2010
SensePost J-Baah
I’m pleased to announce the release of J-Baah – the port of CrowBar (our generic HTTP Fuzzing tool) to Java. If you’ve used CrowBar before, using J-Baah should be a breeze. If you haven’t, it actually has a help section. :P You can grab a copy of J-Baah from here.
ITWeb Security Summit 2010 & Afterparty
The ITWeb security summit is coming up next week from the 11th to 13th of May. This is a conference we’re quite excited about, and have been involved in for the last few years, but most recently, we’ve been able to further our involvement beyond just speaking. For years I jealously watched as SensePost’ers would trundle all over the world shaking hands and drinking beer with the leet haxors of…
Password Strength Checker & Generator
In my previous role working as a security manager for a large retailer, I developed some password tools for various purposes, primarily to help non-security people with some of the basics. I licensed them under the GPL, and I think it’s about time they saw the light of day. There are a couple of tools, which I will explain below. They’re all written in JavaScript, primarily because it is cross-platform,…
GlypeAhead: Portscanning through PHP Glype proxies
As the need for online anonymity / privacy grew, the proxy industry flourished with many proxy owners generating passive incomes from their proxy networks. Although ‘proxy’ is normally thought to imply some sort of daemonized application, such as Squid (or a SOCKS) daemon, the last couple of years have heralded in the age of CGI proxies and more commonly, their PHP variants. These PHP proxies are extremely trivial to deploy…
BroadView V4 Attributes
Following on from Evert’s posting about the new BroadView v4, I’d like to showcase a specific aspect of BV that we’ve found useful, namely Attributes. These are small pieces of data collected and maintained for each host scanned by BV including somewhat mundane bits of info like IP address and OS but, they also include some really tasty morsels about remote hosts that are scanned. Attributes are collected on a…
‘Scraping’ our time servers
The intertubes have been humming lately around a certain NTP feature to gather lists of NTP servers’ clients and it naturally grabbed our attention. The humming was started by HD Moore recently where he revealed that it is possible to query NTP servers to get lists of addresses and using the information for fun and profit. He also mentioned that he will be releasing a paper describing all this and…
BroadView – coming of age
Ever since Ron Gula’s RiskyBusiness talk #142 about their Nessus philosophy, I decided to come out of the closet and share with our readers the work we do in the vulnerability management field. [Ed: If you don’t listen to Risky Business then, as we say in South Africa, eish.] Ron explained that with Nessus they aim to give users a tool that can be used for monitoring and auditing –…
HBN BootCamp Updated!
Hey Everyone, As promised last week, we have made changes to the content of our HBN BootCamp course. We have updated the course content to include the following attack vectors, vulnerabilities and environments. Web applications Client-side attack vectors Intranet vulnerabilities and exploits Time-based attacks Privilege Escalation and Pivot attacks Third Party software exploitation Data Extrusion techniques We believe this will significantly change the course content and encourage you to sign…
CANSA Shavathon 2010
This past Thursday we received notice that Boogterman & Partners would be a host company for the CANSA Shavathon 2010 taking place on Friday, 05/03/2010. So when I send out an email to everyone at SensePost, little did I know at the time what a huge thing this would turn into. However I really shouldn’t be surprised as this is a typical show of how “We Roll”! I was challenged…
Decrypting Symantec BackupExec passwords
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon account” password in its backend MS SQL database (LoginAccounts table). These accounts include the “system logon account” which is used to run agent services and an optional number of active directory accounts that are used to access resources over the network. The following scenarios can result in access to encrypted…