- Layer One 2012 Security Conference – layerone.org
All of the videos from the LayerOne 2012 security conference are now online! Check everything out on the 2012 Archives page.
- RECON 2012 – GPUS FOR MOBILE MALWARE, MITIGATION AND MORE – viaforensics.com
The following presentation was delivered by Jared Carlson at REcon 2012 on June 6, 2012. Browse the slide images in the gallery below. A PDF version is available; make sure you are registered on the site and then use this link.
- Rooted CON 2012 – vimeo.com
Rooted CON 2012 Security Conference in Madrid, Spain.
- Pen Testing in the Cloud – pen-testing.sans.org
With the phenomenal growth of cloud computing, many of us are engaging clients where one or more aspects of their cloud deployment is considered in scope. Penetration testing a cloud deployment can make for tricky waters to navigate, due to its shared responsibility model. In this article we’ll demystify the cloud, as well as provide tricks and tips for navigating those waters.
- Tweaking Metasploit Modules To Bypass EMET – Part 1 – badishi.com
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is designed to increase the protection of your system against exploitation. It can render current Metasploit modules useless, as they’re currently not designed to bypass it. We discuss ways to tweak Metasploit modules in as much a generic way as possible, so they can work against targets utilizing EMET.
- How to Break Into Security, Schneier Edition – krebsonsecurity.com
Last month, I published the first in a series of advice columns for people who are interested in learning more about security as a craft or profession. In this second installment, I asked noted cryptographer, author and security rock star Bruce Schneier for his thoughts.
- Nmap Script to detect Poison Ivy Clients – labs.alienvault.com
I have written a small Nmap script that sends the challenge handshake to the client and expects a 256 byte response. It is able to detect if the Poison Ivy’s password used is the default one (“admin”).
- Some Practical ARP Poisoning with Scapy, IPTables, and Burp – webstersprodigy.net
ARP poisoning is a very old attack that you can use to get in the middle. A traditional focus of attacks like these is to gather information (whether that information is passwords, auth cookies, CSRF tokens, whatever) and there are sometimes ways to pull this off even against SSL sites (like SSL downgrades and funny domain names). One area I don’t think gets quite as much attention is using man in the middle as an active attack against flaws in various applications. Most of the information is available online, but the examples I’ve seen tend to be piecemeal and incomplete.
- IPv6 Toolbox – ipv6securitylab.org
A set of Linux-based open-source tools, developed to assist network owners with the difficult transition to IPv6.
- THC-IPV6 – thc.org
A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.
- gui-for-sqlmap – code.google.com
To make it work get and install python 2.7 python-tk and download the last version of sqlmap-dev.
- CMOS De-Animator – st-ware.com
CMOS De-Animator v2 is a service utility for your system’s CMOS RAM. Unlike its predecessor, the CMOS De-Animator 1.0, this new version includes a graphical interface and CMOS-backup options along with the “Clear CMOS” procedure, which was the original version’s only purpose. The application supports all 32-bit and 64-bit Windows operating systems except Windows 95 and Windows NT 3.51; for these old systems you will have to use De-Animator 1.0.
- SamuraiWTF Course – sourceforge.net
Download the latest version of Samurai.
- WS-Attacker 1.1 updated – sourceforge.net
WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
- An example of EggHunting to exploit CVE-2012-0124 – community.rapid7.com
Recently, we added a module for CVE-2012-0124 which exploits a stack buffer overflow flaw in the backup management component of HP Data Protector Express. The overflow occurs during the creation of new folders, and allows an authenticated user on HP Data Protector Express to execute arbitrary code with SYSTEM privileges on Windows platforms. We figured this is a nice opportunity to demonstrate a good egghunter scenario.
- Stack Smashing: When Code Execution Becomes a Nightmare – community.rapid7.com
Last year at BSides Vegas, James Lee (egypt) and David Rude (bannedit) did a presentation about “Long Beard’s Guide to Exploit Dev”. During the talk, James said one thing that I’ll never forget: “exploit development is never an easy task, because pretty much every step you do — finding the offset, finding a return value, using a ROP gadget, etc — could lead to a failure.” Ain’t that the truth! But here’s the thing, exploits don’t just fail before you pop a shell, it can also happen WHILE you’re getting a shell… and that’s where my story is.
- MySQL – websec.ca
False means the query is invalid (MySQL errors/missing content on website). True means the query is valid (content is displayed as usual).