Thursday, November 27, 2008

Explico - Network forensics

A great new tool for analyzing network traffic has been released, as stated in the Xplico web site:

"Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analisys Tool (NFAT)."

The goal of Xplico is extract from an internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analisys Tool (NFAT).


Website and more info: http://www.xplico.org/about

-CMM
By - No comments:
Labels: ,

Incident Handling Cheatsheets

The guys at ISC SANS (Internet Storm Center) has released two Incident Handling Cheatsheets, these will be useful for people that got hacked, infected by malware, system administrators, etc. 

The first one is "Security Incident Survey Cheat Sheet for Server Administrators", it captures tips for examining a suspect machine.

The other is a questionnaire for responders, it collects the most important questions an incident handler should ask when taking control of the incident, or getting in contact with the problem.


By - No comments:
Labels: ,

Monday, November 24, 2008

IV OWASP SPAIN presentation


Last friday i did a presentation about new ways to get information from a target person or company, the title was "A Fresh new look into Information Gathering".

The room was full, even my talk started at 19:15, after 3 other talks, that's was very cool because it means that the people was interested in the topic.

It's curious how there are a lot of people not aware of this issue (Information Gathering, information leak, etc), but at least i felt good about doing some awareness.

You can get the presentation here

-CMM
By - No comments:

Nessus - Alternative Feeds

The people at Alienvault.com, has released an alternative Nessus feeds, they have 3058 plugins in the feed, and the most interesting feature is that they provide a lot of SCADA servers plugins, this is interesting since the only plugins available for SCADA were paid.

So if you want to use this plugins, go to this page

The plugins also work on OpenVAS

Do you know any other free feed?

Enjoy

-CMM
By - No comments:

Sunday, November 23, 2008

Desktop setup - Unity power

After trying different setups and OS, i'm actually working with two different setups, my work computer a lame Fujitsu Siemens 15" wide with Core 2 Duo 2.4Ghz and 2GB of Ram, this machine runs a Windows Vista SP1, it's really fast in this machine and i'm pretty happy with it; and my other computer is my personal laptop a Macbook Pro 15" Core Duo 2.0Ghz and 2GB Ram, really is the best computer i owned, it's a pleasure to use this computer and i enjoy a lot the OSX.

First i want to make clear why i use Windows Vista instead of Linux? Well because i'm working a lot with Office Documents, and i couldn't find a good solution on Linux (i tried almost everything), also the different problems i have with Linux that are time consuming to fix (Multiple screens, is a difficult task for a linux, i don't know why they do not create a easy config tool like Windows)

So where is Linux? i run linux on both machines in a Vmware machine, in the Fujitsu Machine is blazing fast, so fast that i had to try it native and compare, and to my perception it was faster in the Virtual Machine, not so sure why, but is good for me :)

And in my personal computer linux runs in Vmware Fusion, a great piece of software. You might be wondering, "it's the same as the others vmwares out there", well NO, it has a feature called Unity, that allows you to run the Guest operative applications, on the HOST desktop, as if they were a native application, i talked of a feature like this in Parallels called Coherence, both Vmware and Parallels supported Windows Guest system for this feature, but recently Vmware Fusion added support to Linux guest systems.

Here is my OSX desktop, running my Ubuntu linux applications (the ones with black windows):

You can see the ProxyStrike running on OSX and Linux, and a Ubuntu Terminal and a OSX Terminal, also a Ubuntu file manager windows.

For OSX to be perfect, i would like to have windows management options like WMII, not all of them, but basic ones, like WinSplit Revolution on Windows.

(After writing this post I found a way of doing some of the tricks, but you have to use AppleScript and Quicksilver, i will post later a customized version)

In future post i will show the software i usually use on both machines for my pentesting tasks and for productivity also..

What is your desktop setup?

-CMM
By - No comments:
Labels: ,

WebSlayer at Pauldotcom podcast


Last week Matt Tesauro from OWASP, pointed me that "WebSlayer" was reviewed in the show "PaulDotCom" a Security weekly podcast.


The MP3 of the show can be downloaded here

Also you can find the episode notes here


I recommend this podcast, is very interesting and they talk a lot about penetration testing topics, really useful and very entertainment.

They liked the tool, so it's a good signal and good feedback.

I'm waiting for the next episode :)

-CMM
By - No comments:
Labels:

Wednesday, November 19, 2008

Clickjacking Demo

A lot of buzz were flowing on the net the last few months , about a new type of vulnerability known as "ClickJacking" or "Ui redressing". The vulnerability is a variant of Cross Site Request Forgery (CSRF). The idea is simple, here is an explanation found in www.webmonkey.com:

"The basic idea is that an attacker loads the content of an external site into the site you’re visiting, sets the external content to be invisible and then overlays the page you’re looking at. When you click a link you see on the current page, you are in fact clicking on the externally loaded page and about to load pretty much whatever the attacker wants."

Well it seems pretty easy and clear, but if you want to see an attack in action, you have to check this GUYA.NET, where an attacker controls the camera of the victim, through a ClickJacking attack.

Some of you might be wondering how can you protect against it? The last version of NoScript (a Firefox Plugin that provides protection against XSS) adds protection to ClickJacking.

Be careful where you click ;)

CMM-
By - No comments:
Labels: , ,
Subscribe to: Posts (Atom)

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...

  • Wfuzz 2.1 released !
    I'm pleased to announce  a new version of WFuzz! Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for findi...
  • Scan for shellshock with wfuzz
    In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
  • Wfuzz 2.2.0 released
    I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...