Zen-Hacking
ActiveX Repurposing.. (aka: Other bugs your static analyzer will never find..) (aka 0day^H^H 485day bug!)
Earlier this week we had an internal presentation on Attacking ActiveX Controls. The main reason we had it is because of the ridiculously high hit rate we have whenever we look at controls with a slight security bent.. When building the presentation i dug up an old advisory we never publicly released (obviously we reported it to the vendor who (kinda) promptly fixed the bug (without giving us any credit at all, but hey.. ))
While the IEBlog promises updates to IE8 that will minimize the damage caused by owned controls in the future, the fundamental problems with ActiveX today are an attackers dream.
DNS Tunnels (RE-REDUX)
On a recent assessment we came across the following scenario:
1) We have command execution through a web command interpreter script (cmd.jsp) on a remote Linux webserver
2) The box is firewalled only allowing 53 UDP ingress and egress
3) The box is sitting on the network perimeter, with one public IP and one internal IP, and not in a DMZ
So we want to tunnel from the SensePost offices to Target Company’s internal machines, with this pretty restrictive setup. How did we accomplish this?
In Defense of Testing Pens… (aka how to keep your soul while being a pen-tester)
A short while back, a discussion broke out on a mailing list about the nature of being a pen-tester. The discussion quickly gravitated towards the number of “security” companies where numbers of projects far out-weigh the interestingness of projects, leading rapidly to a cookie-cutter mentality to pen-test engagements..
Of course if you have spent any time in the industry, you already know this to be true.. the obvious danger with this is that you have a lot of unhappy pen-testers giving shoddy output to (eventually) very unhappy customers. Sadly this soon follows the well published “market for lemons” problem where eventually due to information asymmetry, bad products will soon push out good ones.. i.e. because its hard for customers to tell the difference between good pen-tests and lame pen-tests, eventually the market price drops towards low grade pen-tests (since the customer is paying for what they expect) and at the low prices, good pen-test teams will close shop and move on to other lines of work..
Page 1 of 1