Thursday, July 17th, 2008
Storm, Srizbi, and... Microsoft? Microsoft’s Office application security team actually runs its own internal botnet, which, among other things, “fuzzes” for vulnerabilities in Office applications.
Microsoft’s botnet isn’t anywhere near the size of Srizbi (over 300,000 bots at last count) nor any of the other mega-botnets -- it’s just a couple ...
Posted in Internet, Privacy, Security, Windows | No Comments
Monday, July 14th, 2008
The exploit discovered by IOActive's Dan Kaminsky, takes advantage of a fundamental flaw in the DNS (Domain Name Server) protocol. Organizations should move quickly to patch vulnerable DNS servers against a flaw revealed last week. Dan Kaminsky said the bug can be exploited to redirect Internet traffic, but the problem ...
Posted in Internet, Security, Software | No Comments
Monday, July 14th, 2008
FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.
Maybe ...
Posted in Internet, Privacy, Security, Software | No Comments
Thursday, July 10th, 2008
The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.
The program currently performs the following operations:
1. Get the host’s addresse (A ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, June 17th, 2008
There are few job titles as misleading as that of the "Penetration Tester." Sure, saying professional computer hacker would be more direct, but have you ever noticed how hackers seem to have a dirty mind? Why else would they want to go phreaking through backdoors?
Anyway, in order for hackers to ...
Posted in Internet, Linux, Networking, Privacy, Security, Software | No Comments
Sunday, June 1st, 2008
The videos from ShmooCon 2008 have hit the shelves. Go download them at:
http://www.shmoocon.org/2008/videos/
EDIT: As of the time of this post, some of the videos are incorrectly named. Here is the 1-> 1:
Correctly Named:
21st Century Shellcode for Solaris
Advanced Protocol Fuzzing - What We Learned when Bringing Layer2 Logic to SPIKE land
Backtrack ...
Posted in General BS, Security | No Comments
Friday, May 30th, 2008
We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features.
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
Tuesday, May 27th, 2008
Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.
For scanning in the first steps of a security assessment or pen test, ...
Posted in Linux, Networking, Privacy, Security, Software, Windows | No Comments
Tuesday, May 27th, 2008
Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.
1. Set goals. Make sure you know before you start your penetration testing what you want the results to encompass. Adding in too many systems can be ...
Posted in Hardware, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments
Friday, May 16th, 2008
A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday.
HD Moore, best known as the exploit researcher who created the Metasploit penetration testing ...
Posted in Coding, Internet, Linux, Networking, PHP, Privacy, Software | No Comments
