- OWASP AppSec 2011
Capture The Flag briefings
- Whitepaper “Python Arsenal For Reverse Engineering” – dsecrg.com
This whitepaper (beta release) is a collection of various Python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. The collection consists of more than 40 projects. This document is intended to show the power of Python for RE and also an attempt to systematize a knowledge of the python for RE. This document is useful for beginners and advanced professionals of RE.
- Australian Department of Defence – iOS Hardening Configuration Guide – djtechnocrat.blogspot.com
Parts of this guide refer to features that require the engagement of the technical resources of your telephony carrier, firewall vendor, or Mobile Device Management vendor. While every effort has been made to ensure content involving these third party products is correct at the time of writing, you should always check with these vendors when planning an implementation.
- Smartphone Whitepapers – iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html
Smartphone (iOS, Android, Blackberry, Windows) guidance documents.
Skipfish is a fully automated, active we application security reconnaissance tool. Its key features are high speed, ease of use, and cutting edge security logic.
- UPDATE: Skipfish 2.01b! – code.google.com/p/skipfish/downloads/list
- UPDATE: Skipfish 2.02b! – code.google.com/p/skipfish/downloads/list
- UPDATE: SQLNinja 0.2.6-rc1! – sourceforge.net/projects/sqlninja/files/sqlninja/
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
- UPDATE: Risu v1.4.5! – github.com/hammackj/risu/archives/master
Risu is a Nessus parser, that converts the generated reports into a ActiveRecord database, this allows for easy report generation and vulnerability verification.
- UPDATE: BeEF v0.4.2.7-alpha! – code.google.com/p/beef/downloads/list
BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
- UPDATE: ZAProxy v1.3.1! – code.google.com/p/zaproxy/downloads/list
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
- Vega – Open Source Cross Platform Web-Application Security Assessment Platform – darknet.org.uk
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
- TLSSLed v1.1 – blog.taddong.com
A few weeks ago we released TLSSLed v1.0 with the goal of helping organizations to test their SSL/TLS (HTTPS) implementation for common flaws and misconfigurations. Today, we release an updated version, v1.1, that includes some additional tests.
- Durandal: A Distributed CPU/GPU Hashcracker! – durandal-project.org/download.html
Durandal is a distributed GPU/CPU computingsoftware that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment x64 platforms.
- Sniffer files – github.com/sirg3/Sniffer
Sniffer is an unoriginally-named packet sniffer with the unique ability of determining which application a packet is coming from (or going to). At the moment it is little more than a prototype to prove that the idea works.
- WebSurgery: A Web Application Secuity Toolkit – www.surgeonix.com/blog/downloads/websurgery/websurgery.zip
It is a suite of tools for security testing of web applications. It is designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer and Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms.
- Twitter Archiver – blog.stalkr.net
Twitter is great to get and share information, quickly. But it is all web 2.0 and you cannot use a simple cat or grep to view or search your tweets. I would like to have tweets saved in simple text format: date, user, text – one per line. So here comes Twitter Archiver, a small python script using PTT to archive any public timeline of tweets, in simple text format. Script: archiver.py, patch: archiver.diff.
- Shellcode Anatomy
Hackers are becoming more sophisticated and are investing resources to evade anti-malware detection. As recent breaches have shown, hackers are already seeing the fruits of their labor. In these spear-phishing attacks, the hacker gained access by sending out files (whether PDF, Excel or Word docs) to company employees. All that was needed was a single individual to open that file – and the attacker penetrated the organization.
- Part I of IV – blog.imperva.com
- Part II of IV – coming next week!
- Detecting LDAP Injections – rapid7.com
It all started to go wrong when Web applications started to replace internal desktop applications in many companies around the globe and one manager proposed: “We should authenticate access to this application using our Active Directory!”
- Reversing Jailbreakme.com 4.3.3 – intrepidusgroup.com
Wednesday, @comex came out with a new user-level jailbreak available on jailbreakme.com. I wanted to understand exactly how this exploit is able to get root so easily. Here is my workflow, and preliminary analysis of the exploit.
- Decoding Data Exfiltration – Reversing XOR Encryption – crucialsecurityblog.herris.com
One of the first and most important questions that intrusion analysts are asked after a network attack is “did they steal anything?”. And if so, “what did they take?”. Often, this is also one of the most challenging questions to answer when the analyst only has a post-intrusion forensic image to work with. Frequently, the analyst’s primary objective becomes identifying and locating data exfiltration files.
- SRF Exploit for Joomla 1.6.3 or Lower – sectechno.com
New exploit has been published that are targeting Joomla 1.6.3 or lower version the vulnerability allow an attacker to create a specially crafted URL that would execute arbitrary script code on victim’s browser.
- Injecting O2 into another .NET Process (in this case NUnit.exe) – o2platform.wordpress.com
Here is a pretty powerful example of what can be done with O2′s .NET reflection APIs. The objective is to start NUnit under the control of an O2 script and to add a new feature to NUnit (in this case a new error viewer)
- Hacking With JSP Shells – netspi.com
Most enterprise datacenters today house at least a few web servers that support Java Server Pages (JSP). In my experience, at least one will suffer from vulnerabilities that can be leveraged to upload JSP shells and execute arbitrary commands on the server (this especially seems to be the case with preconfigured appliances).