Week 13 in Review – 2010

Events Related:

Resources:
Tools:
  • OpenSSL 1.0 – openssl.org
    The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit SSL v2/v3 and TLS v1 protocols.
  • Vicnum v1.4 – sourceforge.net/projects/vicnum/
    A lightweight flexible vulnerable web application written in PERL and PHP.
  • Plecost v0.2.2-8 – plecost.googlecode.com
    Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems.
  • DBAPPSecurity web application scanner MatriXay 3.6 – professionalsecuritytesters.org
    MatriXay 3.6 not only has the remarkable scanning ability, but also provides powerful penetration testing functions and web Trojan detection.
  • Zigbee Analysis Tools – sans.org
    KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks.
  • pvefindaddr v1.27 – corelan.be
    Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files.
  • Buck Security v0.5 – buck-security.org
    Buck Security is a collection of security checks for Linux.
  • pwnat v0.2-Beta – samy.pl
    Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.
  • Nmap v5.30 Beta 1 – nmap.org
    Nmap is a free open source utility for network exploration or security auditing.
  • Wireshark 1.2.7 – wireshark.org
    Wireshark is the world’s most popular network protocol analyzer.
  • SQLFury –  sqlfury.com
    SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application.
  • w3af v1.0-RC3 – sourceforge.net/projects/w3af/
    The w3af core and it’s plugins are fully written in python.
  • CMS Explorer (or: what’s that CMS running?) – sunera.com
    CMS Explorer is currently set up to test Drupal, WordPress and Joomla!/Mambo, with exploration support for Drupal and WordPress.
  • Microsoft SDL version 5 – msdn.com
    The largest change in SDLv5 is the inclusion of SDL for Agile Development as an Addendum at the end.
  • LoverBoy – loverboy.sourceforge.net
    A web application penetration testing tool that can extract data from SQL Server, MySQL, DB2, Oracle, Sybase, Informix, and Postgres.
  • CUPP v3 – remote-exploit.org
    Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities.
  • Skipfish v1.29B – skipfish.googlecode.com
    Skipfish is an active web application security reconnaissance tool.
  • Kon-Boot v1.1 – piotrbania.com/all/kon-boot
    Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel.
  • Flint 1.0.5 – chargen.matasano.com
    Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.
Techniques:

  • Can you still trust your network card? – ssi.gouv.fr
    The talk explained how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (NICs).
  • Has SSL become pointless? Researchers suspect state-sponsored CA forgery – betanews.com
    Using ‘man-in-the-middle’ to intercept TLS or SSL is essentially an attack against the underlying Diffie-Hellman cryptographic key agreement protocol.
  • A couple of PDF exploits you might want to hear about
    • Escape From PDF – didierstevens.com
      I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability!
    • Escape From Foxit Reader – didierstevens.com
      Remember, Foxit Reader issues no warning when launching a command!
  • Pwn2Own 2010: Lessons Learned – symantec.com
    So, why do Web browsers make such good targets for exploit developers?
  • Resilient SSH Tunneled Meterpreter Session – pauldotcom.com
    Resilient in that it will monitor the tools running needed to give me access and relaunch them if needed.
  • Automated SEO poisoning attacks explained – sophos.com
    SEO poisoning is one of the major methods of attack that we are seeing being used by online criminals at the moment.
  • Plugging the CSS History Leak – mozilla.com
    It’s a tough problem to fix, though, so I’d like to describe how we ended up with this approach.
  • Using Nessus Thorough Checks for In-depth Audits – tenablesecurity.com
    Nessus users have a wide range of powerful options whose functionality is critical to a successful vulnerability scan, but whose meaning may not be completely clear.
  • PWN2OWN & Fuzzing – garwarner.blogspot.com
    Charlie Miller got quite a bit of buzz for his fuzz when at CanSecWest he owned a fully patched Mac with fully patched Safari “in 10 seconds”.
  • Reverse Engineering File Formats – jbrownsec.blogspot.com
    But soon you will see by blackbox testing and reverse engineering, we can get all the information we need to correctly produce EDS files and find vulnerabilities.
  • Burp Suite Tutorial – Intruder Tool version 2 – securityninja.co.uk
    My Burp Suite tutorial blog posts appear to be a bit like buses, it took a long time for me to do the first one and now I’m writing the third one!
  • OpenRunSaveMRU and LastVisitedMRU – sans.org
    Talking with a colleague the other day reminded me of just how nuanced many of the forensic artifacts are that we rely upon.

Vulnerabilities:

  • OpenSSL Flaw Can Crash Remote Machines – threatpost.com
    The flaw gives an attacker the ability to use a single TLS record to take out remote machines that are running vulnerable OpenSSL software.
  • PHP blunders with random numbers – h-online.com
    Andreas Bogk warns that, despite recent PHP improvements, the session IDs of users who are logged into PHP applications remain guessable.

Vendor/Software Patches:

Other News:

2 Comments

  1. […] This post was mentioned on Twitter by Cyber Informant. Cyber Informant said: Week 13 in Review – 2010: [infosecevents.net] Events Related: CanSecWest posts A round-up of the events in the… http://dlvr.it/QswK ˃ […]

  2. Buy VPN Service June 27, 2016 at 2:27 am

    LimeVPN takes care of the data security by providing 256-bit Military-Grade Encryption to VPN Service users.

Leave A Comment