Блог

1337 in the Library: Obtaining your information security education on the cheap

The two quotes above were my inspiration for writing this article, along with the fact people keep asking me «How do I get started in security». Well, if you’re asking for career advice I’m not your man, but on the learning side of things I think I have a few tips I can give you.
(далее…)

13.10.2015
Obfuscated 4chan.gif/Invasion.gif/SYS.JSE Decoded and Removal

t of encoding it was using, and folks pointed me to the post at the SAN Internet Storm Center:

http://isc.sans.org/diary.html?storyid=5821&rss

But that had few detail on how the encoding was done. Byte_Bucket from Pauldotcom pointed me at a tool called «Windows Script Encoder» from Microsoft that seems to be what was used. After doing some checking, the encoded part of the JSE starts with #@~^ , which is also what the MS tool creates.
(далее…)

13.10.2015

XSS, Command and SQL Injection vectors: Beyond the Form

Active Directory

Not to beat a dead horse, but what about all of the fields you can fill out on an Active Directory or LDAP object? Now that I think about it, maybe it’s time for me to update my ADS Reaper tool.

Application Names and Metadata Got an asset tracker that lists the software installed on a machine to a lovely HTML report? Does the assets tracking software look at the metadata in files? That could be another possible vector.

Banners

Is your custom scanning software logging the banners it sees on open ports? What if the banner has a little malicious XSS?

Conclusion

Granted, many of these possible attack vectors are hypothetical, and depend on reporting tools not sanitizing data. Still, I hope this short article makes the wheels in your head start grinding away at new way of thinking when it comes to injection attacks. For more ways to mangle XSS to get it past filters, check out RSnake’s excellent cheat sheet:
http://ha.ckers.org/xss.html

13.10.2015

Tracking users, malware and data leaks via the USB serial numbers on flash drives, smart phones and MP3 players

I don’t write on the forensics side of security much, but I thought this was an interesting topic that I’d not seen covered much before. While I was doing my research on USB hardware key loggers I learned quite a bit about USB devices that I did not know before. Besides Vendor IDs and Product IDs, some devices also have a serial number associated with them.
(далее…)

13.10.2015
Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device

Introduction

While I was at Shmoocon 2010, I was given a Phantom Keystroker. It’s a neat little USB dongle which looks like a thumbdrive that you could surreptitiously install in the back of someone’s computer.
(далее…)

13.10.2015

Блог

1337 in the Library: Obtaining your information security education on the cheap

Obfuscated 4chan.gif/Invasion.gif/SYS.JSE Decoded and Removal

XSS, Command and SQL Injection vectors: Beyond the Form

Tracking users, malware and data leaks via the USB serial numbers on flash drives, smart phones and MP3 players

Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device