Blog
FW: HBN Extended Edition 9-13 March
Yes, it is time to offer some technical input by way of our HBN Extended Edition training. There will be no Christmas hat this time round but lots of valued input. We have scheduled our first training course for our new year, Hacking By Numbers – “Extended” Edition – for March 9-13th . The course runs for a full 5 days in Pretoria, South Africa.
The HBN ‘Extended Edition’ is simply an intensive extended version of the regular Bootcamp course. Whilst the content and structure are essentially the same as Bootcamp, the Extended Edition offers students a deeper understanding of the concepts being presented and affords them more time to practice the techniques being taught. Extended Edition is currently only offered in Switzerland and South Africa only, or can be arranged on request.
Joe Grand (Kingpin) gets famouser!
This is probably really old news (to some), but was in the company of sattelite TV this weekend and saw that Joe Grand now has a TV Slot all of his own. “Prototype This” looks like it will be awesome..
I spent the rest of the day trying hard to catch the adverts at just the right time to get a pic of Joe, while excitedly saying “i cant believe joe is on TV” to deels to try to convince her that it was a better alternative than going out..
reDuh.ASPX
An additional issue has been discovered in the ASPX version of reDuh. Although the script did work as expected, it did not set the ScriptTimeout value. This resulted in reDuh terminating active connections once the page timeout had expired.
This has been fixed in the ASPX version. A copy can be grabbed from here. More information regarding reDuh can be found here.
ASPX and reDuh
We’ve received a number of queries regarding folkses unable to get the ASPX version of reDuh to work.
In truth, the client had a faulty HTTP implementation meaning that HTTP requests were malformed. Apache and Tomcat cope admirably with the malformed requests, IIS does not.
So, we’ve built a new client version for reDuh which will play nicely with IIS. Apart from the bugfix, the new version also supports SSL. A direct link to the updated client is here. More information regarding reDuh is here.
Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)
aka.. Someone put the hurtski on Kaspersky..
The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on a SQL Injection vulnerability that was exploited on AV vendor Kaspersky’s site. Detail of the attack can be found here.
It’s interesting that SQL Injection (though as old as the proverbial hills) is still such a major issue.
In fact, I have it on good authority that the bulk of PCI-related compromises are still as a result of SQL Injection…
On Hiring Staff – The T-Shirt Method..
Anyone who has honestly reflected on what they know about hiring, will tell you that no matter how locked-down you think you have it, you dont. There is still way too much left to chance and way too much that you just dont know. To avoid this, companies that care about preserving their culture will sometimes adopt a “default deny” approach. It’s ok to miss a potentially good hire rather than to take on a bad one. This isn’t silly geek risk aversion.. It’s because one bad hire can do amazing damage to a culture (an area bad hires can be amazingly productive in).
Turn of the century deja vu?
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way.
It has been a good few years since the world saw a worm outbreak of this magnitude. Indeed, since the Code Red, Slammer and Blaster days, things have been fairly quiet on the Interwebs front.
As a community, it seems we very quickly forgot the pains caused by these collective strains of evil. Many people proclaimed the end of issues of that particular bent, whether it be as a result of prolific post-worm hastily induced reaction buying of preventative technologies and their relatives, or whether more faith was placed in software vendors preventing easily “wormable” holes in their software.
EDoS is the new DDoS ?
Over at [Rational Survivability] beaker as coined the term EDoS. To describe how “the utility and agility of the cloud computing models such as Amazon AWS (EC2/S3) and the pricing models that go along with them can actually pose a very nasty risk to those who use the cloud to provide service”
Of course, this has kicked off the flurry of responses from “How is this different to soaking up the bandwidth of people who pay per gig” to “OMG! thats the new thing.. Cloud Computing is bad”.
RFP Spotting..
Not the boring pile of papers kind.. the shiny pants and sunglasses kind:
Turns out you can find him blogging these days at [http://research.zscaler.com/]
PS. if you dont know who RFP is, you are too young, and probably think w00w00 is leetspeak for a siren..
QoW: Software Reversing and Exploitation
I’ve developed a FTP like multi-threaded server application as a target for this challenge of the month. It has been coded in c and compiled by VC++ 2008. This is a three step challenge:
Step 1- Find the correct “passphrase” format to logon to the server and get the “Access Granted” message. (You may use a debugger like Ollydbg to do Live RE for this step).
Step 2- Do vulnerability research on the server software. There is at least one exploitable bug but there could be more bugs or error conditions. Try to spot a memory corruption bug and write a denial of service exploit for it.