnerabilities is more powerful than understanding Threats—regardless of the relative difficulty of TAs vs. VAs. - The Key Skill-Set of Great Penetration Testers – thehackeracademy.com
For me, the difference between Keatron’s list and a great penetration tester comes down to one thing: intelligence types. Specifically, the difference between convergent intelligence and divergent intelligence.
Tools
- Metasploit VNC Password Extraction – room362.com
I ran into the same issue on Penetration Tests in the past but didn’t know much about the wacked out version of DES that RFB (the VNC protocol) was using. - Update: Inspathx r66 – code.google.com
Inspathx is a tool that uses local source tree to make requests to the URL and search for path inclusion error messages. - Update: JBroFuzz 2.5! – sourceforge.net
JBroFuzz is a web application fuzzer for requests being made over HTTP or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. - Update: Skipfish-1.85b! – code.google.com
Skipfish is a fully automated, active web application security reconnaissance tool. - Update: WhatWeb v.0.4.6! – github.com
WhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. - Pastenum – Pastebin/pastie enumeration tool – corelan.be
When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person. - The Open Pentest Bookmark Collection v1.4 – securityaegis.com
News, news, news… Hey guys and gals of the security community. We are pleased to announce the release of version 1.4 (yes 1.3 squeaked by without a blog post) of the Open Pentest Bookmarks Collection. - New SNMP Metasploit Modules – carnal0wnage.attackresearch.com
My new favorite modules (for today) are the snmp_enumusers and snmp_enumshares modules that work against windows hosts that have snmp running.
Techniques
- PenTest Perfect Storm 6: We Love Cisco! – willhackforsushi.com
In the webcast, hosted by CORE Security Technologies, we discussed attack techniques against Cisco devices, combining wireless, network and web app techniques to exploit common network architectures. - Metasploit: Adobe Flash CVE-2011 – blog.metasploit.com
Recently, I spent about a week and a half working on the latest 0-day Flash vulnerability. I released a working exploit on March 22nd 2011. The original exploit was just an attempt to get something working out the door for all of our users. - Attack using CVE-2011-0609 – f-secure.com
Attackers have been taking advantage of the situation in Japan to trick their targets into opening malicious files. These cases have used infected Excel attachments with Flash exploits. - Extracting AP names from Packet Captures – packetstan.com
Years ago, while working as a Network Engineer, I did a bit of sniffing of our wireless access points. I noticed that some access point, mainly Cisco, broadcast the Access Point’s name.
Vendor/Software Patches
- Apple releases Mac OS x 10.6.7 update – h-online.com
In the software update notes, Apple also recommends the update “for all early 2011 MacBook Pro models”. - Firefox 3 Updates and SSL Blacklist Extension – isc.sans.edu
At the heels of yesterday’s Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version. - Adobe fixes Vulnerabilities in Flash, AIR and Acrobat – h-online.com
Adobe has released updates to its Flash Player, Acrobat and Acrobat Reader products to fix related security vulnerabilities in these products that potentially allowed an attacker to compromise a system by means of a crafted SWF embedded in an Excel file.
Vulnerabilities
- SCADA: The Luigi Auriemma files
The security of critical infrastructure is in the spotlight again this week after a researcher released attack code that can exploit several vulnerabilities found in systems used at oil-, gas- and water-management facilities, as well as factories, around the world.- Interview with Luigi Auriemma of 34 0day ICS Vulnerabilities – digitalbond.com
- Italian Researcher Publishes 34 ISC Vulnerabilities – digitalbond.com
- Vulnerabilities in some SCADA server software – seclists.org
- Attack Code For SCADA Vulnerabilities Released Online – wired.com
- Another zero-day exploit for SCADA systems – h-online.com
- Advanced Exploitation of the recent Flash Zero-Day Vulnerability – blog.fortinet.com
Looking into it more in-depth, I was then able to confirm that this vulnerability is a perfect real-world example of program flow validation error.
Other News
- The Comodo Conspiracy
Thus, while an Iranian state-sponsored attack is a plausible theory, it’s not the only one.- List of Fraudulently Issued Certificates – comodo.com
- A brief introduction to web ‘certificates’ – erratasec.blogspot.com
- No Reason to Believe Comodo Attack Came from Iranian Government – erratasec.blogspot.com
- Web Browsers and Comodo Disclose A Succesful Certificate Authority Attack, Perhaps from Iran – freedom-to-tinker.com
- Comodo RA Compromise – isc.sans.edu
- Microsoft Advisory About Stolen SSL Crtificates – isc.sans.edu
- Microsoft Warns: Fraudulent digital certificates issued for high value websites – zdnet.com
- Comodo CA Compromised by Iran? – djtechnocrat.blogspot.com
- Hack Obtains 9 Certificates to prominent Websites; traced to Iran – wired.com
- SSL meltdown forces browser developers to update – h-online.com
- Phony SSL Certificates issued to Google, Yahoo, Skype and others – threatpost.com
- Fraudulent Certificates Issued by Comodo, is it time to rethink who we trust? – nakedsecurity.sophos.com
- How the Comodo Certificate fraud calls CA trust into question – arstechnica.com
- Comodo certificate issue follow up – blog.mozilla.com
- Homegrown: Rustock Botnet fed By U.S. Firms – krebsonsecurity.com
Aaron Wendel opened the doors of his business to some unexpected visitors on the morning of Mar. 16, 2011.
- HD Moore Releases His Process for Security Research – resources.infosecinstitute.com
HD Moore is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. - Industrial Control Systems: security holes galore – h-online.com
It seems that Stuxnet has given many security experts an interest in the potential holes in industrial control and SCADA (Supervisory Control and Data Acquisition) systems. - McAfee Acquires Sentrigo – securosis.com
McAfee has had a partnership with Sentrigo for a couple years, and both companies have cooperatively sold the Sentrigo solution and developed high-level integration with McAfee’s security management software.
Leave A Comment