Nytro

Kali Linux 1.0.6 Released Posted on: 01-9-2014 Posted by: muts Kernel 3.12, LUKS nuke, Amazon AMI / Google Compute images and more! It’s been a while since our last minor release which makes 1.0.6 a more significant update than usual. With a new 3.12 kernel, a LUKS nuke feature, new Kali ARM build scripts, and Kali AMAZON AMI and Google Compute image generation scripts, not to mention numerous tool additions and updates – this release is really heavily laden with goodness. For more information about what’s new in this release, check the Kali changelog. Kali ARM Build Scripts Now Available This new release brings with it the introduction of the Offensive Security Trusted ARM image scripts – a set of slowly growing scripts that are able to build Kali Linux images for various ARM devices. These scripts will replace the growing number of actual ARM image releases we have in order to reduce the exponentially growing amount of traffic we serve on each release. We will release a short blog post about how to use these scripts in the next few days. LUKS Nuke Patch Added to cryptsetup A couple of days ago, we demonstrated a cool patch for cryptsetup, which introduces a self destruction feature. The response to this post was overwhelmingly positive, as many people voted to see this feature included in Kali Linux. Therefore, we included this patch into our cryptsetup package yesterday, making the luksAddNuke options available to all Kali users by default. The patch is non-invasive and will not change anything for anyone that does not want to make use of it. No action is necessary if you currently use LUKS and don’t want to utilize the key nuke feature. The updated cryptsetup package is present in Kali 1.0.6 by default. We’d like to take a moment to thank everyone who participated in the poll for voicing their opinion. This kind of feedback is very useful for us, giving us a better feel for the type of features to add in the future. In an upcoming blog post, we will take the opportunity to better explain this new feature and show you how to test it out. Updated Instructions for Building VMware Tools with Kernel 3.12 VMware Tools always lags behind new kernels, which always causes us headaches and this time is no exception. At the time of this release, VMware Tools does not cleanly compile against kernel 3.12 and requires a set of patches. We have posted these Kali Linux VMware Tools patches on GitHub along with instructions on how to use them. We suspect that these build issues will go away in future releases of VMware Tools. Kali Linux Amazon AMI/Google Compute Build Scripts Now Available Yay! This was on our todo list for quite awhile and we’re happy to bring this feature out at last. A set of scripts that enables you to build your own custom Amazon AMI and Google Compute cloud images. If you intend to use the images for any real work, you should first consult with the terms of service of the cloud provider. Separation of Kali Official Images and Offensive Security Contributed Images Due to the ever growing number of ARM images Offensive Security is contributing as well as the high demand of more flavours of VMware images, we’ve separated the Official Kali images from Offensive Security contributed images. This allows us to generate more VMware image flavours (amd64, i486, i686-pae), as well as increased flexibility in future releases. To find updated VMware and custom ARM images, visit the Offensive Security Custom Image Download Page. Please bear with us as we update images on this server in the next few days. Improving Kali Linux Package Features In the past couple of weeks, jerichodotm has been helping us add watch files to our Kali packages. These watch files allow us to monitor upstream tarball releases for updates in a much more reliable manner. Once this process is complete, we’ll be able to monitor new upstream software updates with much more ease. For example, if you want to check if there’s a new upstream release of nmap, you could do the following: root@kali:~# apt-get install devscripts root@kali:~# apt-get source nmap root@kali:~# cd nmap-6.40/ root@kali:~/nmap-6.40# uscan --no-download --verbose -- Scanning for watchfiles in . -- Found watchfile in ./debian -- In debian/watch, processing watchfile line: http://nmap.org/dist/nmap-((?:\d+\.)+\d+)\.tgz -- Found the following matching hrefs: nmap-5.00.tgz nmap-5.20.tgz nmap-5.21.tgz nmap-5.50.tgz nmap-5.51.1.tgz nmap-5.51.2.tgz nmap-5.51.3.tgz nmap-5.51.4.tgz nmap-5.51.5.tgz nmap-5.51.6.tgz nmap-5.51.tgz nmap-6.00.tgz nmap-6.01.tgz nmap-6.25.tgz nmap-6.40.tgz Newest version on remote site is 6.40, local version is 6.40 => Package is up to date -- Scan finished root@kali:~/nmap-6.40# No Re-Downloading Required Lastly, if you already have a Kali Linux installation up and running, you don’t need to download a new ISO. You can easily upgrade your installation to the latest and greatest Kali Linux has to offer as follows: root@kali:~# apt-get update root@kali:~# apt-get dist-upgrade ….Engage. We’re really happy with this release and are looking forward to completing our next goals with 1.0.7. As usual, you are welcome to visit our Kali Linux forums (which now default to HTTPS), read up on our official documentation, submit bugs and patches, or chat with us in IRC, irc.freenode.net, #kali-linux. Shameless Plug Offensive Security has recently updated its “Penetration Testing With BackTrack” online course to “Penetration Testing with Kali linux“. If you’re looking for official, quality training on Kali Linux, this is a great place to start. We’re biased of course, but many other people seem to think so too! Sursa: Kali Linux 1.0.6 Released | Kali Linux

Cine mai e offtopic primeste direct ban.

Want to Spy? Google Play will help you Spyware or legitimate monitoring application? You decide. In this blog we'll discuss a 'legitimate' app that can be purchased in Google Play known as SMS Tracker. Now it's legitimate as it advertises exactly what it does, but based how this same application is packaged and distributed in other markets, it's clear that the vendor is also targeting another, less altruistic audience with this same application. The app also illustrates the powerful access permissions that an application can gain so long as the end user agrees to it, either explictly or otherwise. Details about the application: Name: SMS Tracker. Installs: 10,000-15,000. Description: Gizmoquip SMS Tracker - Track text messages and location data from all of your android phones. As per the description on the application’s Google Play page, the application is able to do the following: SMS Tracking – Intercepts text messages. Read all inbound and outbound text messages. Details include time and date, phone number, contact name and location of the target phone. Complete Text message tracking and logging. MMS tracking - Intercepts MMS multimedia messages. Read and view all inbound and outbound MMS messages. See what photos are sent to and from the target phone. Details include photo, time and date, phone number, contact name and location of the target phone. Browser Tracking – monitors all web browser activity on the target phone. Know which websites were visited, which pages were viewed and when. GPS Tracking – Logs GPS location information wich can later be viewed on a map. Know when and where the phone was located at all times. Breadcrumbs to record location information allowing parents to locate their children at frequent intervals. GPS logging occurs at a user defined rate (default interval is 5 minutes). Remote GPS logging and viewing give you the ability to see the location of your child’s phone, from any web browser. The breadcumb trail offers powerful GPS Tracking. Call Logging – Monitors all inbound, outbound and missed calls. Identifies the phone number, contact name, call duration, and location of the phone for every call. If you want to know where your kids are, just send them a text message. The location of the phone is recorded every time it sends or receives a text message. Tracking of System Events, including Device Powered On/Off, Device Attached / Removed to/from the charger, Apps installed/removed/updated. Silently monitor all inbound and outbound SMS messages. How the app can be used? First you need to download the application and install it on the device on which you want to spy. After installing an application you need to register it. Next, you need to go to Gizmoquip SMS Tracker - Track text messages and location data from all of your android phones., where you will be asked for your login name and password ,which was registered at a time of installing the application. This screenshot shows the dashboard after login. This screenshot shows the page where you can see logging from the device. It covers SMS, device information, call logs, network traffic, location details, etc. Zscaler’s concerns: In any other context, an application with these capabilities would clearly be labelled as spyware. At the vendor's (Gizmoquip.com - Download) they are selling a repackaged version of this app which has the same functionality but does not leave an icon on the device, thus making it more stealthy and harder to detect following installation. This version also does not contain the notification icon or privacy policy screen. Why the transparency? What audience is this version targeting? This same application could also serve generic template for other spyware projects by being wrapped with other code to provide the core functionality needed to create another malicious app. This type of app clearly shows the powerful level of access that can be granted to Android apps, so long as users grant permission. An app can access SMS, call logs, network traffic, hardware details, screen details etc. Always carefully read the permissions requested by an application before installing it on your device. The vendor is promoting this application as a tool for monitoring the mobile activities of your children. However, this same app would be a very effective tool for spying on someone once installed on their phone. You just need to install the app on the device which you want to spy and you are done. All the information about the device and all call and SMS logs can then be remotely monitored. Moreover, all of the user's private data is stored on the vendor's server. What guarantees are in place that the private data will remain private? In the increasingly common enterprise world of “Bring Your Own Device” (BYOD), such applications could be leveraged to expose corporate contact lists, email, browsing information and collect private data from corporate apps in the workplace. Enterprises often block access to 'non-official' app stores to prevent the installation of such apps, but this illustrates that such a restriction is no guaruntee that spyware can't be installed from an official source. Virustotal scan results: The application available from the vendor site (smstracker.com): https://www.virustotal.com/en/file/21aa6c6652287413f07ddfbcadea84441a500ee12816dfe4beed913e4a0fa636/analysis/ The Google Play store’s version: https://www.virustotal.com/en/file/a3b40fa9fea9600b55d4d07fd4f0358ee74e6924c342c5857c2a5311f7a11ed3/analysis/ Interestingly, despite virtually the same functionality, far fewer AV vendors flag the Google Play version as malicious. - Viral Sursa: Zscaler Research: Want to Spy? Google Play will help you

Parent Directory - Ebooks by Authors/ 02-Jul-2011 20:33 - Syngress - Aggressive Network Self-Defense.pdf 02-Jul-2011 20:33 83M Syngress - Best Damn Windows Server 2003 Book P..> 02-Jul-2011 20:34 21M Syngress - Botnets - The Killer Web App.pdf 02-Jul-2011 20:34 7.0M Syngress - Buffer Overflow Attacks.pdf 02-Jul-2011 20:34 5.4M Syngress - Building DMZs for Enterprise Network..> 02-Jul-2011 20:34 12M Syngress - Building SANs with Brocade Fabric Sw..> 02-Jul-2011 20:35 3.8M Syngress - Building a VoIP Network with Multime..> 02-Jul-2011 20:34 17M Syngress - C#.NET Web Developer's Guide.pdf 02-Jul-2011 20:34 6.8M Syngress - Check Point NG VPN-1 FireWall-1 Adva..> 02-Jul-2011 20:33 12M Syngress - Cisco Security - Professional's Guid..> 02-Jul-2011 20:33 15M Syngress - Cisco Security - Specialist's Guide ..> 02-Jul-2011 20:33 11M Syngress - Combating Spyware in the Enterprise.pdf 02-Jul-2011 20:34 8.0M Syngress - Creating Security Policies and Imple..> 02-Jul-2011 20:33 2.8M Syngress - Cyber Adversary Characterization - A..> 02-Jul-2011 20:33 4.1M Syngress - Cyber Crime Investigations.pdf 02-Jul-2011 20:33 9.2M Syngress - Cyber Spying - Tracking your Family'..> 02-Jul-2011 20:35 106M Syngress - Developer's Guide to Web Application..> 02-Jul-2011 20:33 11M Syngress - Email Virus Protection Handbook.pdf 02-Jul-2011 20:32 5.8M Syngress - Enemy at the Water Cooler.pdf 02-Jul-2011 20:33 6.3M Syngress - Essential Computer Security.pdf 02-Jul-2011 20:33 7.8M Syngress - Google Hacking for Penetration Teste..> 02-Jul-2011 20:34 13M Syngress - Google Hacking for Penetration Teste..> 02-Jul-2011 20:33 15M Syngress - Google Talking.pdf 02-Jul-2011 20:34 8.3M Syngress - Hack Proofing Linux.pdf 02-Jul-2011 20:32 12M Syngress - Hack Proofing Sun Solaris.pdf 02-Jul-2011 20:34 6.8M Syngress - Hack Proofing Windows 2000 Server.pdf 02-Jul-2011 20:33 12M Syngress - Hack Proofing XML.pdf 02-Jul-2011 20:34 7.1M Syngress - Hack Proofing your Identity in the I..> 02-Jul-2011 20:33 8.9M Syngress - Hack Proofing your Network - 2nd Edi..> 02-Jul-2011 20:34 8.8M Syngress - Hack Proofing your Web Applications.pdf 02-Jul-2011 20:33 8.6M Syngress - Hack Proofing your Wireless Network.pdf 02-Jul-2011 20:32 6.6M Syngress - Hack Proofing your network.pdf 02-Jul-2011 20:34 2.9M Syngress - Hack the Stack.pdf 02-Jul-2011 20:33 7.2M Syngress - How to Cheat at Securing a Wireless ..> 02-Jul-2011 20:32 12M Syngress - InfoSec Career Hacking - Sell your S..> 02-Jul-2011 20:34 84M Syngress - Intrusion, Prevention and Active Res..> 02-Jul-2011 20:34 85M Syngress - LEGO Software Power Tools.pdf 02-Jul-2011 20:34 15M Syngress - Linksys WRT54G Ultimate Hacking.pdf 02-Jul-2011 20:32 16M Syngress - Metasploit Toolkit for Penetration T..> 02-Jul-2011 20:34 4.9M Syngress - Microsoft Vista for IT Security Prof..> 02-Jul-2011 20:34 19M Syngress - Nessus Network Auditing.pdf 02-Jul-2011 20:33 4.6M Syngress - Ninja Hacking - Unconventional Penet..> 02-Jul-2011 20:34 9.9M Syngress - Nmap in the Enterprise - Your Guide ..> 02-Jul-2011 20:34 6.1M Syngress - OS X for Hackers at Heart.pdf 02-Jul-2011 20:34 15M Syngress - Penetration Tester's Open Source Too..> 02-Jul-2011 20:33 34M Syngress - Penetration Tester's Open Source Too..> 02-Jul-2011 20:35 27M Syngress - Phishing Exposed.pdf 02-Jul-2011 20:34 8.3M Syngress - Practical VoIP Security.pdf 02-Jul-2011 20:33 9.7M Syngress - Programmer's Ultimate Security Deskr..> 02-Jul-2011 20:33 4.5M Syngress - RFID Security.pdf 02-Jul-2011 20:34 5.9M Syngress - SQL Injection Attacks and Defense.pdf 02-Jul-2011 20:34 6.5M Syngress - Scene of the Cybercrime - Computer F..> 02-Jul-2011 20:33 5.0M Syngress - Scripting VMware Power Tools.pdf 02-Jul-2011 20:34 5.0M Syngress - Secure Your Network for Free.pdf 02-Jul-2011 20:33 7.2M Syngress - Securing the Cloud - Cloud Computer ..> 02-Jul-2011 20:34 3.3M Syngress - Security+ Study Guide.pdf 02-Jul-2011 20:32 11M Syngress - Security Assessment Case Studies for..> 02-Jul-2011 20:34 5.0M Syngress - Security Log Management - Identifyin..> 02-Jul-2011 20:34 6.6M Syngress - Security Sage's Guide to Hardening t..> 02-Jul-2011 20:32 11M Syngress - Snort 2.0 Intrusion Detection.pdf 02-Jul-2011 20:34 7.1M Syngress - Snort 2.1 Intrusion Detection - 2nd ..> 02-Jul-2011 20:33 12M Syngress - Snort IDS and IPS Toolkit.pdf 02-Jul-2011 20:34 8.4M Syngress - Sockets, Shellcode, Porting and Codi..> 02-Jul-2011 20:33 112M Syngress - Special Ops - Host and Network Secur..> 02-Jul-2011 20:32 17M Syngress - Stealing the Network - How to Own a ..> 02-Jul-2011 20:34 9.1M Syngress - Stealing the Network - How to Own th..> 02-Jul-2011 20:33 4.6M Syngress - Systems Security Certification Pract..> 02-Jul-2011 20:34 6.3M Syngress - Techno Security’s Guide to Managin..> 02-Jul-2011 20:34 16M Syngress - The Mezonic Agenda - Hacking the Pre..> 02-Jul-2011 20:34 16M Syngress - VB.NET Developer's Guide.pdf 02-Jul-2011 20:33 6.4M Syngress - WarDriving and Wireless Penetration ..> 02-Jul-2011 20:33 21M Syngress - Wireless Hacking - Projects for Wi-F..> 02-Jul-2011 20:34 18M Syngress - Wireshark and Ethereal - Network Pro..> 02-Jul-2011 20:32 13M Syngress - Writing Security Tools and Exploits.pdf 02-Jul-2011 20:35 11M Syngress - XSS Attacks.pdf 02-Jul-2011 20:34 7.3M Syngress - Zen and the Art of Information Secur..> 02-Jul-2011 20:34 5.2M Syngress - Zero Day Exploit - Countdown to Dark..> 02-Jul-2011 20:32 3.7M The Hackademy - Hors Serie 1.pdf 02-Jul-2011 20:35 12M The Hackademy - Hors Serie 2.pdf 02-Jul-2011 20:32 36M The Hackademy - Hors Serie 3.pdf 02-Jul-2011 20:34 14M The Hackademy Prog - Apprendre à Programmer en..> 02-Jul-2011 20:32 14M The Hackademy Prog - Apprendre à Programmer en..> 02-Jul-2011 20:34 34M The Hackademy School - Hack Newbie.pdf 02-Jul-2011 20:35 3.5M The Hackademy School - Hack Security Pro.pdf 02-Jul-2011 20:33 6.4M The Hackademy School - Linux.pdf 02-Jul-2011 20:33 19M The Hackademy School - Mini Guide Anonymat.pdf 02-Jul-2011 20:34 2.3M The Hackademy School - Newbie - part 1.pdf 02-Jul-2011 20:33 10M The Hackademy School - Newbie - part 2.pdf 02-Jul-2011 20:34 9.9M The Hackademy School - Newbie - part 3.pdf 02-Jul-2011 20:33 11M The Hackademy School - Newbie - part 4.pdf 02-Jul-2011 20:33 9.2M The Hackademy School - Securite wifi.pdf 02-Jul-2011 20:34 1.3M ZI Hackademy - Newbie 1.pdf 02-Jul-2011 20:33 25M ZI Hackademy - Newbie 2.pdf 02-Jul-2011 20:32 41M ZI Hackademy - Newbie 3.pdf 02-Jul-2011 20:34 31M Sursa: http://n-pn.info/repo/HackBBS/HackBBS/Docs_HackAngel/

[h=1]Another X.Org Security Bug Found, Dates Back To 1991[/h] Posted by Michael Larabel in X.Org on 07 January 2014 06:00 PM EST Another X.Org Security Advisory had to be publicly issued today to make known a buffer overflow in an X.Org library that's been present in every X11 release from X11R5 and the code was completed way back in 1991. Back in October there was a X11 security advisory going back to 1993 and today's noted security issue was for code introduced in May of 1991. This security advisory comes just days after the X Server security was called a disaster with what will amount to at least hundreds of open security issues found by a researcher. The security was found via running the cppcheck utility as a static analyzer to look at the code. The issue found is a stack buffer overflow in the passing of BDF font files in libXfont. It's an issue present for more than two decades and was easily spotted with static analysis of the code. When a buffer overflow does happen in libXfont, it's possible that the bug could lead to an unprivileged user acquiring root access to the system. This bug has been found in every X Server release going back to X11R5 and was corrected with the new release of libXfont 1.4.6. More details on this latest security advisory can be found via the xorg-announce list. Sursa: [Phoronix] Another X.Org Security Bug Found, Dates Back To 1991

Nu mai pune poze cu black_death, induci lumea in eroare.

30c3 - Hacking As Artistic Practice Description: !Mediengruppe Bitnik are contemporary artists. In their talk they will show two examples of their work, illustrating the translation of hacking from the computer field into an artistic practice. Bitnik will show how to hack the opera in ten easy steps and what happens when you send a parcel with a hidden live webcam to Julian Assange at the Ecuadorian Embassy in London. Using the strategies of hacking, !Mediengrupppe Bitnik intervenes into settings with the aim of opening them up to re-evaluation and new perspectives. «Opera Calling» was an artistic intervention into the cultural system of the Zurich Opera. From March 9th to May 26th 2007, audio bugs, hidden in the auditorium, transmitted the performances of the Zurich Opera to randomly selected telephone land-lines in the city of Zurich. In proper style of a home-delivery-service, anyone who picked up their telephone, was able to listen to the on-going opera performances for as long as s/he wanted through a live connection with the audio bug signal. The Zurich Opera launched a search for the bugs and in a first reaction threatened to take legal action if the transmissions were not stopped and the bugs not removed. «Delivery for Mr. Assange» is a live mail art piece. In January 2013 !Mediengruppe Bitnik sent Wikileaks-Founder Julian Assange a parcel containing a camera. Julian Assange has been living in the center of a diplomatic crisis at the Ecuadorian embassy in London since June 2012. Through a hole in the parcel, the camera documented and live-tweeted its journey through the postal system, letting anyone online follow the parcel's status in real-time. !Mediengruppe Bitnik regard this work as a SYSTEM_TEST. Would the parcel reach its intended destination? Or would it be removed from the postal system? For More Information please visit : - https://events.ccc.de/congress/2013/wiki/Main_Page Sursa: 30c3 - Hacking As Artistic Practice

Stiu, dar e ceva ce trebuie vazut.

Pacat ca lumea prefera un serial/porn/film de cacat in loc sa vada asa ceva.

Windows Exploitation (Structured Exception Handler Based Exploitation) Description: This video demos a Structured Exception Handler (SEH) stack overflow exploit. It gives some basic idea about the SEH structure in windows operating system. It explains the technique used to perform exploitation. Sursa: Windows Exploitation (Structured Exception Handler Based Exploitation)

Metasploit Meterpreter and NAT Published January 4, 2014 | By Corelan Team (corelanc0d3r) Professional pentesters typically use a host that is connected directly to the internet, has a public IP address, and is not hindered by any firewalls or NAT devices to perform their audit. Hacking "naked" is considered to be the easiest way to perform a penetration test that involves getting shells back. Not everyone has the luxury of putting a box directly connected to the internet and as the number of free public IP addresses continues to decrease, the need for using an audit box placed in a LAN, behind a router or firewall, will increase. Putting an audit box behind a device that will translate traffic from private to public and vice versa has some consequences. Not only will you need to be sure that the NAT device won’t "break" if you start a rather fast portscan, but since the host is in a private LAN, behind a router or firewall, it won’t be reachable directly from the internet. Serving exploits and handling reverse, incoming, shells can be problematic in this scenario. In this small post, we’ll look at how to correctly configure Meterpreter payloads and make them work when your audit box is behind a NAT device. We’ll use a browser exploit to demonstrate how to get a working Meterpreter session, even if both the target and the Metasploit "attacker" box are behind NAT. Articol: https://www.corelan.be/index.php/2014/01/04/metasploit-meterpreter-and-nat/

Windows Exploitation (Simple Stack Overflow) Description: This video demos a simple stack overflow exploit. It gives some basic idea about the application that is being exploited, some idea about the exploit and demos how a debugger can be used to perform exploitation. Sursa: Windows Exploitation (Simple Stack Overflow)

Fixed.

Ati inceput noul an ca niste pizde, va plangeti din orice rahat.

Din cate se pare, sunt pe "invisible".

Fa un screenshot.

Done. Langa "Mark forums as read", jos.

Nu am inteles. Sa pun link cu "New posts" langa "Mark forums as read"?

V-am pus "Mark forums as read", verificati daca merge. Am pus si link de "Send PM". Verificati.

[h=3]Effective blocking of Java exploits in enterprise environments[/h] [h=2]Preface[/h] "Java everyday" was a joke about Java vulnerabilities, where almost every day a new Java zero-day was seen. Recently, the "Java 0-day spotted in the wild" is no longer in the headlines every week (see http://java-0day.com), but Java exploits are still the biggest concern regarding exploit kits and drive-by-download malware. In a recent Kaspersky report, they found that about 90% of the exploit kits were trying to infect the victim machine via Java. [h=2]The "typical useless" recommendations[/h] Okay, so we have a problem called Java in the browser, let's look for a solution! The two simplest "solutions" of all are: Update your Java. Remove Java from your browser. Both solutions are non-solutions for enterprises. Still, a hell a lot of in-house-built applications need old Java - e.g. 1.6.x, which is end-of-life since February 2013. Next recommended "solution" is: "Create separate browsers for Internet and intranet usage. The intranet facing browser supports Java, the Internet facing does not." Although this sounds pretty effective, there are still a lot of problems with this approach. Now IT has to update two browsers instead of one. Users has to be trained, and in a web-security gateway (web proxy) one has to configure that this browser can go there but the other can't, etc. And still there might be Java applet based applications outside of the organization which has to be used by a bunch of people. Next solution: "Use NoScript". LOL. Teach NoScript to 50000 users, and see how they will learn the "Allow all this page" first, and "Allow scripts globally" the next time. Next solution: "Click-to-play" I think this is a good countermeasure, but from now on the exploit maker either needs an exploit to bypass the click-t-play, or to socially engineer the user to click so this is not a bulletproof solution either. [h=2]The solution[/h] Okay, so far we have five totally useless recommendations. The next one seems pretty good at the first sight: "White-list websites which need Java, and only allow Java to these sites." Let's dig deeper. How can we "white-list" sites? This is not supported from Java out-of-the-box. In a decent web-security gateway one can create white-lists, but we have to define a condition for Java traffic. A common misconception is to say: let's identify Java traffic for .class, .jar, and .jnlp file extensions, and only allow Java for white-listed websites. Although this will block some exploits, but not all. Here is a screenshots from the very popular Neutrino exploit kit: This is the .jar exploit. As you can see, there is no extension at all in the HTTP request (e.g. .jar). But what about the Mime-type in the response? It is video/quicktime… But it is the jar exploit, with a detection of 2/49 on Virustotal. And, yes, I'm aware of the fact that Virustotal statistics are useless and AV has other possibilities in the exploit chain to block the malware being dropped. Or not Two things can be flagged here as Java: the User-agent and the Mime-type in the request. I recommend checking for both. The User-agent can be checked via regular expressions, and if one matches, flag it as Java request. [h=2]Payload delivery[/h] Although not closely related to the exploit, but the malware payload delivery is interesting as well. After successful exploitation, the exploit payload downloads the malware from the the same site. In a normal web-security gateway, executables can be flagged, and blocked for average users. Now look at the Neutrino exploit kit: No executable extension (e.g. .exe, .dll), the response Mime-type is faked to audio/mpeg, and even the malware is XOR encrypted with a 4 character key (I let the exercise to the reader to guess the XOR key). Even if the web-security gateway looks for file headers to identify executables, it won't find it. The malware is decrypted only on the victim, where the AV might or might not find it. Although the User-agent here is Java again, be aware of the fact that at this stage, the User-agent can be faked by the exploit. [h=2]Mobile devices[/h] If we white-list sites on the web-security gateway, and block any other traffic when we see Java based User-agent or content-type, we are good. Well, almost. As long as the client is in the enterprise… What you can do here is to enforce the mobile devices the use of VPN every time it is outside of the corporate network, and only connect it to the Internet through the corporate web-security gateway. I know, this is still not a solution, but I can't think anything better at the moment. Leave a comment if you have a solution for this. Now the only Java threat is that someone hacks one of the white-listed websites in a watering hole attack, and serves the java exploit from the same page. Not a likely attack, but possible for a real advanced threat. [h=2]Conclusion[/h] If you are a CISO (or has the same position), you should proactively block Java exploits. White-listing websites which require Java is not impossible. Not a lot of sites use Java applets nowadays anyways. I would say average users see Java applets more in an exploit than in a legit site... You can flag Java traffic via User-agent regular expression, or content-type (in the request), or both. Special care needs to be taken on mobile devices, which leave the enterprise on a regular basis. Of course, you will need other protections too, because this is not a 100% solution. And if you are a plain home user, you can safely delete Java from your browser, or use a decent Internet Security Suite which can effectively block Java exploits. Posted by Z at 1:30:00 PM Sursa: Jump ESP, jump!: Effective blocking of Java exploits in enterprise environments

The 2013 Top 7 Best Linux Distributions for You Thursday, 14 March 2013 09:00 Katherine Noyes Back in 2010 Linux.com published a list of the year's top Linux distributions, and the popularity of the topic made it an instant annual tradition. There have been several shifts and shakeups on the lists presented since then, of course, and -– as you'll soon see – this year's offering holds true to that pattern. In fact, I think it's safe to say that the past year has seen so much upheaval in the desktop world – particularly where desktop environments are concerned – that 2013's list could come as a surprise to some. Let me hasten to note that the evaluations made here are nothing if not subjective. There also is no such thing as the “one best” Linux distro for anything; in fact, much of the beauty of Linux is its diversity and the fact that it can be tweaked and customized for virtually any taste or purpose. The one best Linux for you, in other words, is the flavor you choose for your purpose and preference and then tweak until it feels just right. Still, I think some Linux flavors stand out these days as leaders for particular use cases. I'm going to diverge a bit from past lists here when it comes to those categories, however. Specifically, where past lists have included the category “Best Linux LiveCD,” I think that's become almost obsolete given not just the general shift to USBs -- some PCs don't even come with CD drives anymore, in fact -- but also the fact that most any Linux distro can be formatted into bootable form. On the other hand, with the arrival of Steam for Linux, I think this year has brought the need for a new category: Best Linux for Gaming. Read on, then, for a rundown of some of the best of what the Linux world has to offer. Best Desktop Distribution There are so many excellent contenders for desktop Linux this year that it's become a more difficult choice than ever – and that's really saying something. Canonical's Ubuntu has made great strides in advancing Linux's visibility in the public eye, of course, while Linux Mint and Fedora are both also very strong choices. Regarding Ubuntu, however, a number of issues have come up over the past year or so, including the inclusion of online shopping results in searches – an addition Richard Stallman and the EFF have called “spyware.” At the same time, the upheaval caused by the introduction of mobile-inspired desktops such as Unity and GNOME 3 continues unabated, spurring the launch of more classically minded new desktops such as MATE and Cinnamon along with brand-new distros. For best desktop Linux distro, I have to go with Fuduntu, one of this new breed of up-and-comers. Originally based on Fedora but later forked, Fuduntu offers a classic GNOME 2 interface – developed for the desktop, not for mobile devices -- and generally seems to get everything right. Besides delivering the classic desktop so many Linux users have made clear that they prefer, Fuduntu enjoys all the advantages of being a rolling release distribution, and its repository includes key packages such as Netflix and Steam. I've been using it for months now and haven't seen a single reason to switch. Best Laptop Distribution At the risk of sounding repetitive, I have to go with Fuduntu for best Linux distro as well. In fact, the distro is optimized for mobile computing on laptops and netbooks, including tools to help achieve maximum battery life when untethered. Users can see battery life improvements of 30 percent or more over other Linux distributions, the distro's developers say. Such optimizations combined with this solid and classic distro make for a winner on portable devices as well. Best Enterprise Desktop Linux The enterprise is one context in which I have to agree with recent years' evaluations, and that includes the enterprise desktop. While SUSE Linux Enterprise Desktop is surely RHEL's primary competitor, I think Red Hat Enterprise Linux is the clear leader in this area, with just the right combination of security, interoperability, productivity applications and management features. Best Enterprise Server Linux It's a similar situation on the server. While there's no denying SUSE Linux Enterprise Server has its advantages, Red Hat is pushing ahead in exciting new ways. Particularly notable about Red Hat this year, for example, is its new focus on Big Data and the hybrid cloud, bringing a fresh new world of possibilities to its customers. Best Security-Enhanced Distribution Security, of course, is one of the areas in which Linux really stands out from its proprietary competitors, due not just to the nature of Linux itself but also to the availability of several security-focused Linux distributions. Lightweight Portable Security is one relatively new contender that emerged back in 2011, and BackBox is another popular Ubuntu-based contender, but I still have to give my vote to BackTrack Linux, the heavyweight in this area whose penetration testing framework is used by the security community all over the world. Others surely have their advantages, but BackTrack is still the one to beat. Best Multimedia Distribution Ubuntu Studio has often been named the best distro for multimedia purposes in Linux.com's lists, but it's by no means the only contender. ZevenOS, for instance, is an interesting BeOS-flavored contender that came out with a major update last year. For sheer power and nimble performance, though, this year's nod goes to Arch Linux. With an active community and thousands of software packages available in its repositories, Arch stays out of the way so your PC can focus on the CPU-intensive tasks at hand. Best Gaming Distribution Last but certainly not least is the gaming category, which surely represents one of the biggest developments in the Linux world over this past year. While it may not be relevant for enterprise audiences, gaming has long been held up as a key reason many users have stayed with Windows, so Valve's decision to bring its Steam gaming platform to Linux is nothing if not significant. The Linux distro choice here? That would have to be Ubuntu, which is specifically promoted by the Valve team itself. “Best experienced on Ubuntu” reads the tag line that accompanied the Steam for Linux release last month, in fact. Bottom line: If you're into gaming, Ubuntu Linux is the way to go. Have a different view on any of these categories? Please share your thoughts in the comments. Sursa: The 2013 Top 7 Best Linux Distributions for You | Linux.com

[h=1]BSidesDE 2013 2 2 antipwny a windows based ids ips for metasploit rohan vazarkar david bitner[/h] Bsides Delaware 2013 Videos(Hacking Illustrated Series InfoSec Tutorial Videos)

[h=3]backtrace.py version 0.3[/h] backtrace.py version 0.3 has been pushed out to it's repo. A couple of notable features have been added. The previous version only tracked the use of the MOV instruction. This is kind of useful..I guess..well at least it was fun to code. The current version tracks whenever a register(ECX) or it's sub-register (CX) are manipulated. The old version relied on string comparisons. For example if we back trace from the highlighted code up we would see al is referenced then EAX, then byte_1003B03C, then dl, etc.. .text:10004E99 mov byte_1003B03C, al .text:10004E9E movsx ecx, byte_1003B03C .text:10004EA5 imul ecx, 0A2h .text:10004EAB mov byte_1003B03C, cl .text:10004EB1 movsx edx, byte_1003B03C .text:10004EB8 xor edx, 0A4h .text:10004EBE mov byte_1003B03C, dl .text:10004EC4 movsx eax, byte_1003B03C .text:10004ECB cdq .text:10004ECC mov ecx, 0C8h .text:10004ED1 idiv ecx .text:10004ED3 mov byte_1003B03C, al .text:10004ED8 xor eax, eax .text:10004EDA jmp short loc_10004F01 .text:10004EDC ; --------------------------------------------------------------------------- .text:10004EDC movsx edx, byte_1003B03C .text:10004EE3 or edx, 0D2h .text:10004EE9 mov byte_1003B03C, dl .text:10004EEF movsx eax, byte_1003B03C .text:10004EF6 imul eax, 0C1h .text:10004EFC mov byte_1003B03C, al The old version did not know that AL is the lower address of EAX due to the use of string comparison. The new version does a simple check of the register name and it's purpose. Note: there will be some issues if AH is moved into AL or other similar operations. I didn't code that logic in. If we were to back trace the code above we would have the following output. Python>s.backtrace(here(),1) 0x10004efc mov byte_1003B03C, al 0x10004ef6 imul eax, 0C1h 0x10004eef movsx eax, byte_1003B03C 0x10004ee9 mov byte_1003B03C, dl 0x10004ee3 or edx, 0D2h 0x10004edc movsx edx, byte_1003B03C 0x10004ed3 mov byte_1003B03C, al 0x10004ec4 movsx eax, byte_1003B03C 0x10004ebe mov byte_1003B03C, dl 0x10004eb8 xor edx, 0A4h 0x10004eb1 movsx edx, byte_1003B03C 0x10004eab mov byte_1003B03C, cl 0x10004ea5 imul ecx, 0A2h 0x10004e9e movsx ecx, byte_1003B03C 0x10004e99 mov byte_1003B03C, al The code also tracks how some general purpose instructions manipulate different registers. Most of them are simple due to the x86 standard of instruction destination source format. Not all of them are though. I spent a good amount of time wondering what variables to back trace when following instructions such as DIV. Is EAX or the DIV operand more important back trace? I went with the operand but in the future I plan on creating back split trace that will track EAX and the operand passed to DIV. Odds are there are still more general purpose instructions I need to check for. XADD is a pretty cool instruction. The shortest Fibonacci can be written using XADD. This version was written in order for me to crack an obfuscation technique that I have seen lately. Using backtrace.py and the last line of the dead code blocks I'm able to identify most of the junk code and variables. I'm sure there are flaws (like not tracing push or pops...future release) but so far it is working well for me. I hope the code is of use to others. If you have any recommendations, thoughts, etc please shoot me an email (line 20 of the source code) or ping me on twitter. Sursa: Hooked on Mnemonics Worked for Me: backtrace.py version 0.3