/var/log/messages (2008)
This section contains the latest news, announcements and thoughts from the MWR InfoSecurity team.
Presentation: DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks
Nov 15, 2008
Rafael Dominguez Vega presented at DeepSec 2008 about his research into attacking administrative web interfaces. His talk included demonstrations of these kinds of attacks through SSID and DHCP script injection vulnerabilities discovered by in the course of his research. The slides for this presentation are available from:
mwri_behind-enemy-lines-presentation-deepsec2008
Stockholm Sec-T Conference Roundup
Sep 15, 2008
When you talk about attending a major security conference it is tempting to dream of a trip to the lights and glamour of Las Vegas. However, what often gets lost is that it is the speakers and the content that make a conference not just the surroundings. So when considering this important fact the inaugural Sec-T conference in Stockholm was a very exciting prospect for anybody interested in cutting edge security research.
No matter what your role is in the Information Security industry there was a talk that would be of interest. Here is a flavour of what you would have heard if you were an attendee.
Presentation: DefCon16 - Virtually Hacking
Aug 12, 2008
On Friday 8th August 2008 MWR InfoSecurity’s John Fitzpatrick presented the talk ‘Virtually Hacking’ at DefCon 16 in Las Vegas. The presentation looked at VMware security and can be downloaded from:
Defcon 16 Talk Review: The Pentest is Dead, Long Live the Pentest
Aug 11, 2008
This insightful presentation at the Defcon 16 conference in Las Vegas commented on the history of the pentest, what worked and what didn’t, and the direction which, in the speakers’ eyes, the pentest should be moving towards today. The speakers, Taylor Banks and Carric, gave a warning at the start of the presentation that no punches would be pulled and that things which they felt were wrong with the industry and the people in it would be freely discussed.
They laid out what pentesting used to be like and where it came from, what it became, the problems it still faces and looked at what really adds value to a pentest and how we should be developing it as a service. Much of what they said rang true with MWR’s experience and current goals and it was certainly interesting to see these ideas laid out. In this article I hope to captures much of what they were expressing in that talk.
Defcon 16 Talk Review: Time-Based Blind SQL Injection Using Heavy Queries and the Marathon Tool
Aug 11, 2008
This talk by Chema Alonso and Jose Parada at the Defcon 16 security conference in Las Vegas introduced a method, and a tool, for performing time based blind SQL injection without the need to use delay functions of the database server.
Blind SQL injection allows data to be retrieved form a database through an SQL injection vulnerability even when that data is not directly output by the vulnerable application. The techniques used to accomplish this require repeated queries selecting a small piece of data, such as a single character or the a string length or a field name, and testing its value. Using conditionals, different behaviour is induced depending on whether the condition has guessed correctly about the data. Gradually then, information can be extracted.
Defcon 16 Talk Review: Advanced Software Armouring and Polymorphic Kung-Fu
Aug 11, 2008
At the Defcon 16 conference in Las Vegas, Nick Harbour showed off his new Windows executable packer, PE-Scrambler. It uses some interesting, and sometimes downright devious techniques to make analysis of the binary harder.
Rather than blindly manipulating the bits and bytes of the code to compress or encrypt it as many traditional packers, PE-Scrambler disassembles the code and manipulates it at a logical level to sabotage many of the methods used by disassemblers to analyse instructions and flow. The result is a binary that is hard to get any meaningful automatic analysis of program structure for.
Behind Enemy Lines: Administrative Application Attacks White Paper released
Jul 31, 2008
A white paper was released by MWR InfoSecurity discussing the security implications of administrative web applications.
This explains how the use of alternative protocols (such as DHCP and 802.11) can be used to perform web based attacks. The white paper also explains the different methods available for exploiting these issues in practice, and details how tools can be built to test and exploit them.
The paper is based upon original research by Rafael Dominguez Vega and can be downloaded from:
mwri_behind-enemy-lines_2008-07-25