Saturday, December 26, 2009

Semicolon attack

M$ IIS webserver is vulnerable to an attack using a semicolon in conjunction with benign extensions to fool it into executing malware.

Friday, December 25, 2009

Security humour

Security-themed jokes are rare and very refreshing when I come across them. This sketch was the inspiration behind VirusZoo.

Wednesday, December 23, 2009

"X-Mas Capture the Flag" challenge

AppSec Research creates a challenge to the public to find a web app vulnerability to uncover the hidden message. The vulnerable webpage is located here.

Update: Solution posted here. I will try out the steps during the Xmas long weekend.

Coolest hacks of 2009

Dark Reading compiles a list of 9 cool hacks uncovered this year.

File recovery

Ever deleted a file by accident? Well... you don't need to be a forensics guru to reclaim the deleted file.
From the genuises who created, CCleaner, comes Recuva... a portable tool that you can copy to a flash drive and insert into any machine to recover lost files. This is ideal compared to installing recovery tools as it reduces the risk of accidentally writing over files that you wish to repossess.
In my demo, my "Recycle Bin" is emptied. I launch Recuva Portable and initiate a scan of my local drive. It displays a deleted file for restoration. Upon recovery, I am able to view my original data.

You need administrative access to the target system in order to scan for deleted files. On the flip side, this exercise shows how rudimentary it is to recover files and thus you need to protect your privacy by wiping files that you no longer need. Eraser is the solution for you.

Monday, December 21, 2009

NeXpose Metasploit integration

With Rapid7's funding of Metasploit, both NeXpose and Metasploit are seamlessly integrated to automatically scan and remotely exploit target machines. Far out!!! I ran the plugin to successfully exploit my vulnerable virtual machine.

NeXpose vs Nessus

I've used Nessus for years. I only recently heard of NeXpose after Rapid7 started funding Metasploit and promised to integrate their scanner with Metasploit. I decided to give NeXpose a whirl. The learning curve wasn't steep when using the scanner.
Scanned the same target machine with Nessus.
The 2 scanners produce the same result but I always believe in the need to use multiple tools to assess vulnerabilities in infrastructures, networks, systems and applications to uncover the full state of insecurity.

Thursday, December 3, 2009


Found out about this resource from attending a Symantec security seminar today. ThreatExpert provides a list of free services including a "Memory Scanner". This tool scans your memory for malware. Users can submit suspicious files for analysis to discover the file's behaviour without having to execute it.

Tuesday, December 1, 2009

Code injection via English text?

Fascinating research that explains how the humble English text can be harnessed to perform shellcode injection.

Session video recording vs keystroke logging

Visually, it is easier to comprehend what is occurring during a session when reviewing a recording as compared to keystrokes. However, recordings consume a lot of storage and cannot be indexed for easy searching unlike keylogging. Session video recording is more secure as it does not record the privilege password. It is also less intrusive because no software or tweaking is required on the endpoint system.
The jury is still out on session video recording. It is a good concept but its disadvantages currently outweigh its benefits.