2010
Information Security South Africa (ISSA) 2010
Last week we presented an invited talk at the ISSA conference on the topic of online privacy (embedded below, click through to SlideShare for the original PDF.) The talk is an introductory overview of Privacy from a Security perspective and was prompted by discussions between security & privacy people along the line of “Isn’t Privacy just directed Security? Privacy is to private info what PCI is to card info?” It…
Memcached talk update
Wow. At some point our talk hit HackerNews and then SlashDot after swirling around the Twitters for a few days. The attention is quite astounding given the relative lack of technical sexiness to this; explanations for the interest are welcome! We wanted to highlight a few points that didn’t make the slides but were mentioned in the talk: Bit.ly and GoWalla repaired the flaws extremely quickly, prior to the talk.…
BlackHat Write-up: go-derper and mining memcaches
[Update: Disclosure and other points discussed in a little more detail here.] At BlackHat USA last year we spoke about attacking cloud systems, while the thinking was broadly applicable, we focused on specific providers (overview). This year, we continued in the same vein except we focused on a particular piece of software used in numerous large-scale application including many cloud services. In the realm of “software that enables cloud services”,…
Go-derper: mining your memcacheds
Today at BlackHat USA 2010 we released a tool for manipulating memcached instances; we still need to write it up properly but here’s a link to the tool for the moment. tl;dr: if you find a memcached, you can dump the cache and manipulate entries in the cache.
HTTP Methods per Directory
A very common finding in our day to day vulnerability management endevours is the HTTP Methods Per Directory. In its most basic form, HackRack will determine which HTTP methods are allowed on various web or CGI directories by calling the OPTIONS methods per directory. On its own it is not always significant but as soon as you have directories that allow for PUT or DELETE, and weak directory permissions are…
SensePost Corporate Threat(Risk) Modeler
Since joining SensePost I’ve had a chance to get down and dirty with the threat modeling tool. The original principle behind the tool, first released in 2007 at CSI NetSec, was to throw out existing threat modeling techniques (it’s really attack-focused risk) and start from scratch. It’s a good idea and the SensePost approach fits nicely between the heavily formalised models like Octave and the quick-n-dirty’s like attack trees. It…
New SensePost Website – check it out
Sigh. We’ve never been much good at marketing or advertising, and I guess we still aren’t. But we have tried to give our old website a bit of a face-lift, and it’s starting to feel like we’re finally making some progress. Certainly most of the content is new and accurate and and certainly its much more comprehensive than our previous one. We’ve also gone to some effort to implement a…
SensePost’s Training @ Black Hat Vegas ’10 (win something)
After hearing our talk was accepted at BlackHat, we’re happy to announce that our training will be back for it’s 9th straight run. Speaking of a run, we’re going to be hosting the usual marathon of courses: cadet, bootcamp, combat, web 2.0. But, while the names remain, we’ve spent some time updating the material. In particular, bootcamp, combat & web 2.0 have been through the ringer. We’re hoping to get…
I know what your cert did last summer
Most of our clients that make use of our vulnerability management service, HackRack, manage a large and usually interactive web application environment, that makes use of SSL. HackRack would then often report on findings such as weak cyphers in use (critical if the client has to adhere to PCI DSS), mismatching cert names and domain names, and then expired certs. Now, this is easy to check and re-check when you…
SensePost at BlackHat USA 2010
A brief update from South Africa on some recent talks as well as the upcoming BH USA: our talk proposal has been accepted for BH USA 2010 which makes it the ninth year running that SensePost is talking in Las Vegas. One more and we qualify for free milkshakes at the Peppermill. This year we’ll be discussing caching in large scale web apps and why exposing caches to the interwebs…