877.791.9571 |

Monthly Archives: July 2011

Staying undetected post-exploitation

Introduction

Once you have control over a target and go into the post-exploitation phase, you start thinking on how to keep future access and most importantly how to stay undetected.

This article will present some insight on the talk “The Listening” presented at Infiltrate 2011. For that presentation a […]

Five Steps to Incident Management in a Virtualized Environment

Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes. Traditional IM approaches, however, are not always effective in a partially or completely virtualized data center. Consequently, some aspects of […]

Security Vulnerabilities of IPv6 Tunnels

This article talks about novel security vulnerabilities of IPv6 tunnels – an important type of migration mechanisms from IPv4 to IPv6 implemented by all major operating systems and routers. The vulnerabilities allow an attacker to form routing loops which can easily produce DoS attacks. I will describe the principles […]

Incident Response and Computer Forensics on Rootkits

Lets pick up where we left off with the rootkit and post-exploitation video (http://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident response.

First you’ll see some normal live forensics on the victim and come up with nothing. Then we show how using network forensics techniques (looking at the victim from the […]

Attacking Web Services Pt 2 – SOAP

In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby and Burp Suite. Additionally, we covered how to understand the content of the WSDL file. In this article we begin to iterate thru testing […]

Attacking Web Services Pt 1 – SOAP

Background:
I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are seen as difficult to enumerate, interpret, and exploit as well as an arena with only a small arsenal of tools available.

We’d like to […]

IT Auditing and Controls – Database Technology and Controls

PORTIONS OF THIS ARTICLE INCLUDING MANY OF THE DEFINITIONS AND TERMINOLOGY HAVE BEEN SOURCED AND SUMMARIZED FROM ISACA.ORG and COURSE MANUALS PUBLISHED BY ISACA.

A simple definition for what a database management system (DBMS) is, would be that it is a complex set of software programs that control the organization, storage […]