It is Microsoft patch Tuesday again, and back are the difficulties to make sense of the way vulnerability information is organized. The Security Update Guide lists a total of 243 security updates, but note how for each product (e.g. Microsoft Edge) we have different platforms listed. These are patches that fix the same group of …
Read more “Microsoft Patch Tuesday (and Adobe), (Tue, May 9th)”
[This is a guest diary by Renato Marinho of Morphus Labs. If you are interested in writing a guest diary: please send suggestions to us via our contact page] 1. Introduction We recently deployed a high interaction honeypotsexpecting it to be compromised by a specific malware. But in the first few days, instead of getting …
Read more “Exploring a P2P Transient Botnet – From Discovery to Enumeration, (Mon, May 8th)”
We are all privileged towork in the field of information security. We alsocarry the responsibility tokeep current in our chosenprofession.RegularlyI hear from fellow colleagues whowant to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several approaches that can be used to bridge this …
I read an interesting article in aBelgian IT magazine[1]. Every year, they organise a big survey to collect feelings from people working in the IT field (not only security). It is very broad and covers their salary, work environments, expectations, etc. For infosec people, one of the key points was that people wanted to attend …
When browsing a target web application, a pentester is looking for all entry or injection points present in the pages. Everybody knows that a static website padding:5px 10px”> form action=/view.php method=post input name=article id=article input type=submit value=Submit /form In both cases, the pentester will have a deeper look at the values that can be passed …
Read more “HTTP Headers… the Achilles' heel of many applications, (Fri, May 5th)”
Gebhard pointed us to an article at Heise, which reports that researchers are working towards a universal fingerprint – a master pattern (or small number of master patterns) that ring enough bells to unlock any of todays fingerprint readers. They are currently have an approach that takes partial impressions and combines them until it matches …
Read more “The Quest for the Universal Fingerprint, (Thu, May 4th)”
I recently had a security assessment / internal pentest project, and one of the findings was I found an AS/400 running telnet services (actually unencrypted tn5250, but it comes to the same thing) The clients response was that this host was up for history purposes only, it was not longer production system. So it was …
Read more “Migrating Telnet to SSH without Migrating, (Thu, May 4th)”
We got several reports (thanks to Seren Thompson, Tahir Khan and Harry Vann) about OAUTH phishing attacks against Google users. The phishing attack arrives, of course, as an e-mail where it appears that a user (potentially even one on your contact list, so it looks very legitimate) has shared a document. An image of such …
Read more “OAUTH phishing against Google Docs ? beware!, (Wed, May 3rd)”
— Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
It should be no surprise to our regular readers how powerful PowerShell (pun intended) really is. In last couple of years, it has become the main weapon of not only white hat penetration testing, but also various attackers. Recently I had to perform some pivoting through a compromised box. It had a specific exploit which …