If you haven't run a joint exercise with red/blue, you can setup time to perform a postmortem of what happened during a previous red team engagement.   Walk step by step over the engagement, and review the steps performed (kill chain)  For each step ensure you can answer the following If you can't answer the…

Two of my co workers have presented at HackMiami on flaws people implement in their oauth implementations. The talk summary is below "OAuth is one of the most popular authorization frameworks in use today. All major platforms such as Google, Facebook, Box etc support it and you are probably thinking of implementing OAuth for your…

The latest version of metasploit has been released. From the announcement "We are excited to announce the immediate availability of version 3.3 of the Metasploit Framework. This release includes 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. In addition, the Windows payloads now support NX, DEP,…

Patch Tuesday is here again. Here's the rundown of what was fixed. MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows…

HTML Injection refers to injecting HTML code into a web servers response to alter the content to the end user. This is also known as Cross Site Scripting. See ‘Cross Site Scripting’ What is Cross Site Scripting?

“Automated security program that searches for well-known vulnerabilities in web servers and off-the-shelf web application software. Often CGI Scanners are not very “stateful” in their analysis and only test a series HTTP requests against known CGI strings” – Web Application Security Consortium Glossary CGI Scanners are very simple tools which look for common CGI’s or…

“Web Application Vulnerability Scanner: An automated security program that searches for software vulnerabilities within web applications.” – Web Application Security Consortium Glossary Web Application Security Scanners will check a website’s applications for common security problems such as Cross Site Scripting, SQL Injection, Directory Traversal, Misconfigurations, and remote command execution vulnerabilities. Typically Web Application Security scanners…

“An intermediary device, sitting between a web-client and a web server, analyzing OSI Layer-7 messages for violations in the programmed security policy. A web application firewall is used as a security device protecting the web server from attack.” – Web Application Security Consortium Glossary Standard firewalls are designed to restrict access to certain ports, or…

“SSI Injection (Server-side Include) is a server-side exploit technique that allows an attacker to send code into a web application, which will later be executed locally by the web server. SSI Injection exploits a web application’s failure to sanitize user-supplied data before they are inserted into a server-side interpreted HTML file.” – The Web Application…

“XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input. XPath 1.0 is a language used to refer to parts of an XML document. It can be used directly by an application to query an XML document, or as part of a larger operation such as applying…

“Session Fixation is an attack technique that forces a user’s session ID to an explicit value. Depending on the functionality of the target web site, a number of techniques can be utilized to “fix” the session ID value. These techniques range from Cross-site Scripting exploits to peppering the web site with previously made HTTP requests.…

“Often people refer to Cross Site Scripting as CSS. There has been a lot of confusion with Cascading Style Sheets (CSS) and cross site scripting. Some security people refer to Cross Site Scripting as XSS. If you hear someone say “I found a XSS hole”, they are talking about Cross Site Scripting for certain.” –…

Glad you asked! I wrote a FAQ on the subject that can be found at http://www.cgisecurity.com/xss-faq.html

When an attacker executes SQL Injection attacks sometimes the server responds with error messages from the database server complaining that the SQL Query’s syntax is incorrect. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a…

“An attack technique used to exploit web sites by altering backend SQL statements through manipulating application input.” – Web Application Security Consortium Glossary SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn’t properly filter out dangerous characters. This can allow an attacker to not only…

” is an attack technique used to exploit web sites by executing Operating System commands through manipulation of application input. When a web application does not properly sanitize user-supplied input before using it within application code, it may be possible to trick the application into executing Operating System commands. The executed commands will run with…

Cross Site Request Forgery (also known as XSRF) works by exploiting the trust of a users intentions. Site tasks are usually linked to specific urls (Example: http://site/stocks?buy=100&stock=ebay) allowing a certain action to happen when visited by the user. If a user is logged into the site and an attacker tricks their browser into making a…

A Security fuzzer is a tool used by security professionals (and professional hackers 🙂 to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injection and Cross Site Scripting…

Hacker is a term used to describe different types of computer experts, who employ a tactical, rather than strategic, approach to computer programming, administration, or security. An exception to the expert sense is use of the term by the popular media and the general population to mean “computer criminal,” with no indication of level of…

This isn’t an easy answer and this really depends on the environment that you have setup. As a starting baseline you have to ensure the following components are patched up to date at all times, and have been locked down. Check with your vendor to see what security hardening tools are available. * Web Server…

‘TRACE’ is a HTTP request method used for debugging which echo’s back input back to the user. Jeremiah Grossman from Whitehatsec posted a paper outlining a risk allowing an attacker to steal information including Cookies, and possibly website credentials. http://www.apacheweek.com suggests the following solution to disable the HTTP TRACE method by using mod_rewrite. “TRACE requests…

Traditionally when you hear someone say ‘Our website is Secure’ they imply that their website uses SSL (Secure Sockets Layer) and that the traffic is encrypted (The little lock in your browser usually appears) unfortunately Encryption doesn’t make a website secure. Sure encryption makes sure that nobody can sniff your session (see what you’re doing),…

A false negative is the opposite of a false positive (go figure!). You may run a security scanner like Nessus and for one reason or another it may miss a vulnerability that may in fact exist. Possible reasons for a false negative include a check not yet being written (maybe the vulnerability is to new?),…

I. Introduction II. Common Fingerprints III. Advanced Fingerprints IV. Overflows V. Hex Encoding VI. Conclusion I. Introduction: Port 80 is the standard port for websites, and it can have a lot of different security issues. These holes can allow an attacker to gain either administrative access to the website, or even the web server itself.…

I. Introduction II. More Common Fingerprints – A. ” * ” Requests – B. ” ~ ” Requests – C. ” ‘ ” Requests – D. ” #, {}, ^, and [] ” Requests – E. ” () ” Requests – F. ” + ” Requests III. More Advanced Fingerprints – A. Lots of /…