September 6th, 2008 Anthony Towry
ProCheckUp has just published a new ValidateRequest XSS bypass paper. I unfortunately have not had time to verify the information in the paper, but everything I've read appears to be in line with information Micheal Eddington had published earlier this year.
Microsoft has some interesting goodies (patches) coming out this next Tuesday regarding .Net, IE and friends. Related? Maybe.
There's recently been a nice discussion going taking place on the penetration-testing mailing list regarding breaking asp.net applications. There are several ways to introduce XSS vulnerabilities into a asp.net application as developer, but it certainly is one of the more secure web development frameworks. The danger comes in relying on the framework to know what is acceptable and what isn't. ValidateRequest makes a good try, but as this paper states, it's not a complete solution even for the most generic pages.
Use the Anti-XSS library devs!
Posted in Security, Web development | No Comments »
September 2nd, 2008 Anthony Towry
Samurai WTF is a liveCD aimed at web application hacking/testing. I haven't tried it yet, and from the version number it looks like it's still in it's infancy, but I thought it might deserve one more inward facing link.
Check it out at: SourceForge
Posted in Security, Web development | No Comments »
August 28th, 2008 Anthony Towry
Daniel Miessler has put together an excellent summary highlighting notable features of nmap. Some of these features were shown off in Fyodor's recent Defcon and Blackhat talks on scanning the internet.
Daniel is nice enough to provide the reader with easy (read copy/paste) instructions on getting the svn and building this version of this essential tool. I'm looking forward to using some of these features in future network scans.
Posted in Security | No Comments »
August 21st, 2008 Anthony Towry
The team working on the Android mobile platform project have recently published an introduction to Full Disclosure and other security outlets. The team made a great move here toward encouraging hackers to responsibly disclose security issues.
The post mentions one item that many researchers value a great deal...transparency throughout the remediation process. The guys and gals at Android seem to "get it", I'm hoping it works out for them.
Posted in Programming, Security | No Comments »
July 28th, 2008 Anthony Towry
I haven't been up to a lot lately. I'm finishing out my term with my current employer, getting equipment ready for Las Vegas, and thinking about the viability of a few personal projects.
I have however found time to do a little reading. Over at the SANS Reading Room there is a paper titled Effectiveness of Antivirus in Detecting Metasploit Payloads by Mark Baggett. This is a really solid paper with some great work done by Mark. Mark takes the reader from a basic payload, to customizing options, to making use of the msfencode functions, etc. In addition to the authors goals, this paper could serve as a great jumping off point for pentesters wishing to make use of metasploit payloads instead of say the CORE agent. I wouldn't call it deeply technical, but it does clearly illustrate some of the issues with today's antivirus solutions.
Posted in Security | No Comments »
July 23rd, 2008 Anthony Towry
If you remember and I'm sure that you do, a while back some researchers at Princeton released a demonstration video of shaping encryption keys from frozen memory. They proved that RAM may not be quite as volatile as everyone had previously assumed. The tool they used is now public information. Great, great...so the hell what.
Another researcher had proved that through the use of a device with direct memory access (DMA) one could execute arbitrary commands by manipulating memory.
Access to memory + Crypto key shaping tool = pwned hard disk encryption without the need for a can of air and the ability to disassemble the computer (also sweet for 0wning the MacBook Air's smug little soldered on RAM).
Now, such a tool does not yet exist (to my knowledge). Fertile ground.
Posted in Hardware, Security | No Comments »
July 17th, 2008 Anthony Towry
(IN)SECURE Magazine is back out with issue 17 hitting the stands. As always there are a few articles of note in particular. The first, Reverse Engineering Software Armoring is a great look at some of the ways that software can give the finger to a researcher. This is especially important stuff for those wanting to get into reverse engineering malware.
Second, Security flaws identification and technical risk analysis through threat modeling makes a thorough run through the basics of threat modeling and explores the area covered by a variety of popular methodologies. Very solid articles and I didn't even notice the vendor/product overload that I usually do...maybe I'm immune.
Posted in Security | No Comments »
July 15th, 2008 Anthony Towry
Metasploit is a tool that has forever changed the information security landscape. One would be hard pressed to find a tool as versatile, powerful and as supported in the hacking community today. On top of all that good mojo, it comes free of charge!
I get excited about Metasploit (who wouldn't). I wanted this book to match that excitement; To dive into Metasploit in new and exciting ways. It didn't. This book is written by some very smart guys, but goes about as deep as the average user guide. There's nothing new here really and most of what's discussed could be better absorbed through a few hours of playing with the application itself.
Overall this was a disappointment, one that could have been a whole lot better.
Posted in Security | No Comments »
July 13th, 2008 Anthony Towry
Last year sometime after Defcon and the early stages of forming the DC405, a friend of mine (m00dimus) got me into participating with the Open Source Vulnerability Database Project. Since then we've had some big fun organizing mangle parties to promote project participation (even if we beat more beer than bugs sometimes) and we've made a significant contribution to the effort.
Over the past 9 months or so, I've gotten a lot out of digging into some of the vulnerabilities I've researched. I've passed a major milestone in my mangling, now sitting at 100.25 points! I do want to say thanks to the group at OSVDB for the new 2.0 interface, which cut the time for each submission in half.
Let's keep it rolling! Join OSVDB and get mangling!
Posted in Community, Projects, Security | No Comments »
June 22nd, 2008 Anthony Towry
The team over at Remote-Exploit.org have finalized version 3 of their amazingly useful and ever popular Linux security LiveCD, Backtrack. If you've been hanging around security folks very long you're probably familiar with the capabilities of this distribution. If you haven't checked it out, this is a great time to jump into it. Take a look at the new ISO at http://www.remote-exploit.org.
Thanks for all the hard work Remote-Exploit.org guys!
Posted in Operating Systems, Security | No Comments »
