http://whytheluckystiff.net/ruby/pickaxe/
An awesome online resource for learning Ruby
Wednesday, June 24, 2009
Windows Heap Overflows using Process Environment Block (PEB)
After a bunch of googling to find out what PEB was I happened upon this old milw0rm paper, which answered that question and the one I was going to ask next: How is it used in exploitation:
System Call Ordinals for XP SP2 x64
http://indefinitestudies.org/2009/01/22/digging-up-system-calls-ordinals-on-xp-x64/
I apologize for not remembering who tweeted this to thank them. But thanks to Daniel Reynaud for posting it.
Tuesday, June 23, 2009
Nessus SCTP scanning
Stolen from: http://blog.tenablesecurity.com/2009/05/scanning-monitoring-for-sctp.html
Paul goes into a lot of meat and potatoes about SCTP but the juice is here:
To scan for SCTP on your network and check if you are vulnerable using Nessue:
Enable “IP Protocols Scan” under the “Misc” plug-in family, and check “Thorough tests(slow)” in the Advanced tab of the scan policy under “Global Variable Settings”.
Monday, June 22, 2009
Dan Guido’s Videos
At the current time of posting, there are a 10 videos that as a security professional, you NEED to watch. It’s free training from some of the best in the biz. Bookmark it.
Fiddler and Watcher
Fiddler is a web debugger, and watcher is a plug-in that adds security testing options to Fiddler.
http://www.fiddler2.com/fiddler2/
Watcher (Fiddler plug-in): http://websecuritytool.codeplex.com/
Thursday, June 18, 2009
“Compile” python to a single executable
Here is a script David Kennedy (ReL1K) sent me a while back when we wrote a trojan for the Cyber Collegiate Defense Competition:
Just download py2exe, python setup.py install, then you have py2exe installed....
Say you have a file moo.py you want to compile, just take the code below and put it in a file called compile.py or something, modify it to change 'moo.py' to whatever py you want to compile and run python compile.py build py2exe and your all done. Super simple.
from distutils.core import setup
import py2exe, sys, os
# Hot Sex
sys.argv.append('py2exe')
setup(
options = {'py2exe': {'bundle_files': 1}},
console= [{'script': "moo.py"}],
zipfile = None,
)
Pastebin has evolved.
Etherpad is a pastebin like site where you can edit on the fly… and so can a dozen other people. They actually do a REALLY good job at monitoring changes from everyone. There is also a chat feature, that way you aren’t notepad chatting, and an IMPORT functionality. Importing is great when your clipboard buffer just might not be good enough:
.. just wow.. (Google check them out, they nailed something you are STILL having problems with, but of course, you are still in BETA)
Wednesday, June 17, 2009
Web App Sec Testing Firefox Extension Collection
A really good list of extensions. The best way to do this is keep multiple copies of Portable Firefox with the addons. I would suggest naming the directories for each copy of Firefox accordingly and also editing their configuration to allow simultaneous starting and altering the title bar so that you can differentiate between the multiple instances.
https://addons.mozilla.org/en-US/firefox/collection/webappsec
Tuesday, June 16, 2009
Windows functions to open a socket/connection
I hope to be using these links to use as part of .. you know what… I forgot, but I know it will come back to me and I’ll need these links, so I am storing them here. Muhahahah..
http://msdn.microsoft.com/en-us/library/ms738545(VS.85).aspx
CORE Security IE Zone Bypass MS09-019
CORE’s write-up + code: http://www.coresecurity.com/content/ie-security-zone-bypass
MS09-019 advisory: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
5 Security Holes at the Office (Video)
CSO interviewed Chris Nickerson and he showed a reporter 5 security problems a random office building had before he ever entered the building:
Monday, June 15, 2009
Play Free Online Games - no.. really
Huge list of games you play online that are free: http://play-free-online-games.com/
Addonics USB 2 NAS
A tiny device that turns any USB storage into a NAS: http://www.addonics.com/products/nas/nasu2.asp
Wednesday, June 10, 2009
Pluses and Minuses of forced SmartCard login
Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption
Off Setting: DWORD=0
On Setting: DWORD=1
This option can make Kon-boot, OFFLINE NT PASSWORD RESET and some of HIREN’s PASSWORD tools pretty useless. But wait.. Can’t you edit the registry offline? Yup! (Be sure to pull the plug because “Computer” policies are applied BEFORE the logon prompt appears)
Tuesday, June 9, 2009
Lists of "Security Tools”
On the Security Focus: Penetration Testing List there was a great set of links to lists of tools:
http://securitytoolslist.domandhost.com/
http://www.security-database.com/toolswatch/
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://backtrack.offensive-security.com/index.php/Tools
http://www.indianz.ch/ – Haven’t seen this one before. HUGE list of ‘interesting’ files.
And a VOIP specific list: http://www.voipsa.org/Resources/tools.php
Monday, June 8, 2009
ARPFreeze: Protection against ARP spoofing – Iron Geek style
So IronGeek puts out tons of videos and some pretty sweet tools. This one is no less awesome:
http://www.irongeek.com/i.php?page=security/arpfreeze-static-arp-poisoning
Technitium MAC Address Changer
So, yes, it can change your MAC address on your Windows box, but it does A LOT more. Definitely something to pull around with you on a USB stick.
GNS3 Network Simulator
Probably the best way of getting hands on a Cisco without buying one off of eBay. Tons of features and probably the only sim I’ve worked with that has the complete feature set of the actual devices. (Probably because you have to supply it with a real IOS file)
Sunday, June 7, 2009
Crypto for Pentesters
Chris Eng does a good job at explaining what you need to know:
http://video.google.com/videoplay?docid=-5187022592682372937
ISO Standards translated to “Plain English”
I don’t work with ISO standards, but definitely worth keeping the link
And on twitter: http://twitter.com/praxiom
Thursday, June 4, 2009
10 Questions you don’t want to ask in interviews
http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2009/04/19/JOBSryan.DTL
- "What does your company do?"
- "Are you going to do a background check?"
- "When will I be eligible for a raise?"
- "Do you have any other jobs available?"
- "How soon can I transfer to another position?"
- "Can you tell me about bus lines to your facility?"
- "Do you have smoking breaks?"
- "Is [my medical condition] covered under your insurance?"
- "Do you do a drug test?"
- "If you hire me, can I wait until [more than three weeks from now] to start the job?"
Sandcat – Advanced Web App Sec Tester
There are tons of scanners/testers on the market, but this one’s feature set kinda caught my eye:
http://pentestit.com/2009/06/04/sandcat-advanced-web-application-security-tester/
As of now, the SandCat will scan for these fault injections:
* Buffer Overflow
* Cookie Manipulation
* Command Execution
* CRLF Injection
* Cross Frame Scripting
* Cross-Site Scripting (XSS)
* Default Account
* Directory Listing
* Directory Traversal
* File Inclusion
* Information Disclosure
* LDAP Injection
* MX Injection
* Password Disclosure
* Path Disclosure
* PHP Code Injection
* Server-Specific Vulnerabilities: IIS / iPlanet / Others
* Source Code Disclosure
* SQL Injection
* XPath Injection
* Miscellaneous
Subscribe to:
Posts (Atom)