CVE Feeds

Nov 22, 2014

Tools: .NET ExploitRemotingService (c) 2014 James Forshaw

A tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.

Source:: https://github.com/tyranid/ExploitRemotingService

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 20, 2014

CheatSheet: Adb and Android Shell Cheat Sheet

https://github.com/maldroid/adb_cheatsheet/blob/master/cheatsheet.pdf?raw=true


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Slide: Web Architecture - Mechanism and Threats

This slide is my presentation that I present in 2600Thailand Meeting.

https://db.tt/Pu3MeThe


 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 17, 2014

Tools: Hamms - Malformed servers to test your HTTP client


Hamms is designed to elicit failures in your HTTP Client. Connection failures, malformed response data, slow servers, fat headers, and more!

Installation

You can either install hamms via pip:
pip install hamms
Or clone this project:
git clone https://github.com/kevinburke/hamms.git

Usage

  1. Start hamms by running it from the command line:
    python hamms/__init__.py
    
    Or use the HammsServer class to start and stop the server on command.
    from hamms import HammsServer
    
    class MyTest(object):
        def setUp(self):
            self.hs = HammsServer()
            self.hs.start()
    
        def tearDown(self):
            self.hs.stop()
  2. Make requests and test your client. See the reference below for a list of supported failure modes.
By default, Hamms uses ports 5500-5600. In the future, this port range may be configurable.

Source:: https://github.com/kevinburke/hamms

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 15, 2014

Tools: Radare - Forensic Android Tool

Radare project started as a forensics tool, an scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..
radare2 is portable.

Architectures:
6502, 8051, arm, arc, avr, bf, tms320 (c54x, c55x, c55+), gameboy csr, dcpu16, dalvik, i8080, mips, m68k, mips, msil, snes, nios II, sh, sparc, rar, powerpc, i386, x86-64, H8/300, malbolge, T8200
File Formats:
bios, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-64, MZ, PE, PE+, TE, COFF, plan9, bios, dyldcache, Gameboy and Nintendo DS ROMs
Operating Systems:
Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS
Bindings:
Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAM
Features:
  • Multi-architecture and multi-platform
    • GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
    • i8080, 8051, x86{16,32,64}, avr, arc{4,compact}, arm{thumb,neon,aarch64}, c55x+, dalvik, ebc, gb, java, sparc, mips, nios2, powerpc, whitespace, brainfuck, malbolge, z80, psosvm, m68k, msil, sh, snes, gb, dcpu16, csr, arc
    • pe{32,64}, te, [fat]mach0{32,64}, elf{32,64}, bios/uefi, dex and java classes
  • Highly scriptable
    • Vala, Go, Python, Guile, Ruby, Perl, Lua, Java, JavaScript, sh, ..
    • batch mode and native plugins with full internal API access
    • native scripting based in mnemonic commands and macros
  • Hexadecimal editor
    • 64bit offset support with virtual addressing and section maps
    • Assemble and disassemble from/to many architectures
    • colorizes opcodes, bytes and debug register changes
    • print data in various formats (int, float, disasm, timestamp, ..)
    • search multiple patterns or keywords with binary mask support
    • checksumming and data analysis of byte blocks
  • IO is wrapped
    • support Files, disks, processes and streams
    • virtual addressing with sections and multiple file mapping
    • handles gdb:// and rap:// remote protocols
  • Filesystems support
    • allows to mount ext2, vfat, ntfs, and many others
    • support partition types (gpt, msdos, ..)
  • Debugger support
    • gdb remote and brainfuck debugger support
    • software and hardware breakpoints
    • tracing and logging facilities
  • Diffing between two functions or binaries
  • Code analysis at opcode, basicblock, function levels
    • embedded simple virtual machine to emulate code
    • keep track of code and data references
    • function calls and syscall decompilation
    • function description, comments and library signatures
Source:: http://www.radare.org/y/?p=download


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: MeterSSH – Meterpreter over SSH

As penetration testers, it’s continual to identify what types of attacks are detected and what’s not. After running into a recent penetration test with a next generation firewall, most analysis has shifted away from the endpoints and more towards network analysis. While there needs to be a mixture of both, MeterSSH demonstrates how easy it is to circumvent a lot of these signature based “next generation” product lines.
MeterSSH is an easy way to inject native shellcode into memory and pipe anything over SSH to the attacker machine through an SSH tunnel and all self contained into one single Python file. Python can easily be converted to an executable using pyinstaller or py2exe.

Source:: https://www.trustedsec.com/november-2014/meterssh-meterpreter-ssh/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 13, 2014

Tools: Simple-Rootkit - A simple attack against gcc and Python via kernel module, with highly detailed comments.

A simple attack via kernel module, with highly detailed comments.
Here we'll compile a kernel module which intercepts every "read" system call, searches for a string and replaces it if it looks like the gcc compiler or the python interpreter. This is meant to demonstrate how a compromised system can build a malicious binary from perfectly safe source code.
For more information see: http://linux-poetry.com/blog/12/
Also check out: http://memset.wordpress.com/2010/12/03/syscall-hijacking-kernel-2-6-systems/

Instructions

Install your kernel headers
sudo apt-get install linux-headers-$(uname -r)
Run make
cd simple-rootkit && make
Load the module
sudo insmod simple-rootkit.ko
Compile any C or run any Python script and all instances of the string "World!" will now read as Mrrrgn.
gcc hello.c -o hello
./hello 
 
Source:: https://github.com/mrrrgn/simple-rootkit 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

List of resource for MS14-066(Schannel)

https://technet.microsoft.com/en-us/library/security/ms14-066.aspx

http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx

http://pastebin.com/bsgX01dU

http://www.reddit.com/r/netsec/comments/2m1alz/microsoft_security_bulletin_ms14066/

https://isc.sans.edu/forums/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066+/18947 

http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx

https://community.rapid7.com/community/infosec/blog/2014/11/12/schannel-and-ms14-066-another-red-alert

http://seclists.org/snort/2014/q4/407

http://seclists.org/nmap-dev/2014/q4/197

https://isc.sans.edu/diary/SChannel+Update+and+Experimental+Vulnerability+Scanner+MS14-066/18953  

Update
https://www.youtube.com/watch?v=HXsKps-OhPg&feature=youtu.be
http://blog.beyondtrust.com/triggering-ms14-066
http://vimeo.com/112089813 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Nogotofail v0.4 Beta – TLS/SSL Testing Released

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Source:: https://github.com/google/nogotofail

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: OWASP ASVS Assessment Tool (OWAAT)

OWASP ASVS Assessment Tool (OWAAT) is a tool, used to verify Web applications security conformance to the OWASP Application Security Verification Standard (ASVS). It is licensed under AGPLv3.

OWAAT is a Web-based tool and provides team work capabilities.
It allows to create multiple assessment projects and assign assessment tasks to different users. This tool is written in PHP and JavaScript using the jQuery library.

Features:

  • User management: A team of analysts can easily collaborate in an application assessment process.
  • Verification methodology: It allows to define custom verification methods for each rule.
  • Project-based Assessment: Multiple assessment projects can be defined and managed.
  • Task Assignment: It allows to assign assessment tasks to each user.
  • Reporting: It enables to create reports from assessment results.

More Information:
Source:: https://github.com/ghorbanzadeh/OWAAT



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |