Week 38 In Review – 2013


  • Heuristic methods used in sqlmap – unconciousmind.blogspot.com
    You can find slides for Miroslav Štampar talk “Heuristic methods used in sqlmap” held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) here.
  • Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network – blog.spiderlabs.com
    It’s always surprising how insecure some internal networks turn out to be. When a penetration tester has to work harder to gain Domain Access to an internal network, this is a list of the top five quickest ways to Domain Admin.



  • Pivoting to and poking other computers using powershell – Powerpreter and Nishang 0.3.1 – Part 2 – labofapenetrationtester.com
    This is Nikhil SamratAshok Mittal’s second post in the series about powerpreter. Anyone can use Powerpreter to pivot to and poke other machines in a network. Let’s see the technique here.
  • Burp Extensions in Python & Pentesting Custom Web Services – labs.neohapsis.com
    Burp is the de facto standard for professional web app assessments and with the new extension API (released December 2012 in r1.5.01) a lot of complexity in creating Burp extensions went away. The official API supports Java, Python, and Ruby equally well. Given the choice Patrick Thomas take Python any day, so these instructions will be most applicable to the parseltongues.
  • IOS Application Security Part 17 – Black-box assessment of IOS Applications using Introspy – resources.infosecinstitute.com
    In this article, you will look at how you can use Introspy for Black-box assessment of IOS applications. Infosecinstitute shows how to perform all the necessary steps.
  • Web Services Penetration Testing Part 1 – resources.infosecinstitute.com
    The reason to write this article is that the use of web services increased in last couple of years in a major ratio and also the data which flows in web services are very sensitive. This makes web services again an important attack vector. Focus of this article are on details of web services, its testing approach, tools used for testing etc.
  • PowerSploit: The Easiest Shell You’ll Ever Get – www.pentestgeek.com
    The easiest way to get a Meterpreter shell without worrying about AV is with PowerSploit. That is the easiest and most convenient AV-bypass Chris Campbell has ever seen! Just open PowerShell and type a command.
  • The Hackers Guide To Dismantling IPhone
    • The Hackers Guide To Dismantling IPhone (Part 2) – securityhorror.blogspot.com
      This post is the second part of the series “The Hackers Guide To Dismantling IPhone” and is going to describe how to perform all types of iPhone network attacks on any iPhone. This post is also going to explain how to set up the testing environment for hacking an iPhone also.
    • The Hackers Guide To Dismantling IPhone (Part 3) – securityhorror.blogspot.com
      On May 7, 2013, as a German court ruled that the iPhone maker must alter its company policies for handling customer data, since these policies have been shown to violate Germany’s privacy laws. Finally, the court also prohibited Apple from supplying such data to companies which use the information for advertising. But why does this happen?
  • When Domain Admin Is Not Enough – blog.gdssecurity.com
    When conducting a network pentest we often find the goal of the tester, at least on a Windows domain network test, is to get Domain Admin. That is well and good, but for impact nothing beats capturing the CIOs desktop, documents or e-mail. So how do we get there?
  • Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC) – gursevkalra.blogspot.com
    In this Gursev Singh Kalra’s blog post you will review at a known attack vector and create a Proof of Concept exploit to bypass browser’s Same-origin policy for websites that host an overly permissive cross-domain policy file.
  • JBOSS JMXInvokerServlet Exploit – breenmachine.blogspot.com
    Recently ran into a JMXInvokerServlet that didn’t require authentication. While there is a Metasploit module for this, it wasn’t working for various reasons. Inspired by Matasano, Stephen Breen wrote up some custom exploit code for this.

Vendor/Software Patches

  • It’s about time: Java update includes tool for blocking drive-by exploits  – theregister.co.uk
    Oracle’s latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java. After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing vulnerabilities its top priority for JDK 7.

    • Java SE Downloads – www.oracle.com
      The update is available from the usual Java download website here.


  • Microsoft: IE Zero Day Flaw Affects All Versions – krebsonsecurity.com
    Microsoft said that attackers are exploiting a previously unknown, unpatched vulnerability in all supported versions of its Internet Explorer Web browser. The company said it is working on an official patch to plug the security hole, but in the meantime it has released a stopgap fix to help protect affected customers.
  • iOS 7 Bug

Leave A Comment