Blog
Chris Eng 1 – 0 Verizon DBIR Cover
Chris Eng over [at the Veracode blog] documents how he approached, and decoded the info behind the [2009 Verizon Data Breach Investigations Report ]
Its an interesting read, and although in the end it turned out to be just a [Vigenère cipher] and fell to (effectively) a [known plaintext attack], its def. worth the few minutes it will take to read..
Virtualization as an answer to backward compatability?
Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.. It seems they learnt their lesson (and found a cheap way to maintain backward compatability without having to keep legacy code forever). [XP with SP3 as a virtual-pc virtual machine within Windows 7]
We thought we had problems classifying client side bugs that required user intervention (remote? local?), what happens when a remote in XP-SP3 allows one to execute code in the Windows7 machine through local VM breakout? (indeed a new acronym is needed in anticipation: RAXPLVMB??)
BiDiBLAH Case Study (Part 2)
With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal with it… Herewith, part 2. All the scenarios can be downloaded from the BiDiBLAH home page.
Scenario:
We have a class B network internally. Many of the users run FTP servers on their machines. We do not allow this – but how do I identify these machines?
Solution:
Using BiDiBLAH, define your network as netblocks.
SPUD reminder(s)
After some queries regarding SPUD, I thought it would be a good idea to blog this reminder:
* Spud can only be run as an administrative user.
* Spud cannot be run by directly accessing the .exe. You should run SPUD from the shortcut provided. The reason being: SPUD cannot start from the \bin directory, but only from the \bin parent directory. (default: Program Files\SensePost SPUD). I.e, run “bin\SPUD.exe” from the installation directory as below:
The power of data
We recently introduced some neat blizzards onto a PoC Broadview client.
On tha back of Conficker, our Broadview Dashboard sports a couple of instantly available blizzards that show:
1. How many machines, on all scans for the last 10 days, have patch MS08-067 missing
2. How many machines do not have SMS Agents, EPO Agents or Any AV installed
3. And without too much hassle one can quickly see where machines with MS08-067 missing also do not have EPO Agents, SMS agents or any AV installed. (enlarge image to see why)
Comments have been broked :(
Comments on the blog have been suprisingly quiet and we should have realised this when more and more people started having discussions with us via twitter or email (as opposed to simply saying their piece here).
Short Story:
It was broken, and it should be fixed again. Blame has been assigned and culprits have been whipped appropriately.
Long Story:
Most SensePost’ers interact with the blog through our company-internal blog. This allows us to share top secret information like lolcats without publishing it here. Selected posts are pumped through to public via a plugin inside (which also publishes certain comments / etc).
Sensepost’s HBN Extended Edition course 11-15th May
We have scheduled our next training course, Hacking By Numbers – Extended Edition (Bootcamp) in May 11-15th .
The course runs for a full 5 days.
Overview The HBN ‘Extended Edition’ is simply an intensive extended version of the regular Bootcamp course. Whilst the content and structure are essentially the same as Bootcamp, the Extended Edition offer students a deeper understanding of the concepts being presented and affords them more time to practice the techniques being taught. Extended Edition is currently offered in Switzerland and South Africa only, or can be arranged on request.
reDuh reVisited…
We’ve had a number of issues with reDuh and the various server versions published. Some clients worked with some versions of the server, and didn’t play nicely with others.
I am happy to say that these have all been resolved now. The single reDuhClient now works with JSP, ASPX and PHP versions of reDuh. Its been tested on a number of different platforms.
Additionally, the new reDuh client supports some enhancements. These are:
Should InfoSec companies be betting on PCI ?
The United States committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology recently held a hearing to determine if “the Payment Card Industry Data Standards Reduce Cybercrime?”
Risky Business played snippets of the hearing under the apt title: “Washington spanks PCI DSS” – Like most episodes of RB, its well worth the listen..
One of the “merchants” giving testimony made his point quite succinctly. The credit card companies require us to keep card details, and shift the burden of fraudulent transactions to the merchant. There are much better ways to handle transactions, but the current method is a cheap way for the CC vendors to shift the burden and the risk to the merchants who historically had no alternative.
#include fakeNewsStory.h
what? on April 1st???? Never!