[AthCon 2011] Network Exploitation with Ncrack – It’s not about plain brute-forcing anymore – youtube.com
Video for Network Exploitation with Ncrack with the speaker Fotis Hantzis
Smart Bombs: Mobile Vulnerability and Exploitation Presentation – spylogic.net
This week I co-presented “Smart Bombs: Mobile Vulnerability and Exploitation” with John Sawyer and Kevin Johnson at OWASP AppSec DC.
- Towards Firmware Analysis – sensepost.com
While I was evaluating a research idea about a SCADA network router during the past week, I used available tools and resources on the Internet to unpack the device firmware and search for interesting components.
- Fusion Advancing exploit mechanisms – exploit-exercises.com
Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms.
- Ascii shellcode – Security101 – blackhatacademy.org
Printable ascii shellcode is used to evade sanitizing on the network and software layers during buffer overflow exploitation.
- X-Frame-Options – blog.whitehatsec.com
What is it and why should I care? X-Frame-Options (moving towards just Frame-Options in a draft spec – dropping the X-) is a new technology that allows an application to specify whether or not specific pages of the site can be framed. This is meant to help prevent the clickjacking problem.
- Getting your message across: Screenshots – blog.c22.cc
Since I’ve finally started doing something with pentestreports.com I thought it was time to write-up some interesting content. Seeing as this one has been bugging me for a while, I thought it would make an interesting starting point. As always, comments are welcomed and encouraged!
- Dinis Cruz blog: Great description of why OWASP Summits are special – diniscruz.blogspot.com
Abe (on the owasp-leaders list) just posted the text below in response to my Summits must be part of OWASP’s DNA reply and it provides one of the best descriptions of what makes Owasp Summit’s special and worthwhile doing.
- ModSecurity Advanced Topic of the Week: Automated Virtual Patching using OWASP Zed Attack Proxy – blog.spiderlabs.com
The SpiderLabs Research Team has added an example script to the OWASP ModSecurity Core Rule Set (CRS) Project archive that will help users to quickly implement virtual patches for vulnerabilities identified by an open source web vulnerability scanning tool.
- GooDork Command Line Google Dorking/Hacking Tool – darknet.org.uk
GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking.
- Medusa 2.1 Release – foofus.net
What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net.
- Enema is Powerful tool for SQL injection – pentestit.com
Enema is not autohacking software. This is dynamic tool for people, who knows what to do. Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
- Adobe open sources Malware Classifier tool – h-online.com
Adobe has open sourced a tool for analysing and classifying malware to help security first responders, including malware analysts and security researchers. Called “Adobe Malware Classifier”, the command-line tool is written in Python and was originally created for internal use by the Adobe Product Security Incident Response Team (PSIRT) “for quick malware triage”.
- Dissecting the SQL Injection Tools Used By Hackers – blog.imperva.com
Recently, during a presentation to a group of security professionals, an impromptu poll was taken asking attendees whether they were familiar with Havij, a SQL injection tool used heavily in the hacking community.
- Web tool checks if your Mac is Flashback-free – cnet.com
Have you been put off by the work required to find out if your machine is one of the unlucky ones infected with the Trojan? There’s a new Web app that will check your Mac.
- Intersect version 2.5 update – github.com
Intersect is a post-exploitation framework written in Python. The main goal of this project is to assist penetration testers in the automation of many post exploitation and data exfiltration tasks that they would otherwise perform manually. With the Intersect framework, users can easily build their own customised scripts from the pre-built templates and modules that are provided or they can write their own modules to add additional or specialised functionality. As of the time of writing, there are almost 30 separate modules to choose from and more are added almost daily.
- Mercury: An Open Source Android Assessment Framework! – labs.mwrinfosecurity.com
Mercury is a framework that provides interactive tools that allow for dynamic interactions with the target applications running on a device.
- windows privilege escalation via weak service permissions – travisaltman.com
When performing security testing on a Windows environment, or any environment for that matter, one of the things you’ll need to check is if you can escalate your privileges from a low privilege user to a high privileged user.
- Another Approach To Tracking ReadFile – dvlabs.tippingpoint.com
We often receive fuzzed file submissions, which at times can be agonizing to analyze. Tools help a lot here, as we have shown in previous posts, such as with Peter’s awesome write up on hooking ReadFile and MapViewOfFile.
- Apple Mac
- Credit Card Hacks
- Most Popular Internet Sites Consistently Serving Up Malware – darkreading.com
According to a new malware report issued last week by Barracuda Labs, 58 of the sites listed among Alexa’s top 25,000 most popular websites are delivering drive-by downloads of malicious code, potentially affecting millions of users each day.
- New Android Malware Variant Can Remotely Root Phone – threatpost.com
A new version of Android malware has been tweaked so it doesn’t require user interaction for an attacker to own the device, according to research published by Lookout Mobile Security yesterday.
- SQL Injection
- SQL Injection through HTTP Headers – resources.infosecinstitute.com
During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever.
- SQL Injection Still Slams SMBs – darkreading.com
In spite of recent data from some firms showing the decline of SQL injection attacks as compared with other cybercrime methods, a new survey released this week shows that among SMBs concerned about database security, thwarting SQL injection attacks remains their highest priority.
- Microsoft readies patch for gaping IE browser security holes – zdnet.com
In all, Microsoft will release 6 bulletins this month to address at least 11 documented vulnerabilities in several software products.
- Pastebin to hire staff to tackle hackers’ ‘sensitive’ posts – bbc.co.uk
The owner of Pastebin.com says he plans to hire more staff to help police “sensitive information” posted to the site.
- Forget SOPA, You Should Be Worried About This Cybersecurity Bill – techdirt.com
While most folks are looking elsewhere, it appears that Congress is trying to see if it can sneak an absolutely awful “cybersecurity” bill through Congress.
- Arms Race In Zero Days Spells Trouble For Privacy, Public Safety – threatpost.com
This is the second of a two-part podcast with independent security researcher Chris Soghoian.
I probably wouldn’t have thought much of it, except my blog had recently been hacked (someone had gained elevated access to my web hosting account and prepended every single PHP file with a base64 encoded rootkit), so I immediately decided to view the source.
- Hacking in China
- Anonymous hacks hundreds of Web sites in China – news.cnet.com
The online hacktivist group defaces government and commercial sites with a message predicting the downfall of the Chinese government, although no central government sites appear to have been compromised.
- Hacker steals Chinese government defense contracts – zdnet.com
Hacktivist Hardcore Charlie says he has hacked China National Import & Export Corp (CEIC), a Chinese government defense contractor, and stole over 500MB worth of documents.
- Massive firewall vendor lets domain expire – domainincite.com
Check Point Software, one of the world’s leading firewall vendors, forgot to renew its main domain name and it wound up parked by its registrar over the weekend.
- CabinCr3w Hacker Arrested by FBI – threatpost.com
Federal authorities have arrested a Texas man accused of working for the hacking group CabinCr3w, a group that once targeted Goldman Sachs CEO LLoyd Blankfein.
- Hacker jailed for stealing 8 million identities – zdnet.com
A British hacker has been sentenced to 26 months for stealing 200,000 PayPal accounts, 2,701 bank card numbers, as well as 8,110,474 names, dates of birth, and postcodes of U.K. residents.
- Researchers Release New Exploits to Hijack Critical Infrastructure – wired.com
Researchers have released two new exploits that attack common design vulnerabilities in a computer component used to control critical infrastructure, such as refineries and factories.
- US government hires company to hack into video game consoles – zdnet.com
The U.S. Navy is paying a company six figures to hack into used video game consoles and extract sensitive information. The tasks to be completed are for both offline and online data.
- Watch Out, White Hats! European Union Moves to Criminalize ‘Hacking Tools’ – wired.com
The European Union is continuing a push to criminalize the production or sale of “hacking” tools, a move that civil liberties advocates argue could make criminals out of legitimate security researchers.