gmane.comp.security.full-disclosure

Re: Info about attack trees

Thor (Hammer of God — 2012-05-25T17:12:41

Here's the best info on attack trees:
http://3.bp.blogspot.com/-P_enGjuZU0I/TxFdFfD1A5I/AAAAAAAABKs/DTzpNDG4THc/s1600/ent_isengard_small.jpg
[Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig]

Timothy "Thor"  Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>


From: full-disclosure-bounces< at >lists.grok.org.uk [mailto:full-disclosure-bounces< at >lists.grok.org.uk] On Behalf Of Urlan
Sent: Friday, May 25, 2012 9:45 AM
To: Federico De Meo
Cc: full-disclosure< at >lists.grok.org.uk
Subject: Re: [Full-disclosure] Info about attack trees

Federico,

Check this out: http://cwe.mitre.org/top25/
2012/5/25 Federico De Meo <adegod< at >gmail.com<mailto:adegod< at >gmail.com>>
Hello everybody, I'm new to this maling-list and to security in general.
I'm here to learn and I'm starting with a question :)

I'm looking for some informations about attack trees usage in web application a

Re: Info about attack trees

Urlan — 2012-05-25T16:44:54

Federico,

Check this out: http://cwe.mitre.org/top25/

2012/5/25 Federico De Meo <adegod< at >gmail.com>

Info about attack trees

Federico De Meo — 2012-05-25T08:58:08

Hello everybody, I'm new to this maling-list and to security in general.
I'm here to learn and I'm starting with a question :)

I'm looking for some informations about attack trees usage in web application analysis.

For my master thesis I decided to study the usage of this formalism in order to reppresent attacks to a web applications. 
I need a lot of use cases from which to start learning common attacks which can help building a proper tree.


I've already read the OWASP top 10 vulnerabilities an I'm familiar with XSS, SQLi, ecc. however I've no clue on how to combine them together in order to perform the steps needed to attack a system. I'm looking for some examples and maybe to some famous attacks from which I can understand which steps are performed and how commons vulnerabilities can being combined together. Any help is really appreciated.


-------------------
Federico.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosur

GreHack 2012 - Call For Papers (CFP)

Fabien DUCHENE — 2012-05-24T23:19:46

*GreHack 2012* 2nd Call For Papers
http://ensiwiki.ensimag.fr/index.php/GreHack-2012-english
GreHack 2012 conference will be held in Grenoble (French Alps), France
and brings together students, academia, industry and gov in order to
exchange knowledge around emerging issues in the security + hacking
world.
During the night, a Capture The Flag will take place.


*Suggested Topics (not limited to)*
http://ensiwiki.ensimag.fr/index.php/GreHack_2012-Call_For_Presentation-english
- Track: ethical and legal
  -- greyhat hacking: a consumer advance, or a risque for worlwide security?
  -- current state of laws relative to cyber-security and hacking +
justified suggestions of modifications

- Track: technical
  -- Hadopi: why is it a technical and legal failure? how to exploit
in memory vulnerabilities of Hadopi approved software?

  -- In Memory Vulnerabilities
    --- Windows 8: heap analysis, kernel structures and new memory protections
    --- Exploit Corner: come present us your last sploit!

  -- Hardcore Pene

CFP: Hacktivity 2012, October 12-13, Budapest,Hungary

Attila Bartfai — 2012-05-24T20:55:04

Hi,

Hacktivity is the largest IT Security Festival in CEE region which
will be held between October 12-13 2012 in Budapest, Hungary.

Hacktivity festival traditionally brings together the official and
alternative representatives of information security profession with
all those interested in the area, in an informal, yet educational, and
usually deep into the technical form.

We are seeking submissions for both two days conference track & 40
minutes "Hello workshops" in the
following areas:

mobile device vulnerabilities, hardware hacking,  attack vectors of
telecommunication networks, network security, security of operating
systems, browser based attacks, misuse of popular applications,
database security,  information gathering from business applications,
malicious and mobile codes, hacking tools, information warfare,
cyber-crime, hacker subculture, social engineering, digital forensics
etc.

We had a privilege to welcome as a speaker in the pas years: Bruce
Schneier, Peter Szor, Joe McCray, Alex Kornbrust

Malware.lu - analysis and pownage of hespesnetbotnet

2012-05-25T07:17:11

Hi,
  a message to announce the creation of http://www.malware.lu few days ago. It is a repository of malware and technical analyses. The goal of the project is to provide samples and technical analyses to security researchers.

  To celebrate the creation an article about the analysis of a botnet (called herpesnet) and the pownage of this botnet ;) : http://code.google.com/p/malware-lu/wiki/en_analyse_herpnet

RootBSD.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

ResEdit Buffer Overflow Vulnerabilities

Walied Assar — 2012-05-24T19:54:48

Product Link: http://www.resedit.net/

Affected version: 1.5.11-win32

Type of vulnerabilities: Buffer Overflow.

For Further information:
http://waleedassar.blogspot.com/2012/05/resedit-named-entries-two-buffer.html

POCs:
http://code.google.com/p/ollytlscatch/downloads/detail?name=ResEdit_POC1.exe
http://code.google.com/p/ollytlscatch/downloads/detail?name=ResEdit_POC2.exe


N.B. Not much efforts have been made into these POCs. They just crash the
application but code execution is possible.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[SECURITY] [DSA 2480-1] request-tracker3.8security update

Moritz Muehlenhoff — 2012-05-24T17:37:03

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2480-1                   security< at >debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 24, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : request-tracker3.8
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085 
                 CVE-2011-4458 CVE-2011-4459 CVE-2011-4460

Several vulnerabilities were discovered in Request Tracker, an issue
tracking system:

CVE-2011-2082

   The vulnerable-passwords scripts introduced for CVE-2011-0009
   failed to correct the password hashes of disabled users.

CVE-2011-2083

   Several cross-site scripting issues have been discovered.

CVE-2011-2084

   Password hashes could be disclosed by p

Re: Certificacion - Profesional Pentester

Thor (Hammer of God — 2012-05-24T17:15:25

Certainly.  In fact, if anyone else wants to help perform the test on behalf of HoG, please let me know and I'll officially write up a change order to specify additional resources.

[Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig]

Timothy "Thor"  Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>


From: full-disclosure-bounces< at >lists.grok.org.uk [mailto:full-disclosure-bounces< at >lists.grok.org.uk] On Behalf Of Giles Coochey
Sent: Thursday, May 24, 2012 2:38 AM
To: full-disclosure< at >lists.grok.org.uk
Subject: Re: [Full-disclosure] Certificacion - Profesional Pentester

On 23/05/2012 20:26, Thor (Hammer of God) wrote:
Hell Juan.  As per the conditions of the contract I forwarded, I am pleased to see that you have given me full permission to assess any systems of yours I feel are within scope.  I'm copying in FD again so they can all be witness to the f

VMDK Has Left the Building . Some Nasty AttacksAgainst VMware vSphere 5 Based Cloud Infrastructures

Enno Rey — 2012-05-24T16:40:20

List,

some of you might find this interesting:

http://www.insinuator.net/2012/05/vmdk-has-left-the-building/


have a good one

Enno

CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)

Tiago Natel de Moura — 2012-05-24T07:04:48

Social Engine 4.2.2 Multiples Vulnerabilities
Earlier versions are also possibly vulnerable.

INFORMATION

Product: Social Engine 4.2.2
Remote-Exploit: yes
Vendor-URL: http://www.socialengine.net/
Discovered by: Tiago Natel de Moura aka "i4k"
Discovered at: 10/04/2012
CVE Notified: 10/04/2012
CVE Number: CVE-2012-2216

OVERVIEW

Social Engine versions 4.2.2 is vulnerable to XSS and CSRF.

INTRODUCTION

SocialEngine is a PHP-based white-label social networking service
platform, that provides features similar to a social network on a user's
website. Main features include administration of small-to-mid scale
social networks, some customization abilities, unencrypted code,
multilingual capability, and modular plugin/widget compatibility. There
is a range of templates and add-ons available to extend the basic
features already included in the SocialEngine core.

VULNERABILITY DESCRIPTION

== Persistent XSS in music upload. ==

CWE-79: http://cwe.mitre.org/data/definitions/79.html
The software does not neutralize o

[ MDVSA-2012:081 ] firefox

2012-05-24T14:48:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:081
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : firefox
 Date    : May 24, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Security issues were identified and fixed in mozilla firefox:
 
 Mozilla developers identified and fixed several memory safety
 bugs in the browser engine used in Firefox and other Mozilla-based
 products. Some of these bugs showed evidence of memory corruption
 under certain circumstances, and we presume that with enough effort
 at least some of these could be exploited to run arbitrary code
 (CVE-2012-0468, CVE-2012-0467).
 
 Using the Address Sanitizer tool, security researcher Aki Helin from
 OUSPG found that IDBKeyRange of indexedDB re

Kingcopes AthCon 2012 Slides & Notes

HI-TECH . — 2012-05-24T11:21:51

Hello lists,

you can view my slides & notes for my talk entitled "Uncovering
Zero-Days and advanced fuzzing" held at AthCon 2012 at the following
places:

http://www.isowarez.de/

http://kingcope.wordpress.com/

Cheerio,

/Kingcope

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: Certificacion - Profesional Pentester

Giles Coochey — 2012-05-24T09:37:31

Is your final report going to be public?

Re: Certificacion - Profesional Pentester

Zach C. — 2012-05-24T02:41:23

http://www.reactiongifs.com/wp-content/uploads/2011/05/THISGONBGUD.gif

On May 23, 2012, at 6:42 PM, Alex Buie <abuie< at >kwdservices.com> wrote:


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: Certificacion - Profesional Pentester

Alex Buie — 2012-05-24T01:42:16

This is gonna be fun.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: Certificacion - Profesional Pentester

2012-05-24T01:14:26

On Wed, 23 May 2012 19:26:15 -0000, "Thor (Hammer of God)" said:
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: Certificacion - Profesional Pentester

leToff — 2012-05-23T21:16:32

On 23/05/2012 21:26, Thor (Hammer of God) wrote :
Finally something interesting on this list.
So are we.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Security-news] SA-CONTRIB-2012-085 - BrowserID -MultipleVulnerabilities

2012-05-23T20:23:54

View online: http://drupal.org/node/1597414

  * Advisory ID: DRUPAL-SA-CONTRIB-2012-085
  * Project: BrowserID (Mozilla Persona) [1] (third-party module)
  * Version: 7.x
  * Date: 2012-May-23
  * Security risk: Critical [2]
  * Exploitable from: Remote
  * Vulnerability: Cross Site Request Forgery (results in Privilege
    Escalation)

-------- DESCRIPTION  
---------------------------------------------------------

CVE: Requested
The BrowserID module provides integration with BrowserID (also known as
Mozilla Persona) -- a Mozilla project that lets users of your site quickly
and easily log in without needing to remember a password specific to your
site.

The module did not sufficiently validate requests for authentication to log
in, potentially allowing a Cross Site Request Forgery (CSRF) attack and
introducing the possibility that logging in to a malicious site with
BrowserID could give that site the ability to log in to other websites using
your BrowserID identity.

-------- VERSIONS AFFECTED  
---------

Re: Certificacion - Profesional Pentester

Thor (Hammer of God — 2012-05-23T20:33:53

Other way around.  I’ll be sending HIM a  bill.  Which, based on our contract, I will be able to pay on his behalf ☺

From: Peter Dawson [mailto:slash.pd< at >gmail.com]
Sent: Wednesday, May 23, 2012 12:50 PM
To: Thor (Hammer of God)
Cc: Juan Sacco; full-disclosure< at >lists.grok.org.uk
Subject: Re: [Full-disclosure] Certificacion - Profesional Pentester

yes thats true ..but lets not 4get one needs to forkup $150/- before you can finger their servers
2012/5/23 Thor (Hammer of God) <thor< at >hammerofgod.com<mailto:thor< at >hammerofgod.com>>
Hell Juan.  As per the conditions of the contract I forwarded, I am pleased to see that you have given me full permission to assess any systems of yours I feel are within scope.  I’m copying in FD again so they can all be witness to the fact you acting in a manner consistent with the terms of my contract, and that you have given me full permission to do as I wish with any aspect of your network without repercussions.

I’m looking forward to it!  Thank you.

[Descript

[Security-news] SA-CONTRIB-2012-084 - Search API- Cross SiteScripting (XSS)

2012-05-23T20:24:33

View online: http://drupal.org/node/1597364

  * Advisory ID: DRUPAL-SA-CONTRIB-2012-084
  * Project: Search API [1] (third-party module)
  * Version: 7.x
  * Date: 2012-May-23
  * Security risk: Moderately critical [2]
  * Exploitable from: Remote
  * Vulnerability: Cross Site Scripting

-------- DESCRIPTION  
---------------------------------------------------------

CVE: Requested
This module enables you to build searches using a wide range of features,
data sources and backends.

The module doesn't sufficiently sanitize user input in some cases when
throwing exceptions or logging errors. This enables attackers to insert
arbitrary data into a page by manipulating its URL. Users would have to open
such a manipulated URL to see the changed content.

This is only possible in some setups of Search API, specifically when users
can manually enter field identifiers in some way – e.g., through an exposed
Views sort or with the old Facets module.

-------- VERSIONS AFFECTED  
------------------------------------