Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

Updated PCI Data Security Standard (PCI DSS) Doc: Penetration Testing Guidance

$
0
0
The objective of this information supplement is to update and replace PCI SSC’s original penetration testing information supplement titled “Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3 Penetration Testing” published in 2008. This information supplement has additional guidance to what is in PCI DSS and is written as general penetration testing guidelines that are intended to extend into future versions of PCI DSS.

The guidance focuses on the following:
 Penetration Testing Components: Understanding of the different components that make up
a penetration test and how this differs from a vulnerability scan including scope, application and network layer testing, segmentation checks, and social engineering.

 Qualifications of a Penetration Tester: Determining the qualifications of a penetration tester, whether internal or external, through their past experience and certifications.
 Penetration Testing Methodologies: Detailed information related to the three primary parts of a penetration test: pre-engagement, engagement, and post-engagement.
 Penetration Testing Reporting Guidelines: Guidance for developing a comprehensive penetration test report that includes the necessary information to document the test as well as a checklist that can be used by the organization or the assessor to verify whether the necessary content is included.

The information in this document is intended as supplemental guidance and does not supersede, replace, or extend PCI DSS requirements. While all references made in this document are to PCI DSS version 3.0, the general principles and practices offered here may be applied to any version of PCI DSS.


more here...............https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf


shadowd 1.1.0 release

$
0
0
It is my pleasure to announce the release of shadowd 1.1.0 as well as shadowd_ui 1.1.0 of the Shadow Daemon web application firewall. This update improves the performance, attack detection and ease of use.

There are five major changes:
A native flood protection. It is no longer necessary to use fail2ban to prevent flooding of the logs, it happens automatically now.

A storage queue. This removes a huge bottleneck from Shadow Daemon, the permanent storage of requests.

Optimizations of the database layout to improve the performance.
New blacklist filters/signatures to detect more attacks, e.g. shellshock, cross-site scripting, server-site includes and code evaluation.

An option for the whitelist rules generator to automatically unify arrays. This makes it much easier to generate rules for big web applications.


more here......http://blog.zecure.org/post/shadowd_1.1.0/

Linux Local Enumeration Script

Reverse Geocoder

Paper: SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers

$
0
0
Abstract—Run-time packers are often used by malware-writers
to obfuscate their code and hinder static analysis. The packer
problem has been widely studied, and several solutions have
been proposed in order to generically unpack protected binaries.
Nevertheless, these solutions commonly rely on a number of
assumptions that may not necessarily reflect the reality of the
packers used in the wild. Moreover, previous solutions fail to
provide useful information about the structure of the packer or
its complexity. In this paper, we describe a framework for packer
analysis and we propose a taxonomy to measure the runtime
complexity of packers.
We evaluated our dynamic analysis system on two datasets,
composed of both off-the-shelf packers and custom packed
binaries. Based on the results of our experiments, we present
several statistics about the packers complexity and their evolution
over time

more here..........http://paginaspersonales.deusto.es/isantos/publications/2015/ugarte_2015_DeepPacker.pdf

“Widespread” MongoDB Denial of Service Vulnerability Discovered

$
0
0
Last month, researchers in Fortinet’s threat research division, FortiGuard Labs, discovered a vulnerability in MongoDB that would allow hackers to remotely crash the database application. Characterizing the vulnerability as “widespread”, the researchers successfully demonstrated a denial of service attack against legacy versions of the database that users could initiate remotely.

more here.........http://blog.fortinet.com/post/widespread-mongodb-denial-of-service-vulnerability-discovered

Exploit Exercises

$
0
0
exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

more here.......https://exploit-exercises.com/

and below is some additional security/hacking challenge links you may be interested in
http://securityoverride.org/challenges/index.php
http://smashthestack.org/wargames.html
http://overthewire.org/wargames/

rwasa, a web server written from the ground-up

$
0
0
rwasa is our full-featured, high performance, scalable web server designed to compete with the likes of nginx. It has been built from the ground-up with no externel library dependencies entirely in x86_64 assembly language, and is the result of many years' experience with high volume web environments. In addition to all of the common things you'd expect a modern web server to do, we also include assembly language function hooks ready-made to facilitate Rapid Web Application Server (in Assembler) development.

We appreciate that there is already a plethora of web server software available. In our opinion, you should only care about rwasa if:
You run any sized https/TLS server(s). Regardless of volume, you should care about the latency your users experience when they interact with your secure sites.
You run very high volume web traffic. As shown in our performance tests below, rwasa is capable of much higher requests per second per CPU than most all other web servers.

more here.....https://2ton.com.au/rwasa/

BROOTKIT

$
0
0
BROOTKIT
Lightweight rootkit implemented by bash shell scripts v0.10

by wzt 2015 wzt.wzt () gmail com

If bash shell scripts can be designed for security tools like 
    chkrootkit or rkhunter, so it can be implemented for a rootkit.
FEATURES
1. more hidable ability against admintrator or hids.
2. su passwd thief.
3. hide file and directorys.
4. hide process.
5. hide network connections.
6. connect backdoor.
7. multi thread port scanner.
8. http download.
9. multi thread ssh passwd crack.

Access additional information here....https://github.com/cloudsec/brootkit

CTF Tools

Autoarp

$
0
0
Autoarp is an automatic ARP attack tool. The programme will call nmap every 5 minutes to refresh the target list and send ARP packets to every host which is in the target list.

more here..........https://github.com/WLBF/Autoarp

You, Me, and .NET GUIDs

$
0
0
Research done here at CylanceSPEAR is not limited to vulnerabilities. For instance, in the following research I describe two GUIDs that can be extracted from .NET assemblies in order to identify project and build information.  These GUIDs could allow for a reverse engineer to identify samples with greater ease.

more here............http://blog.cylance.com/you-me-and-.net-guids

Alibaba CTF 2015 - XSS400 WriteUP

$
0
0
Flag hidden in the administrator's Cookie
Trigger requires the latest version of Chrome
http://1de28830f09a4b1b.alictf.com/pet.php?id=test&type=cat

more here......http://linux.im/2015/03/29/alictf-2015-xss400.html


PS: This is in Chinese so you will need good translation software or someone who knows Chinese to translate it.  After all I do not want to be accused of plagiarism:)

USB Armory Now Fully Supported Arch Linux ARM and ArchAssault

$
0
0
The USB armory from Inverse Path is an open source hardware design, implementing a flash drive sized computer.

The compact USB powered device provides a platform for developing and running a variety of applications.

The security features of the USB armory System on a Chip (SoC), combined with the openness of the board design, empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications.


more here.........http://archlinuxarm.org/platforms/armv7/freescale/usb-armory


and here......https://archassault.org/news/usb-armory-fully-supported/

Linux kernel memory management Part 1.

$
0
0
Memory management is a one of the most complex (and i think that it is the most complex) parts of the operating system kernel. In the last preparations before the kernel entry point part we stopped right before call of the start_kernel function. This function makes initialization of the all kernel features (including architecture-dependent features) before the kernel will run first init process. You may remember as we built early page tables, identity page tables and fixmap page tables in the boot time. No complicated memory management is working now. Now as start_kernel function called we will see the transition to the more complex data structures and techniques for memory management. For good understand initialization process of the linux kernel we need to have clear understanding of the techniques. This chapter will provide overview of the different parts of the linux kernel memory management framework and its API and we will start from the memblock.

more here............https://github.com/0xAX/linux-insides/blob/master/mm/linux-mm-1.md

Cryptocode- Typesetting Cryptography

[CVE-2015-1817] Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing

$
0
0
A stack-based buffer overflow has been found in musl libc's ipv6
address literal parsing code. Programs which call the inet_pton or
getaddrinfo function with AF_INET6 or AF_UNSPEC and untrusted address
strings are affected. Successful exploitation yields control of the
return address. Having enabled stack protector at the application
level does not mitigate the issue. All users should patch or upgrade.

Software: musl libc (http://www.musl-libc.org)

Severity: high

Affected Versions: 0.9.15 - 1.0.4, 1.1.0 - 1.1.7.

Bug introduced in commit: 78f889153167452de4cbced921f6428b3d4f663a

Bug fixed in commit: fc13acc3dcb5b1f215c007f583a63551f6a71363

Patch: musl_dn_expand_overflow_fix.diff (below) (fix+hardening)
diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c
index 4496b47..d36c368 100644
--- a/src/network/inet_pton.c
+++ b/src/network/inet_pton.c
@@ -39,14 +39,15 @@ int inet_pton(int af, const char *restrict s, void *restrict a0)
for (i=0; ; i++) {
if (s[0]==':' && brk<0) {
brk=i;
- ip[i]=0;
+ ip[i&7]=0;
if (!*++s) break;
+ if (i==7) return 0;
continue;
}
for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
v=16*v+d;
if (j==0) return 0;
- ip[i] = v;
+ ip[i&7] = v;
if (!s[j] && (brk>=0 || i==7)) break;
if (i==7) return 0;
if (s[j]!=':') {



Authored by Rich Felker 
dalias@libc.org

BlackHat 2015 Asia Slides

$
0
0
For those interested in viewing some of the slide presentations from BlackHat click here....https://www.blackhat.com/asia-15/archives.html

A few of the titles are listed below as well

1.
Client-Side Protection
Against DOM-based XSS
Done Right (TM)
here.......https://www.blackhat.com/docs/asia-15/materials/asia-15-Johns-Client-Side-Protection-Against-DOM-Based-XSS-Done-Right-(tm).pdf

2.
The nightmare behind the cross platform mobile apps dream
here......https://speakerdeck.com/marcograss/the-nightmare-behind-the-cross-platform-mobile-apps-dream

3.
Hiding Behind ART
here.....https://www.blackhat.com/docs/asia-15/materials/asia-15-Sabanal-Hiding-Behind-ART-wp.pdf

4.
Browsers Gone Wild
here......https://www.blackhat.com/docs/asia-15/materials/asia-15-Prado-Browsers-Gone-Wild.pdf

5.
Hacking Wireless World, RFID hacking with SDR 2.0
here.....https://www.blackhat.com/docs/webcast/07172014-hacking-the-wireless-world-with-software-defined-radio-2.0.pdf

Puush accidentally infects Windows users with password-stealing malware

WebLogic SSRF And XSS (CVE-2014-4241, CVE-2014-4210, CVE-2014-4242)

Viewing all 8064 articles
Browse latest View live