Fierce is a simple but very useful DNS reconnaissance tool written by Robert Hansen (RSnake) that I use on virtually every pentest, vuln assessment, or application security assessment I’m involved in. There’s nothing fancy or super-technical about this tool; it’s just useful and deserves some mention. It combines the functionality of a handful of recon tools into one....Read More

The Daily Mail has a short article about how the recent compromise of 200,000+ Citigroup accounts occurred. Of course there is not much technical detail but the vulnerability and exploit are pretty obvious if what the article says is correct: “They simply logged on to the part of the group’s site reserved for credit card customers – and substituted their...Read More

Expose unnecessary ports via NAT and firewall rules to your DMZ. I’m talking SSH, telnet, HTTP/S, SNMP, MS-SQL, MySQL, YourSQL, NetBIOS…. everything. If you’re really serious about getting compromised, NAT public addresses to your internal Active Directory servers and database.If you don’t have a firewall or a DMZ, all the better. Make sure no effective...Read More

SQL injection used to be a lot easier a few years ago when it was less known, web application security was less mature, and errors were often exposed. It’s very easy to use a variety of methods to cause errors to display database names, table names, column names, and even row values… when errors are...Read More

Barracuda Networks is latest on the list of security vendors/service providers to be compromised. The Malaysian group, “HMSec,” used blind SQL injection to retrieve database contents including emails, CMS logins, and MD5-hashed passwords. A poston barracudalabs.com titled “Learning the Importance of WAF Technology – the Hard Way” explains that, “The Barracuda Web Application Firewall in front of the Barracuda...Read More

RSA has announced that they have been compromised by an “extremely sophisticated cyber attack” of which details are not clear. All that is known is that RSA’s two-factor authentication seems to be affected. The degree to which this breach impacts their two-factor authentication solutions is not known and RSA has filed an 8-K with the SEC so don’t expect...Read More

CEO Aaron Barr decided to unmask who he thought was behind the leadership of attacks against MasterCard, Visa, and other perceived enemies of WikiLeaks. Before unmasking this individual, Barr spilled the beans and communicated his intended actions to this person. A custom written CMS application (http://www.hbgaryfederal.com) suffered from SQL injection, SQL injection in a URL...Read More

Although this doesn’t prove anything that hasn’t already been proven, seeing often cements belief much more effectively than reading. In this video, I compromise access to three separate wireless networks using three separate authentication and encryption schemes. Test Networks – The Victims: ClientCorporate: 802.1x/PEAP ClientVendor: WPA2-PSK/AES ClientGuest: WEP-128 PSK Full Disclosure – This video is...Read More

 Fierce is one of the best DNS enumeration tools I’ve ever used. It’s great for DNS servers that do not allow anonymous zone transfer as it includes dictionary-based hostname enumeration. A Perl script that enumerates an HTTPS instances supported SSL versions and ciphers.  The best FireFox extension, hands down, for manual web application security assessments....Read More

Collin Mulliner and Nico Golde gave a very interesting SMS DOS presentation at the 27th Choas Communication Congress. The just of it is that “feature phones,” cheaper, less-feature-rich phones sold by providers, as opposed to “smart phones” can accept and execute certain binary code from incoming SMS text messages. Networks often use this functionality to roll...Read More