Pgcli is a command line interface for Postgres with auto-completion and syntax highlighting
more here......http://pgcli.com/index
![Screenshot]()
more here......http://pgcli.com/index
↧
pgcli
↧
DYREZA’S ANTICRYPT
In the previous post, we have described how to set up a loft to monitor Dyreza with the help of virtual machines configured with breakpoints at addresses where communications appear in clear text. Configuration file updates can thus be obtained in real-time easily. Another way to monitor this kind of malware using a decentralised architecture is to implement parts of the malicious binary in a thin client, which requires to fully understand its decryption routine details.
more here......http://www.lexsi-leblog.com/cert-en/dyrezas-anticrypt.html
more here......http://www.lexsi-leblog.com/cert-en/dyrezas-anticrypt.html
↧
↧
Qt Creator 3.4.0 released
Qt creator open source multi-platform IDE has a new release and changelog here.....https://blog.qt.io/blog/2015/04/23/qt-creator-3-4-0-released/
↧
TLS/SSL Security In PHP: Avoiding The Lowest Common Insecure Denominator Trap
A few weeks back I wrote a piece about updating PHARs in-situ, what we’ve taken to calling “self-updating”. In that article, I touched on making Transport Layer Security (TLS, formerly SSL) enforcement one of the central objectives of a self-updating process.
more here........http://blog.astrumfutura.com/2015/04/tlsssl-security-in-php-avoiding-the-lowest-common-insecure-denominator-trap/
more here........http://blog.astrumfutura.com/2015/04/tlsssl-security-in-php-avoiding-the-lowest-common-insecure-denominator-trap/
↧
Pligg CMS 2.0.2 - Stored XSS
#Affected Vendor: http://pligg.com/
#Date: 23/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Pligg CMS
#Version: 2.0.2
#Tested Link: http://localhost/pligg/admin/admin_page.php
Description: Pligg CMS is a content management platform that powers tens of thousands of websites. It specializes in
creating social publishing networks, where users submit and promote content similar to sites like Digg, Reddit, and
Mixx.Pligg CMS is vulnerable to stored xss vulnerability. The parameter "page_title" and "page_content" are the
vulnerable parameter which will lead to its compromise.
#Proof of Concept (PoC): "><img src="a.jpg" onerror="alert('XSS')"/>
↧
↧
Avsarsoft Matbaa Script - Multiple Vulnerabilities
#Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities
#Author : ZoRLu / zorlu () milw00rm com
#Website : milw00rm.com / milw00rm.net / milw00rm.org
#Twitter : https://twitter.com/milw00rm or @milw00rm
#Test : Windows7 Ultimate
#Discovery : 15/04/15
#Publish : 23/04/15
#Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net, cxsecurity.com and others
#BkiAdam : Dr.Ly0n, KnocKout, LifeSteaLeR, Nicx
#Demo : http://avsarsoft.com/matbaa/
#Demo User : sop08574 () qisdo com
#Demo Pass : 123456
1) Remote File Upload Vulnerability
you go here:
localhost/path/index.php?Git=KartvizitTasarla
localhost/path//index.php?Git=BrosurTasarla
localhost/path/index.php?Git=DavetiyeTasarla
after click to "Resim Ekle"
select your php file and wait for upload
after go here for you php file
localhost/path/upload/file.php
1) Multiple XSS Vulnerabilities
register to site
localhost/path/index.php?Git=UyeOl
after login
localhost/path/index.php?Git=Uyelik
after go here and add your xss code
localhost/path/index.php?Git=KontrolPaneli&Sayfa=KisiselBilgilerim
localhost/path/index.php?Git=KontrolPaneli&Sayfa=AdresBilgilerim
localhost/path/index.php?Git=KontrolPaneli&Sayfa=Yorumlar
↧
Crash Triage with SemTrax (CVE-2014-2525)
In this post we’ll look at how SemTrax can be used to help quickly identify the root cause of a crash. Successful fuzzers tend to make triage and prioritisation the most costly part of bug finding, and this is one of the use-cases we’ve focused on when designing SemTrax.
more here......http://www.getsemtrax.com/2015/04/23/crash-triage-with-semtrax-cve-2014-2525.html
more here......http://www.getsemtrax.com/2015/04/23/crash-triage-with-semtrax-cve-2014-2525.html
↧
IRC Botnets alive, effective & evolving
An IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel. It usually involves a Botnet operator controlling the IRC bots through a previously configured IRC server & channel. The Botnet operator, after appropriate checks, periodically moves the IRC bot to a new IRC channel to thwart researchers & automated sandboxes from monitoring the commands.
In this blog, we will look at one of the most prevalent IRC based malware families - DorkBot, followed by three additional IRC Botnet families - RageBot, Phorpiex, and IRCBot.HI.
more here........http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html
In this blog, we will look at one of the most prevalent IRC based malware families - DorkBot, followed by three additional IRC Botnet families - RageBot, Phorpiex, and IRCBot.HI.
more here........http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html
↧
4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes
Author: Nicholas Lemonias
Advisory Date: 23/4/2015
4k Satellite Security Research - DVB-S2X Standard Evaluation Notes
# . . . . . . .
# . . . . . ______
# . . . ////////
# . . ________ . . ///////// . .
# . |.____. /\ .///////// .
# . .// \/ |\ /////////
# . . .// \ | \ ///////// . . .
# ||. . .| | ///////// . .
# . . || | |//`,///// .
# . \\ ./ // / \/ .
# . \\.___./ //\` ' ,_\ . .
# . . \ //////\ , / \ . .
# . ///////// \| ' | .
# . . ///////// . \ _ / .
# ///////// .
# . .///////// . .
# . -------- . .. .
# . . . . .
# ________________________
# ____________------------ -------------_________
-=[ Advanced Information Security Corporation ]=-
Abstract
==========
During a security evaluation of the Digital Video Broadcasting for
Satellite-S2X (Extended) for UHD/4K compatible ecosystems; conducted
internally by the Advanced Information Security
Group, instances of insecure function use were observed, which could
lead to exploitation of these systems.
Introduction
==========
Ultra High Definition is rapidly growing into the next revolution of
virtual reality,
beyond HDTV. Ultra HD envisages to deliver a surreal cinematic
experience, to the next generation broadcasting world. Ultra High
Definition is a digital format that can process and deliver 4k and 8k
pixel resolution data.
The prolonged encoding rates operate on the basis of an equilibrated
analogy of up to 60 fps. Thus the higher the frame rates , the higher
are also the demands in data transfer technology.
High Bandwidth content utilize hybrid architectures and make use of
fiber optic technologies, cable networks, wireless architectures and
high powered DTH satellite broadcasting systems. DTH satellites
operate at higher frequency rates mostly at the Ka band or higher.
The Japanese Government was one of the first to practically implement
the UHD 4K System over satellite, in practice. In their experiment
prominent environmental predicaments concluded to modifications of
modulation methods due to rain attenuation issues. It is pertinent to
note, that however no security considerations were mentioned in their
experiment.
During an internal security evaluation of the extended version of
(DVB-S2X), multiple security predicaments were observed.
Review of DVB-S2X
================
The DVB-S2X is the extended version of DVB-S2 which was officially
presented by the DVB Consortium in 2014.
The new standard provides a number of technical enhancements for
support of DVB-S2X ecosystems; such as an improvised and faster
modulation for the delivery of UHD Services, however during our
security evaluation no security considerations are made.
Therefore it is pertinent to note that the older versions of DVB/S2
and current DVB/S2X (Extended) do support a fully-fledged Internet
Protocol interoperation.
The DVB-S2X offers very-low carrier-to-noise and low-carrier to
interference ratios, below 10 –db. (SNR) which makes it suitable for
professional and even military deployments.
Although, the following enhancements are made:
• Low roll off and smaller carrier spacing.
• Advanced Filtering technologies for bandwidth.
• Forward Error Correction Enhancements with added support for (64,
128, 256APSK) for professional and military applications, for extended
requirements, improved spectral efficiency and increased granularity.
• Bonding mechanisms for streams of TV data.
• Improvements for Optimal Modulation (MODCOD).
• A very low SNR MODCOD to support mobile architectures from land, sea
and air. Additional modulation enhancements have been provided in the
QPSK and BPSK range, in order to enhance atmospheric interference
protection mechanisms.
• The VLSNR MODCOD packet header was modified with the inclusion of a
PLH (Physical Layer header) and the addition of a significantly better
error correction coding system.
• Wideband Support for improved signal propagation.
During our evaluation it was asserted that the current composition of
DVB/S2x fails significantly to adhere to best practice and security
fundamentals. There are no security controls entailed for the
provision of fundamental security services of Confidentiality,
Integrity, Availability, (Non-Repudiation and Data Origin
Authentication). Although a two-way scrambling method is entailed,
that cannot substitute encryption.
This security issue stems from the lack of encryption of plain-text
information, as it is received by an L2 source, throughout the
encapsulation of information. Current implementations use Standard
Internet Security Protocols to bridge the gap.
The lightweight architecture of protocols such MPEG-2/MPEG-4, can be
subtle to overhead and service degradation;
This affects DVB-S2 and S2x compatible ecosystems that transmit
information using MPEG-2 over IP / MPEG-4 TS protocol over IP, which
make them subtle to eavesdropping attacks.
The DVB/S2 and DVB/S2X supports a fully-fledged IP interoperation.
Therefore this current composition of DVB/S2X fails to address the
inherent security instances at the core of the problem, during its
embryonic stages.
Security consideration should be made using a rather pedantic layered
approach to security.
Current designs of HEVC modulation (in DVB/S2X) lack fundamental
security services such as those of Confidentiality, Integrity,
Availability and Non-Repudiation.
It is pertinent to note that the DVB/S2x support for backward
compatibility, with MPEG-2 over IP which can be abused by
threat-actors.
Technological and market transformation from DVB/S2 to DVB-S2x is a
lengthy process for manufacturers and satellite service providers
alike.
4The importance of confidentiality is paramount for the protection and
prevention of unauthorized access to private information.
A malicious attacker could take advantage of this lack of security
services, to passively wiretap bits of plain-text information. HEVC
Fuzzing techniques can be used for the extraction of information that
may be contained in HEVC bit-stream structures and access units.
Attacks against 4K ecosystems
============================
Man-in the middle attacks
Repudiation Attacks
Denial of Service attacks against the actual satellite ecosystem
(while in orbit)
Replaying & Reordering attacks
MPEG-2 and H.264/MPEG-4 vulnerabilities
===================================
Thus in a MPEG-2 – TS transmission, the network identifies the “TS
logical channel”, and the PDU units received.
For instance a Transport Stream contains multiplexed data , multiple
packet sources, entailing the payload from a number of PES data
streams.
This lack of integrity and data origin authentication in the
encapsulated MPEG-2 Transport Stream packets over DVB-S2X can be
problematic.
Attacks that seek to fabricate, falsify, alter or delete information
are feasible due to the lightweight protocol characteristics.
Whilst current methodologies suggest that encryption can be provided
using standard Internet Security Protocols such as IPSEC, this only
bridges the gaps.
Another security problem arising from the lack of confidentiality and
integrity, is that the plain-text streams contain hardware MAC or NPA
addresses of the participating L2 destination.
Conclusion
============
However the Internet Protocol Security (IPSEC) provides advantageous
considerations in MPEG-2 over IP in satellite infrastructures, and
such are: interoperability; it does also present a trade-off between
Quality of Service.
Satellite security over 4k broadcasting is reliant on standard
security protocols to address inherent security issues.
Citing an example, an IPsec security gateway in tunnel mode, would
reveal disadvantages in terms of network overhead and QoS.
ML-IPSEC
==========
ML-IPsec attempts to address the problems arising from the use of
IPsec, although the issue of mobility is presented, which creates a
plethora of other issues to service providers and users alike.
SSL Vulnerabilities
================
Ecosystems that make use of SSL , are prone to a variety of attacks.
In the light of recent issues; FREAK SSL/TLS, BEAST, Heart Bleed, DoS
attacks (NULL pointer dereference / memory exhaustion) are some of the
vulnerabilities affecting SSL implementations.
References
============
US CERT, (2015). FREAK-SSL Vulnerability. [online] Available at:
https://www.us-cert.gov/ncas/current.../FREAK-SSLTLS-Vulnerability
[Accessed 23 Apr. 2015].
DVB Consortium, (2015). DVB-S2X. [online] Available at:
http://www.dvb.org/resources/public/standards/a83-2_dvb-s2x_den302307-2.pdf
[Accessed 23 Apr. 2015].
Securityfocus Website, (2015). OpenSSL Advisory.. [online] Available
at: http://www.securityfocus.com/archive/1/535167 [Accessed 23 Apr.
2015].
Us-cert.gov, (2015). OpenSSL 'Heartbleed' vulnerability
(CVE-2014-0160) | US-CERT. [online] Available at:
https://www.us-cert.gov/ncas/alerts/TA14-098A [Accessed 23 Apr. 2015].
↧
↧
Measuring SSL Performance: RSA keys
So you're about to make an RSA key for an SSL certificate. What key size should you use?
OpenSSL now use a 2048 bit key by default.
Windows certreq makes you explicitly specify a key size and uses 2048 bit examples in its documentation
If you want to show the verified company name in the green bar in a browser, you'll need an EV certificate, which requires a 2048 bit RSA key at minimum.
more here.......https://certsimple.com/blog/measuring-ssl-rsa-keys
OpenSSL now use a 2048 bit key by default.
Windows certreq makes you explicitly specify a key size and uses 2048 bit examples in its documentation
If you want to show the verified company name in the green bar in a browser, you'll need an EV certificate, which requires a 2048 bit RSA key at minimum.
more here.......https://certsimple.com/blog/measuring-ssl-rsa-keys
↧
WordPress < 4.1.2 Stored XSS vulnerability
tldr; mysql → special characters → truncation → input validation → output sanitation → xss → time to update WordPress
read more here......https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
read more here......https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
↧
Win32/Xswkit (alias Gootkit)
Gootkit second UAC bypass method + arbitrary dll injection reconstructed here....http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3669&p=25733#p25733
↧
Cloudflare: Of Phishing Attacks and WordPress 0days
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside from the many, varied denial of service attacks that break against our defenses we also see huge number of phishing campaigns. In this blog post I will dissect a recent phishing attack that we detected and neutralized with the help of our friends at Bluehost.
An attack that is particularly interesting as it appears to be using a brand new WordPress 0day.
more here......https://blog.cloudflare.com/of-phishing-attacks-and-wordpress-0days/
An attack that is particularly interesting as it appears to be using a brand new WordPress 0day.
more here......https://blog.cloudflare.com/of-phishing-attacks-and-wordpress-0days/
↧
↧
Paper: Fast as a Shadow, Expressive as a Tree: Hybrid Memory Monitoring for C
One classical approach to ensuring memory safety of C programs is
based on storing block metadata in a tree-like datastructure. However
it becomes relatively slow when the number of memory locations
in the tree becomes high. Another solution, based on shadow
memory, allows very fast constant-time access to metadata and led
to development of several highly optimized tools for detection of
memory safety errors. However, this solution appears to be insuf-
ficient for evaluation of complex memory-related properties of an
expressive specification language.
In this work, we address memory monitoring in the context of
runtime assertion checking of C programs annotated in E-ACSL, an
expressive specification language offered by the FRAMA-C framework
for analysis of C code. We present an original combination
of a tree-based and a shadow-memory-based techniques that reconciles
both the efficiency of shadow memory with the higher expressiveness
of annotations whose runtime evaluation can be ensured
by a tree of metadata. Shadow memory with its instant access
to stored metadata is used whenever small shadow metadata suf-
fices to evaluate required annotations, while richer metadata stored
in a compact prefix tree (Patricia trie) is used for evaluation of
more complex memory annotations supported by E-ACSL. This
combined monitoring technique has been implemented in the runtime
assertion checking tool for E-ACSL. Our initial experiments
confirm that the proposed hybrid approach leads to a significant
speedup with respect to an earlier implementation based on a Patricia
trie alone without any loss of precision.
more here.......http://kosmatov.perso.sfr.fr/nikolai/publications/jakobsson_ks_sac_2015.pdf
based on storing block metadata in a tree-like datastructure. However
it becomes relatively slow when the number of memory locations
in the tree becomes high. Another solution, based on shadow
memory, allows very fast constant-time access to metadata and led
to development of several highly optimized tools for detection of
memory safety errors. However, this solution appears to be insuf-
ficient for evaluation of complex memory-related properties of an
expressive specification language.
In this work, we address memory monitoring in the context of
runtime assertion checking of C programs annotated in E-ACSL, an
expressive specification language offered by the FRAMA-C framework
for analysis of C code. We present an original combination
of a tree-based and a shadow-memory-based techniques that reconciles
both the efficiency of shadow memory with the higher expressiveness
of annotations whose runtime evaluation can be ensured
by a tree of metadata. Shadow memory with its instant access
to stored metadata is used whenever small shadow metadata suf-
fices to evaluate required annotations, while richer metadata stored
in a compact prefix tree (Patricia trie) is used for evaluation of
more complex memory annotations supported by E-ACSL. This
combined monitoring technique has been implemented in the runtime
assertion checking tool for E-ACSL. Our initial experiments
confirm that the proposed hybrid approach leads to a significant
speedup with respect to an earlier implementation based on a Patricia
trie alone without any loss of precision.
more here.......http://kosmatov.perso.sfr.fr/nikolai/publications/jakobsson_ks_sac_2015.pdf
↧
The DoD Cyber Strategy
The full Department of Defense document can be found here.........http://www.defense.gov/home/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf
↧
Bedep’s DGA: Trading Foreign Exchange for Malware Domains
As initially researched by Trend Micro [1] [2], Zscaler [1] [2], Cyphort, and Malware don’t need Coffee, the Bedep malware family focuses on ad / click fraud and the downloading of additional malware. ASERT’s first sample dates from September 22, 2014, which is in line with when Trend Micro started seeing it in their telemetry. In early 2015, the family got some more attention when it was being observed as the malware payload for some instances of the Angler exploit kit, leveraging the Adobe Flash Player exploit (CVE-2015-0311) which at the time was a 0day. It was also observed that this newer version was using a domain generation algorithm (DGA) to generate its command and control (C2) domain names.
This post provides some additional notes on the DGA including a proof of concept Python implementation, a look at the two most recent sets of DGA generated domains, and concludes with some sinkhole data.
more here.......http://www.arbornetworks.com/asert/2015/04/bedeps-dga-trading-foreign-exchange-for-malware-domains/
This post provides some additional notes on the DGA including a proof of concept Python implementation, a look at the two most recent sets of DGA generated domains, and concludes with some sinkhole data.
more here.......http://www.arbornetworks.com/asert/2015/04/bedeps-dga-trading-foreign-exchange-for-malware-domains/
↧
Magento Shoplift (SUPEE-5344) Exploits in the Wild
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it can be exploited to take over a vulnerable Magento site.
more here.......https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html
more here.......https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html
↧
↧
SEND MESSAGE TO SKYPE CONTACT USING C#
Let’s see how can we send a message in Skype from a C# application. I chose skype just for the demonstration. You could pick any application and do anything with the following code.
more here..........http://securityblog.gr/2538/send-message-to-skype-contact-using-c/
more here..........http://securityblog.gr/2538/send-message-to-skype-contact-using-c/
↧
Biometrics May Ditch The Password, But Not The Hackers
Passwords get hacked — a lot. In an effort to move beyond passwords, big companies are embracing biometric technology: the use of fingerprints, iris scans or voice recognition for user identification.
To heighten security, smartphones are being outfitted with biometric features. But, ditching passwords for biometrics may not make the hackers go away.
more here.........http://www.npr.org/blogs/alltechconsidered/2015/04/23/401466507/biometrics-may-ditch-the-password-but-not-the-hackers
To heighten security, smartphones are being outfitted with biometric features. But, ditching passwords for biometrics may not make the hackers go away.
more here.........http://www.npr.org/blogs/alltechconsidered/2015/04/23/401466507/biometrics-may-ditch-the-password-but-not-the-hackers
↧
Covert channels – (Mis)Using ICMP protocol for file transfers with scapy
Hello w0rld. In this post I will show how it is possible to (mis)use ICMP protocol for file transfers with scapy here.....http://labs.jumpsec.com/2015/04/24/covert-channels-misusing-icmp-protocol-for-file-transfers-with-scapy/
↧