[Full-disclosure] Whitepaper
Hi all, If you plan to take my "Application Security: For Hackers and Developers" at ShakaCon, BlackHat, ToorCon, and others; I finally got off my can and finished the prerequisite white paper. It can be found here: http://www.crucialsecurity.com/index.php?option=com_content&task=view&id=94&Itemid=136 Blessings, Jared ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Whitepaper
Hi Jared, Regarding 'The Digital Examination Process: Closing Gaps with New Technology',et al. From the page: "This paper introduces new technology called Crucial Vision that addresses this widespread need." It seems to me that if Crucial Security wants to reach the widest audience with its revolutionary technology, the company would simply publish the paper(s) rather than try and mine the data with a 'Request Resource'. I can't speak for others, but I navigated away at precisely the moment I was presented with 'Request Resource'. Jeff On 5/28/09, Jared DeMott wrote: > Hi all, > > If you plan to take my "Application Security: For Hackers and > Developers" at ShakaCon, BlackHat, ToorCon, and others; > I finally got off my can and finished the prerequisite white paper. > > It can be found here: > > http://www.crucialsecurity.com/index.php?option=com_content&task=view&id=94&Itemid=136 > > Blessings, > > Jared > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Whitepaper
Hi all; I have published a new white paper titled HTTP Headers Manipulation. This article discusses the nature of HTTP headers manipulation attacks and attempts to evaluate the risk and mitigation techniques for the penetration tester and security professionals. If you are interested to read it, you can find it on my blog http://sec.ure.ly Best Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Whitepaper
Jeffrey Walton wrote: > Hi Jared, > > Regarding 'The Digital Examination Process: Closing Gaps with New > Technology',et al. From the page: "This paper introduces new > technology called Crucial Vision that addresses this widespread need." > > It seems to me that if Crucial Security wants to reach the widest > audience with its revolutionary technology, the company would simply > publish the paper(s) rather than try and mine the data with a 'Request > Resource'. > > You've got the wrong paper, mine is entitled: '*Introduction to Application Security'* > Jeff > > On 5/28/09, Jared DeMott wrote: > >> Hi all, >> >> If you plan to take my "Application Security: For Hackers and >> Developers" at ShakaCon, BlackHat, ToorCon, and others; >> I finally got off my can and finished the prerequisite white paper. >> >> It can be found here: >> >> http://www.crucialsecurity.com/index.php?option=com_content&task=view&id=94&Itemid=136 >> >> Blessings, >> >> Jared >> >> -- __ Jared D. DeMott Senior Security Researcher Crucial Security Business Area Harris Corporation http://crucialsecurity.com Office 616.874.7810 Mobile 571.283.4163 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [WHITEPAPER] Bugger The Debugger
Bugger The Debugger - Pre Interaction Debugger Code Execution The use of debuggers to analyse malicious or otherwise unknown binaries has become a requirement for reverse engineering executables to help determine their purpose. While researchers in places such as anti-virus laboratories have always done this, with the availability of free and easy to use debuggers it has also become popular with corporate security officers and home users. One of the main purposes of a debugger is to allow the user to control the execution of a binary in such a way as to determine what instructions or commands the binary is executing. During malware analysis the user can modify what the binary is trying to execute, or prevent it all together. This paper will demonstrate methods that may be used by malware to execute code, simply by being loaded into a debugging session. The paper can be downloaded from the whitepapers section of our website. http://www.security-assessment.com Brett Moore Network Intrusion Specialist, CTO Security-Assessment.com ## CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited. Please note that this communication does not designate an information system for the purposes of the New Zealand Electronic Transactions Act 2003. ## ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Whitepaper: DNS zone redelegation
Newly emerging techniques of DNS cache poisoning have caused quite a stir recently, prompting security researchers to speculate on the nature of the issue, and naturally inducing press stunts by some individuals, including "accidential" information leaks and hasty exploit releases. Many other, more relaxed researchers, who had figured out the attack and had coded working exploits within a few hours (which, by the way, was incredibly easy to do, knowing that an undocumented attack actually existed), decided to coordinate with Dan Kaminsky, who had organized a huge multi-vendor security patch, and withhold information for the proposed 30 days. SEC Consult's researchers were among the first to write a working "fast cache poisoning" exploit, details of which will now be published in a whitepaper, which also includes some calculations on the reliability of the attack. The paper details a way of making DNS cache poisoning / response spoofing attacks more reliable. A caching server will store any NS delegation RRs if it receives a delegation which is "closer" to the answer than the nameservers it already knows. By spoofing replies that contain a delegation for a single node, the nameserver will eventually cache the delegation when we hit the right transfer id. http://www.sec-consult.com/whitepapers_e.html Regards, Bernhard -- _ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile+43 676 840301 718 email [EMAIL PROTECTED] Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223 Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt Advisor for your information security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Whitepaper: Assessing Cloud Node Security
Context Information Security have released a whitepaper on Assessing Cloud Node Security. Synopsis: Some major Cloud providers currently expose their clients’ data to the risk of compromise as a result of serious flaws in the implementation of their technologies. This is the key finding of a major new survey of the security of Cloud nodes completed by Context Information Security. The growing trend in migrating systems to use Cloud infrastructure to take advantage of the cost savings and flexibility that this form of IT provision can offer has caused concern within the security community, because this virtual and dynamic environment creates a new threat landscape. This whitepaper is the result of research undertaken by Context into the technical risks associated with Cloud computing infrastructure nodes. Context rented a range of Cloud nodes currently offered by the major providers and performed a review of their security, including the limitations imposed by providers on the types of technical security testing allowed to be performed. The methodology, results, challenges and recommended mitigations are detailed in this whitepaper, which sets out best practices for securing Cloud nodes as an end user and will help end users to assess and reduce any associated risk to their systems. Information about the general security issues discovered in actual Cloud nodes has also been fed back to the providers to enable them to resolve these issues. Read the whitepaper in full at: http://www.contextis.co.uk/resources/white-papers/assessing-cloud-node-security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Whitepaper: Awakening the Sleeping Giant v1.0
Awaking the Sleeping Giant v1.0 Demystifying Cross Site Scripting Attacks Author: David Kierznowski (david.kierznowski_at_gmail.com) This paper attempts to demystify and categorise current XSS entry nodes, attack capabilities and trends. XSS attacks are gaining popularity quickly. There are loads of vulnerabilities waiting to be found. It can be simple and difficult to prevent. it can propogate around the Internet in hours, exploit internal or private networks and offers the ability to manipulate web services for fun and profit without compromising a single system. The whitepaper can be found at: http://michaeldaw.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Whitepaper by Amit Klein: "HTTP Response Smuggling"
HTTP Response Smuggling Or "HTTP Response Splitting is [still] Mostly Harmful" ;-) Amit Klein, February 2006 Introduction Recently, several anti- HTTP Response Splitting strategies has been suggested and/or put to use by various individuals and vendors. Apparently, those individuals and vendors did not subscribe to the somewhat strict approach recommended in [1], which is, to simply disallow CR and LF in data embedded in HTTP response headers. Rather, the recent anti-HTTP Response Splitting suggestions attempt to take a more granular approach. However, it seems that unfortunately, this approach is basically flawed, because it does not take into account variations and tolerance in the parsing of HTTP responses among proxy servers and clients. This paper presents HTTP Response Smuggling - a way to evade those anti- HTTP response splitting strategies. HTTP Response Smuggling makes use of HTTP Request Smuggling -like techniques ([2]) to exploit the discrepancies between what an anti- HTTP Response Splitting mechanism would consider to be the HTTP response stream, and the response stream as parsed by a proxy server (or a browser). Technique #1 - Who needs a CRLF anyway? === In [3] and [4], it seems that the major defense line against HTTP Response Splitting is disallowing the CRLF sequence ([4] recommends also disallowing the string "HTTP/1.", as well as other strings - this will be covered below). Apart from the serious false positive problem this inflicts (forms with TEXTAREA fields expect multi-line submission, which has CRLF in it), it is also quite ineffective against HTTP Response Splitting. Many proxy servers (e.g. Apache 2.0.55 mod_proxy and Sun Java System Web Proxy Server 4.0, DeleGate 8.11.5) simply allow LF where CRLF is expected. This is also true for Microsoft IE 6.0 SP2 and Mozilla Firefox 1.5. As such, an HTTP Response Splitting attack can be devised containing LFs only (and was indeed demonstrated on Apache 2.0.55 mod_cache+mod_proxy). Note that treating LF as an end of line marker is in violation of the "strict" RFC 2616 [5] section 2.2, which defines the CRLF sequence as the end of line marker, yet at the same time, the RFC (in section 19.3) recommends parsing LF as CRLF. Poisoning the cache of Apache 2.0.55 and Sun Java System Web Proxy Server 4.0 (see appendix) succeeded when only LFs were used. Technique #2 - The oldest trick in the Smuggling book = In [6], the author suggest anti- HTTP Response Splitting technique based on the server marking where it considers the start of headers and end of headers are (using a marker such as a random string which is unknown to the attacker at the injection time). The HTTP client (proxy or browser) then has to verify that the start of headers and end of headers markers match. Putting aside usability issues such as header reordering (note that the RFC [5] section 4.2 states that "The order in which header fields with differing field names are received is not significant.", meaning that RFC compliant implementations are not required to maintain order among different headers, and indeed some are known to reorder headers), the fact of the matter is that still, some HTTP Response Splitting attacks are possible. In this case, the double Content-Length technique (a classic smuggling trick) comes in handy. Let us assume that the injection point occurs before the original Content-Length in the headers section. In such case, the attacker injects a Content-Length header of his/her own. As it happens, Microsoft IE 6.0 SP2 and Apache 2.0.55 mod_proxy will use the first Content-Length header, and ignore any additional Content-Length headers (while Mozilla Firefox 1.5, Sun Java System Web Proxy Server 4.0 and Delegate 8.11.5 will use the last Content-Length header, and ignore any preceding headers - so if the injection point occurs after the original Content-Length header, they can be exploited). The injected Content-Length header terminates the first request at a location of the attacker's choice. The attacker needs to carefully choose this location to point at another injection point (this time in the response body) in which he/she can embed a complete HTTP response, including a spoofed start of headers marker and end of headers marker. This second injection is an additional requirement, and as such, arguably limits the attack, however - there are cases wherein a second injection is native to the situation (see below). Anyway, the importance here is to show that the anti-HTTP Response Splitting can be bypassed under some conditions. Note that an HTTP (response) message containing multiple Content- Length headers is in violation of the HTTP/1.1 RFC [5]. Poisoning the cache of Apache 2.0.55 succeeded with multiple Content-Length headers were pr
[Full-disclosure] [Whitepaper] - Access over Ethernet: Insecurities in AoE
Access over Ethernet: Insecurities in AoE -- ATA over Ethernet (AoE) is an open standards based protocol which allows direct network access to disk drives by client hosts. AoE has been incorporated into the mainstream Linux kernel, recently been the subject of a Slashdot article, and it appears that it is a SAN technology which is here to stay. This paper investigates the insecurities present in the AoE protocol and suggests how you can deploy AoE infrastructure without worrying about a wide scale compromise. The paper can be downloaded from the whitepapers section of our website. http://www.security-assessment.com/technical/whitepapers/ Morgan Marquis-Boire Security Consultant Security-Assessment.com Ltd CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited. Please note that this communication does not designate an information system for the purposes of the New Zealand Electronic Transactions Act 2002. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Whitepaper SecNiche] Insecurities in Implementing Serialization in BISON
hi A specific white paper have been released comprising of specific application problems related to Bison. You can look into it. http://www.secniche.org/papers/Ser_Insec_Bison.pdf Regards AKS http://www.secniche.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Whitepaper SecNiche] Insecurities in Implementing Serialization in BISON
Hi joey Thanks. no Problem. Regards AKS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Whitepaper SecNiche] Insecurities inImplementing Serialization in BISON
>> On Sat, 04 Aug 2007 01:17:36 Interesting! I thought time machine only appears in movies :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joey Mengele Sent: 02 August 2007 22:41 To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] [Whitepaper SecNiche] Insecurities inImplementing Serialization in BISON LOLOLOLOLOLOLOLOL! This is the most retarded shit I have ever read in my life. Are you a Ph.D? Doc J On Sat, 04 Aug 2007 01:17:36 -0400 Aditya K Sood <[EMAIL PROTECTED]> wrote: >hi > > A specific white paper have been released comprising >of >specific application problems related to Bison. > >You can look into it. > >http://www.secniche.org/papers/Ser_Insec_Bison.pdf > >Regards >AKS >http://www.secniche.org > >___ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -- Be your own boss. Click here for information on starting your own business. http://tagline.hushmail.com/fc/Ioyw6h4dA5PRdKQIp9scq2f9RLHvAdxNR8xZbfzjyji9f KO1bFJN0k/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Whitepaper SecNiche] Insecurities inImplementing Serialization in BISON
LOLOLOLOLOLOLOLOLOLOLOL On Thu, 02 Aug 2007 14:32:58 -0400 Debasis Mohanty <[EMAIL PROTECTED]> wrote: >>> On Sat, 04 Aug 2007 01:17:36 > >Interesting! I thought time machine only appears in movies :) > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >Joey Mengele >Sent: 02 August 2007 22:41 >To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]; >[EMAIL PROTECTED] >Subject: Re: [Full-disclosure] [Whitepaper SecNiche] Insecurities >inImplementing Serialization in BISON > >LOLOLOLOLOLOLOLOL! > >This is the most retarded shit I have ever read in my life. Are >you >a Ph.D? > >Doc J > >On Sat, 04 Aug 2007 01:17:36 -0400 Aditya K Sood ><[EMAIL PROTECTED]> wrote: >>hi >> >> A specific white paper have been released comprising > >>of >>specific application problems related to Bison. >> >>You can look into it. >> >>http://www.secniche.org/papers/Ser_Insec_Bison.pdf >> >>Regards >>AKS >>http://www.secniche.org >> >>___ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > >-- >Be your own boss. Click here for information on starting your own >business. >http://tagline.hushmail.com/fc/Ioyw6h4dA5PRdKQIp9scq2f9RLHvAdxNR8xZ >bfzjyji9f >KO1bFJN0k/ > >___ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -- Free quote and debt consolidation information. Click Here. http://tagline.hushmail.com/fc/Ioyw6h4d7x4bsKuNQt9xaaSjSwUOfRpk18GSz1rEuAtPddTxywbXok/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Whitepaper: JBoss AS - Deploying WARs with the DeploymentFileRepository MBean
RedTeam Pentesting released a new JBoss security whitepaper with the title "JBoss Application Server - Deploying WARs with the DeploymentFileRepository MBean". It explains how to deploy WAR files with the DeploymentFileRepository MBean and how this is even possible with Cross Site Request Forgery (CSRF). The paper is available at http://www.redteam-pentesting.de/publications/jboss This new informational page also contains the now publicly released scripts used in the older paper "Bridging the Gap between the Enterprise and You - or - Who's the JBoss now?". Abstract The JBoss Application Server (JBoss AS) is a widely used, open source Java application server. It is part of the JBoss Enterprise Middleware Suite (JEMS) and often used in large enterprise installations. Because of the high modularity and versatility of this software solution, which leads to a high complexity, the JBoss AS is a rewarding target for attackers in enterprise networks. This paper adds to the whitepaper "Bridging the Gap between the Enterprise and You - or - Who's the JBoss now?" released by RedTeam Pentesting. It shows how to use the DeploymentFileRepository MBean to deploy a Web ARchive (WAR) without the need of outbound connections being allowed for the JBoss AS. It also describes how this can be used in conjunction with CSRF to attack a JBoss AS with a protected JMX Console. -- RedTeam Pentesting GmbHTel.: +49 241 963-1300 Dennewartstr. 25-27Fax : +49 241 963-1304 52068 Aachenhttp://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck pgpPeFlPOA0Mz.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Whitepaper SecNiche] Insecurities in Implementing Serialization in BISON
LOLOLOLOLOLOLOLOL! This is the most retarded shit I have ever read in my life. Are you a Ph.D? Doc J On Sat, 04 Aug 2007 01:17:36 -0400 Aditya K Sood <[EMAIL PROTECTED]> wrote: >hi > > A specific white paper have been released comprising >of >specific application problems related to Bison. > >You can look into it. > >http://www.secniche.org/papers/Ser_Insec_Bison.pdf > >Regards >AKS >http://www.secniche.org > >___ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -- Be your own boss. Click here for information on starting your own business. http://tagline.hushmail.com/fc/Ioyw6h4dA5PRdKQIp9scq2f9RLHvAdxNR8xZbfzjyji9fKO1bFJN0k/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Whitepaper SecNiche] Insecurities in Implementing Serialization in BISON
You're welcome. Doc J On Sat, 04 Aug 2007 02:44:18 -0400 Aditya K Sood <[EMAIL PROTECTED]> wrote: >Hi joey > >Thanks. no Problem. > >Regards >AKS -- Debt collectors calling your house? Click here to consolidate into one payment. http://tagline.hushmail.com/fc/Ioyw6h4d7x4pstlbBO9lv7GkcAcVd7vrdMNZs6jAMM17ik1aZFYs0g/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Whitepaper SecNiche] Insecurities in Implementing Serialization in BISON
Thanks for the bullshit once again. "...Remember students there are no stupid questions, only stupid people..." -- Mr. Garrison to Stan in a Southpark episode. warl0ck // MSG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Whitepaper: IT (in)security implementation in a real world example
Greetings to the list, I have written a short paper on principles and failures of IT security based on a real-world example of a (yet unpublished) issue with DB CarSharing - a German car rental company. Extract: Preface This paper is not meant to be a disclosure or accusation. Although it is based on a true story and describes a rather concerning security-related issue, its focus is the analysis of security issues in projects heavily dependant on IT. Its primary goal is to serve as a guideline for people intending to do better than today. Story For a couple of months now DB Carsharing is largely advertized as a convenient car rental service (you can get cars on an hourly basis) offered by a company named DB Rent – a subsidiary of Deutsche Bahn - throughout all German railway stations. However, this public service becomes a potential danger to its customers – due to inherent flaws in handling of sensitive data, insufficient user restrictions and significant flaws in vulnerability management. The paper can be found at http://syneticon.net/support/security/security-by-example.html in HTML for your convinience. Regards, Denis Jedig syneticon networks GbR ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
