2007
Threat Modelling Talk at CSI Phoenix
After a six hour delay due to technical problems *before* my journey even started I’m finally on the plane and waiting for take off. Tag an additional five hour delay due to a missed connection in New York and this quickly become a very, very long trip. Perhaps my longest ever. Ah well, the price we pay for living at the end of the world, I guess. I’m on my…
VMware for OSX (Fusion) – Beta 4
VMware have just released beta4 of its Fusion product for OSX. The initial beta was hard to justify and a little flaky, which allowed Parallels to take an early lead. We still have people in the office who swear by parallels.. But.. in my book VMware has just been such a life saver since we first started making heavy use of it (about 6 years ago) that i figured it…
Right escalation via services or scheduled tasks in Windows
Scheduled tasks and services are often run as accounts with excessive privileges (HP Insight, backups etc) instead of limited service accounts. By exploring the tasks under c:\windows\tasks or the services by managing the computer, you can quickly see possible options to escalate your rights. By replacing at the actual exe that the service or task runs with a exe of your own, you can spawn a netcat shell. I use…
Hotel Hacking
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to an article I read in TIME the hotel will collect your most frequently dialled numbers and load them onto the touchscreen phone when you return for your next visit. Not only that, they also program the phone to show stock quotes or news and weather from your home town, AND…
Re: Jeremiah Grossmans “How to find your websites”
Jeremiah from WhiteHatSec has just written a quick piece on how to find your websites. Now Footprinting is obviously dear to our hearts, with 3 Blackhat talks on it (or applications of it) (“Automation – Deus ex Machina or Rube Goldberg Machine?“, “Putting The Tea Back Into CyberTerrorism“, “The Role of Non Obvious Relationships in the Foot Printing Process“), a commercial tool almost dedicated to it, and a full blown…
Second Life land grab case moves into U.S federal courts..
Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully seizing his virtual land. -snip- Linden Lab filed two motions to dismiss the suit, arguing that Bragg came into possession of his land wrongfully, but the Pennsylvania judge denied those motions. -snip- A few things about this are super interesting.. Linden Labs (creators of Second Life) literally sells online assets…
Web Mashups point and click style (open invite for Sammy v2.0) ?
[Yahoo pipes] looks like an awesome way for even non-programmers to create web mashups trivially. Aside from the fact that its interface is super-cool, it brings an interesting dimension to next gen web attacks. (Google Video on Pipes by Pipes developers). pdp has already covered pipes in his OWASP talk where he used it to re-write a jikto equiv. in almost-0 lines of code, along with a tinyurl filesystem. pdp…
Windows filesharing on OSX still vulnerable…
Aaron Adams over at SYMANTEC, did a quick check on the version of Samba running on currently up to date OSX machines and found that the Macs were still running 3.0.10. He did a quick mod on the existing Metasploit module and has reliable code execution going.. If you are running OSX, you probably want to make sure your samba isnt exposed while you grab the latest source and build..…
Welcome to extern blog SensePost;
Ok.. so after many moons of making excuses for not making our internal blog public we have decided on a happy compromise.. Some of the “work-safe” posts from internal, will make its way out here.. {we have a ton of posts on internal, and promise to publish them if they are ever referenced by new posts here to stop the foncusion} Other than that.. Welcome, thanks for taking the time…
Adventures while moving… (Part II)
Ok.. so we have an outside gate type thing that leads to our garden. Since we would probably get to the gate at random points of the day / week we figured a combination lock would make sense. Now i know that combination locks traditionally have a pretty small keyspace, and have a horrible reputation so i asked Deels to make sure she got one with at least 4 digits,…