GSO

nkst.com
My talk this year was called “Fig Leaf Security”, and was aimed at saying some of the things that we generally dont like saying (about the industry in general, and about ourselves in particular).

Resources:

Tools:

Techniques:

• Fiddler and Channel-Binding-Tokens – msdn.com
  Some users of Fiddler who have HTTPS Decryption enabled have found that some of their internal HTTPS sites that used to work properly with Fiddler now endlessly prompt for credentials while Fiddler is running.
• Death of an ftp client / Birth of Metasploit modules – corelan.be
  Using a custom built ftp client fuzzer, now part of the Metasploit framework (svn r10658 and up), the team has audited several ftp clients and applications that use an embedded client ftp component.
• Traditional Penetration Testing is DEAD – BSIDES Atlanta – secmaniac.com
  To start off on somewhat of a tangent, the penetration testing field can be looked at in two different lights.
• Hacking a Fix – securitybraindump.blogspot.com
  By default APC PCNS can be found in the C:\Program Files\APC\PowerChute\group1 directory of a Windows system.
• Updates, updates – golubev.com
  About GTX460 — firstly it was looking like cut-in-half version of GF100 and initial performance tests shows this too.
• Http Request Splitting and Header Abuse with Java AddRequestProperty – mindedsecurity.com
  Applets sandbox allow requests to be performed to the host where they originate by using the class java.net.URL.
• Java-JNLP-Applet User Assisted Arbitrary Execution – mindedsecurity.com
  Among others there is the possibility to create an applet that will become a desktop applet by using JNLP in restricted environment.
• Get Internal Network Information with Java Applets – mindedsecurity.com
  In particular a malicious user could get important information about private IP of each NIC a victim has on her platform.
• Tshark/Wireshark SSL Decryption – Lessons Learned – pauldotcom.com
  We decided to use TSHARK because it has the ability to decrypt SSL and you can use Wireshark display filters.
• Buffer Overflow Pattern Tool – justanotherhacker.com
  Being a perl man I decided I wanted to grab a perl based generator so I could modify it to suit my own needs.
• DNS Rebinding on Java Applets – mindedsecurity.com
  During an assessment of Java VM source code (v. 6 update 21) it was found that the attack was still feasible, probably due to a regression issue and, more important, I found a way to extend the attack to every browser.
• LiveKd for Virtual Machine Debugging – technet.com
  After giving it some thought, I realized that I could fool the debuggers into thinking that they were looking at a crash dump file by implementing a file system filter driver that presented a “virtual” crash dump file debuggers could open.
• Windows 7 symbolic links and hidden files – pauldotcom.com
  Try this experiment: Create an Alternate Data Stream and attempt to open it with Microsoft Word.
• Metasploit HowTo: Standalone Java Meterpreter Connect-Back – 0×0e.org
  The process is very straightforward, simply generate the .jar, setup a handler.
• setdllcharacteristics – didierstevens.com
  Because I need to set DEP and ASLR flags in a script, I wrote a C-program to read, set or clear these flags (together with another flag to check AuthentiCode signatures, more about this later).
• Nessus XML parsing with awk – h-i-r.net
  Usually, I only concern myself with the high-severity issues for weekly reports, then as I have time, I dig deeper into the more trivial problems.
• Padding Oracle attack PoC
  A proof-of-concept attack against MS10-070, this PoC is an implementation in Ruby of a Padding Oracle attack and allows you to download the ‘Web.config’ file or any other file from a vulnerable ASP.NET installation.
• PDF, DEP, ASLR and Integrity Levels – didierstevens.com
  If the application did not use DEP, ASLR or Integrity Levels, I changed some settings to make the application use these features.
• Force.com secure code review howto Part 1 – greebo.net
  Visual Force is a MVC based framework. It appears to act like a tag library with the <apex:… prefix, used inside files with a .page extension.

Vendor/Software Patches:

Other News:

• Dead or Alive: Pen Testing – securosis.com
  The pen testers need to operate in a reasonable semblance of a real wold scenario. Obviously you don’t want them taking down your production network. But you can’t put them in a box either.
• Pen-and-Paper SQL Injection Attack Against Swedish Election – schneier.com
  Some copycat imitated this xkcd cartoon in Sweden, hand writing an SQL injection attack onto a paper ballot.
• Security services firm iSEC Partners acquired – techtarget.com
  ISEC Partners, a pen-testing and security services consultancy that has been at the forefront of innovative research in the past half-decade, was acquired today by NCC Group of Manchester, England.
• Attack of the monster frames (a mini-retrospective) – lcamtuf.blogspot.com
  The next notable milestone: clickjacking – a seemingly obvious threat essentially ignored by the security community (perhaps in hope it disappears), until extravagantly publicized by Jeremiah Grossman and Robert ‘RSnake’ Hansen in 2008.
• Java: A Gift to Exploit Pack Makers – krebsonsecurity.com
  Take one look at the newest kit on the block — “Blackhole” — and it is obvious that Java vulnerabilities continue to give attackers the most mileage and profit, and have surpassed Adobe flaws as the most successful exploit vehicles.
• Guest Post: Michelle Klinger “Interview with a Mentor…Mentor R – infosecmentors.blogspot.com
  As previously mentioned, this is the continuation in a series of interviews with both mentees and mentors on their experience with InfoSec Mentors to date.
• Mentor vs. Mentee – infosecmentors.blogspot.com
  We’ve been matching mentors and mentees at lightning speed in the past days and as one would come to expect, we have much more mentees than we have mentors.
• Suggestions for getting started – infosecmentors.blogspot.com
  I thought I would create a small list of activities you should expect to do during the beginning phase of your mentoring relationship.

Tags: HacKid, MIRCon, WACCI, ZaCon