[링크] pentest-bookmarks

보안 소식/주간 이슈 2011. 3. 18. 14:29 Posted by TEAMCR@K
모의해킹을 진행하는데 필요한 사이트들이 잘 수집되어 있습니다.

http://code.google.com/p/pentest-bookmarks/wiki/BookmarksList

Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
http://sla.ckers.org/forum/index.php
http://www.ethicalhacker.net/
http://www.backtrack-linux.org/forums/
http://www.elitehackers.info/forums/
http://www.hackthissite.org/forums/index.php
http://securityoverride.com/forum/index.php
http://www.iexploit.org/
http://bright-shadows.net/
http://www.governmentsecurity.org/forum/
http://forum.intern0t.net/

...(상세보기)를 통해 볼 수 있습니다.

저작자표시 비영리 변경금지

아이폰, 아이패드 앱 Directory Traversal 취약점

보안 소식/주간 이슈 2011. 2. 25. 10:23 Posted by TEAMCR@K

이전에도 FTP 서비스를 가지고 다양한 패턴으로 취약점이 발표되었는데,

이번에는 아이폰, 아이패드 앱 중 웹 서비스에 대한 Directory Traversal 취약점들이 많이 있네요.

환경도 단순하기 때문에, 테스트 해보는 것도 좋을거 같습니다. 이 외에도 동일한 프로세스를 가지고 있는 다른 앱들도 취약점들이 있을거라 판단되네요.


Remote Exploits
Date D A V   Description Plat. Author
2011-02-24 Exploit Code Downloads - Waiting verification   iPhone PDF Reader Pro 2.3 Directory Traversal 6 hardware Khashayar Fereida.
2011-02-24 Exploit Code Downloads - Waiting verification   iPhone Guitar Directory Traversal 3 hardware Khashayar Fereida.
2011-02-24 Exploit Code Downloads - Waiting verification   iPhone ishred 1.93 Directory Traversal 3 hardware Khashayar Fereida.
2011-02-24 Exploit Code Downloads - Verified   Share v1.0 for iPhone / iPod touch, Directory Traversal 14 hardware R3d@l3rt, Sp@2K, .
2011-02-24 Exploit Code Downloads - Verified   myDBLite v1.1.10 for iPhone / iPod touch, Directory Traversal 15 hardware R3d@l3rt, Sp@2K, .
2011-02-24 Exploit Code Downloads - Verified   iDocManager v1.0.0 for iPhone / iPod touch, Directory Traversal 11 hardware R3d@l3rt, Sp@2K, .
2011-02-24 Exploit Code Downloads - Verified   Filer Lite v2.1.0 for iPhone / iPod touch, Directory Traversal 10 hardware R3d@l3rt, Sp@2K, .
2011-02-24 Exploit Code Downloads - Waiting verification   Air Files v2.6 for iPhone / iPod touch, Directory Traversal 10 hardware R3d@l3rt, Sp@2K, .
저작자표시 비영리 변경금지

[문서] Security PDF-related links in 2010: analyses and tools

보안 소식/주간 이슈 2011. 2. 21. 16:52 Posted by TEAMCR@K

PDF 악성 코드 분석 및 분석 방법 등을 정리해 놓은 URL 들입니다.
2010년을 돌아보면서 재확인 할시에 도움이 될거 같네요. 

URL 정보 : http://eternal-todo.com/blog/pdf-security-analysis-tools-2010

After one year full of security issues related to the Portable Document Format I've made a little compilation of useful links to analyses and tools:

Analysis

2010-01-04: Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324  (embedded binaries)
2010-01-07: Static analysis of malicous PDFs (Part #2) (getAnnots, arguments.callee)
2010-01-09: PDF Obfuscation (variable substitution, LuckySploit, CVE 2008-2992)
2010-01-13: Generic PDF exploit hider. embedPDF.py and goodbye AV detection
2010-01-14: PDF Obfuscation using getAnnots() (getAnnots, arguments.callee, Neosploit)
2010-02-15: Filling Adobe's heap (Javascript, ActionScript and PDF Images)
2010-02-18: Malicious PDF trick: getPageNthWord
2010-02-21: Analyzing PDF exploits with Pyew
2010-03-01: Analyzing PDF Files (getPageNthWord, getPageNumWords)
2010-04-08: JavaScript obfuscation in PDF: Sky is the limit (getAnnots,arguments.callee)
2010-04-09: Malicious PDF file analysis: zynamics style  (PDF Dissector video)
2010-04-22: Will there be new viruses exploiting /Launch vulnerability in PDF?
2010-05-18: Quickpost: More Malformed PDFs 
2010-06-08: Analysis of a Zero-day Exploit for Adobe Flash and Reader (CVE-2010-1297)
2010-06-09: A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day (malware, ROP)
2010-06-21: World's Smallest PDF
2010-07-02: Exploring recent PDF exploits: A Time Killer (getPageNthWord,CVE-2008-2992,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)
2010-07-13: ReCon slides – How to really obfuscate your PDF malware
2010-07-20: PDF time bomb (CVE-2008-2992,CVE-2007-5659,CVE-2009-0927)
2010-08-04: PDF Exploit: Number of pages is the Key  (XOR, numPages,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)
2010-08-04: About the JailbreakMe PDF exploit
2010-08-12: More about the JailbreakMe PDF exploit (CVE-2010-1797)
2010-08-19: Anatomy of a PDF Exploit (AcroForm, TIFF, CVE-2010-0188)
2010-08-20: Analyzing CVE-2010-0188 exploits: The Legend of Pat Casey (Part 1)
2010-08-23: CVE-2010-1797 PDF exploit for Foxit Reader <= 4.0
2010-09-01: An approach to PDF shielding (encryption, object streams, nested PDF documents)
2010-09-13: Malicious PDF Challenges (getPageNumWords, getPageNthWord)
2010-09-17: The Rise of PDF Malware (whitepaper)
2010-09-26: Free Malicious PDF Analysis E-book
2010-10-02: Hiding PDF Exploits by embedding PDF files in streams and Flash ROP heapsprays (CVE-2010-2883)
2010-10-27: OMG WTF PDF - Julia Wolf (obfuscation, slides)
2010-10-28: CVE-2010-3654 Adobe Flash player zero day vulnerability
2010-10-28: New Adobe 0day (bug in flash player),CVE-2010-3654
2010-11-11: CVE-2010-4091 – printSeps - exploitation attempts
2010-12-03: CVE-2010-2883 with Flash JIT Spray (PDF in PDF) Event Invitation from The Heritage Foundation from spoofed Heritage address
2010-12-08: Scoring PDFs Based on Malicious Filter
2010-12-08: Released Malware Statistics and Scoring Tests
2010: A lot of analyses from Contagiodump blog

Tools

2010-05-31: PDF Dissector
2010-07-21: PDF Stream Dumper
2010-08-23: Opaf
2010-08-31: PDF Examiner (web interface)

저작자표시 비영리 변경금지

2011년 A3 Security 워크샵 동영상

CR@K 이야기 2011. 2. 18. 17:17 Posted by TEAMCR@K
2011년 A3 Security 워크샵을 갔다 왔습니다. 이번에는 재미있는 활동은 하지 못했지만 뜻깊은 시간을 가진거 같네요.

저작자표시 비영리 변경금지

[동영상 묶음 세트] Open Security Training

보안 소식/주간 이슈 2011. 2. 18. 16:34 Posted by TEAMCR@K

URL 정보 : http://tools.securitytube.net/index.php?title=Open_Security_Training

Objective

We started SecurityTube.net in mid 2008 to serve as a place for sharing knowledge in computer and network security topics. The below videos created by our team over the last 2 years is the first step in that direction. Hope you like them!

Video Series

Exploit Research Megaprimer Series

  1. Exploit Research Megaprimer Part 1 Introduction by Vivek http://bit.ly/i9gIIm
  2. Exploit Research Megaprimer Part 2 Memcpy Buffer Overflow Exploitation http://bit.ly/fLmhLu
  3. Exploit Research Megaprimer Part 3 Strcpy Buffer Overflow Exploitation http://bit.ly/gx3lTU
  4. Exploit Research Megaprimer Part 4 Minishare Buffer Overflow Exploitation http://bit.ly/gufuCb
  5. Exploit Research Megaprimer Part 5 FreeSSHD Buffer Overflow http://bit.ly/eVCMB5
  6. Exploit Research Megaprimer Part 6 SEH Basics http://securitytube.net/Exploit-Research-Megaprimer-Part-6-SEH-Basics-video.aspx
  7. Exploit Research Megaprimer Part 7 Overwrite SEH http://securitytube.net/Exploit-Research-Megaprimer-Part-7-Overwrite-SEH-video.aspx
  8. Exploit Research Megaprimer Part 8 Exploiting SEH http://bit.ly/eznTUc
  9. Exploit Research Megaprimer Part 9 Guest Lecture by Andrew King http://bit.ly/dMo0QI

Assembly Language Primer for Hackers Series (Linux)

  1. Assembly Primer for Hackers (Part 1) System Organization http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-1%29-System-Organization-video.aspx
  2. Assembly Primer for Hackers (Part 2) Virtual Memory Organization http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-2%29-Virtual-Memory-Organization-video.aspx
  3. Assembly Primer for Hackers (Part 3) GDB Usage Primer http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-3%29-GDB-Usage-Primer-video.aspx
  4. Assembly Primer for Hackers (Part 4) Hello World http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-4%29-Hello-World-video.aspx
  5. Assembly Primer for Hackers (Part 5) Data Types http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-5%29-Data-Types-video.aspx
  6. Assembly Primer for Hackers (Part 6) Moving Data http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-6%29-Moving-Data-video.aspx
  7. Assembly Primer for Hackers (Part 7) Working with Strings http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-7%29-Working-with-Strings-video.aspx
  8. Assembly Primer for Hackers (Part 8) Unconditional Branching http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-8%29-Unconditional-Branching-video.aspx
  9. Assembly Primer for Hackers (Part 9) Conditional Branching http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-9%29-Conditional-Branching-video.aspx
  10. Assembly Primer for Hackers (Part 10) Functions http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-10%29-Functions-video.aspx
  11. Assembly Primer for Hackers (Part 11) Functions Stack http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-11%29-Functions-Stack-video.aspx

Buffer Overflow Primer for Hackers Series

  1. Buffer Overflow Primer Part 1 (Smashing the Stack) http://www.securitytube.net/Buffer-Overflow-Primer-Part-1-%28Smashing-the-Stack%29-video.aspx
  2. Buffer Overflow Primer Part 2 (Writing Exit Shellcode) http://www.securitytube.net/Buffer-Overflow-Primer-Part-2-%28Writing-Exit-Shellcode%29-video.aspx
  3. Buffer Overflow Primer Part 3 (Executing Shellcode) http://www.securitytube.net/Buffer-Overflow-Primer-Part-3-%28Executing-Shellcode%29-video.aspx
  4. Buffer Overflow Primer Part 4 (Disassembling Execve) http://www.securitytube.net/Buffer-Overflow-Primer-Part-4-%28Disassembling-Execve%29-video.aspx
  5. Buffer Overflow Primer Part 5 (Shellcode for Execve) http://www.securitytube.net/Buffer-Overflow-Primer-Part-5-%28Shellcode-for-Execve%29-video.aspx
  6. Buffer Overflow Primer Part 6 (Exploiting a Program) http://www.securitytube.net/Buffer-Overflow-Primer-Part-6-%28Exploiting-a-Program%29-video.aspx
  7. Buffer Overflow Primer Part 7 (Exploiting a Program Demo) http://www.securitytube.net/Buffer-Overflow-Primer-Part-7-%28Exploiting-a-Program-Demo%29-video.aspx
  8. Buffer Overflow Primer Part 8 (Return to Libc Theory) http://www.securitytube.net/Buffer-Overflow-Primer-Part-8-%28Return-to-Libc-Theory%29-video.aspx
  9. Buffer Overflow Primer Part 9 (Return to Libc Demo) http://www.securitytube.net/Buffer-Overflow-Primer-Part-9-%28Return-to-Libc-Demo%29-video.aspx

Format String Vulnerability Series

  1. Format String Vulnerabilities Primer (Part 1 The Basics) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-1-The-Basics%29-video.aspx
  2. Format String Vulnerabilities Primer (Part 2 Understanding Format Functions) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-2-Understanding-Format-Functions%29-video.aspx
  3. Format String Vulnerabilities Primer (Part 3 Crashing the Program) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-3-Crashing-the-Program%29-video.aspx
  4. Format String Vulnerabilities Primer (Part 4 Viewing the Stack) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-4-Viewing-the-Stack%29-video.aspx

Metasploit Megaprimer Series

  1. Metasploit Megaprimer (Exploitation Basics and need for Metasploit) Part 1 Tutorial http://securitytube.net/Metasploit-Megaprimer-%28Exploitation-Basics-and-need-for-Metasploit%29-Part-1-video.aspx
  2. Metasploit Megaprimer (Getting Started with Metasploit) Part 2 Tutorial http://securitytube.net/Metasploit-Megaprimer-%28Getting-Started-with-Metasploit%29-Part-2-video.aspx
  3. Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi) Tutorial http://securitytube.net/Metasploit-Megaprimer-Part-3-(Meterpreter-Basics-and-using-Stdapi)-video.aspx
  4. Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-4-%28Meterpreter-Extensions-Stdapi-and-Priv%29-video.aspx
  5. Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito) Tutorial http://securitytube.net/Metasploit-Megaprimer-Part-5-%28Understanding-Windows-Tokens-and-Meterpreter-Incognito%29-video.aspx
  6. Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts) Tutorial http://securitytube.net/Metasploit-Megaprimer-Part-6-%28Espia-and-Sniffer-Extensions-with-Meterpreter-Scripts%29-video.aspx
  7. Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-7-%28Metasploit-Database-Integration-and-Automating-Exploitation%29-video.aspx
  8. Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-8-%28Post-Exploitation-Kung-Fu%29-video.aspx
  9. Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-9-%28Post-Exploitation-Privilege-Escalation%29-video.aspx
  10. Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitation-Log-Deletion-and-AV-Killing%29-video.aspx
  11. Metasploit Megaprimer Part 11 (Post Exploitation and Stealing Data) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-%28Post-Exploitation-and-Stealing-Data%29-Part-11-video.aspx
  12. Metasploit Megaprimer Part 12 (Post Exploitation Backdoors and Rootkits) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-12-%28Post-Exploitation-Backdoors-and-Rootkits%29-video.aspx
  13. Metasploit Megaprimer Part 13 (Post Exploitation Pivoting and Port Forwarding) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-13-%28Post-Exploitation-Pivoting-and-Port-Forwarding%29-video.aspx
  14. Metasploit Megaprimer Part 14 (Backdooring Executables) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-14-%28Backdooring-Executables%29-video.aspx
  15. Metasploit Megaprimer Part 15 (Auxiliary Modules) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-15-%28Auxiliary-Modules%29-video.aspx
  16. Metasploit Megaprimer Part 16 (Pass the Hash Attack) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-16-%28Pass-the-Hash-Attack%29-video.aspx
  17. Metasploit Megaprimer Part 17 (Scenario Based Hacking) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-17-%28Scenario-Based-Hacking%29-video.aspx

Windows Assembly Language Primer

  1. Windows Assembly Language Primer Part 1 (Processor Modes) http://securitytube.net/Windows-Assembly-Language-Primer-Part-1-%28Processor-Modes%29-video.aspx
  2. Windows Assembly Language Primer for Hackers Part 2 (Protected Mode Assembly) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-2-%28Protected-Mode-Assembly%29-video.aspx
  3. Windows Assembly Language Primer for Hackers Part 3 (Win32 ASM using MASM32) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-3-%28Win32-ASM-using-MASM32%29-video.aspx
  4. Windows Assembly Language Primer for Hackers Part 4 (MASM Data Types) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-4-%28MASM-Data-Types%29-video.aspx
  5. Windows Assembly Language Primer for Hackers Part 5 (Procedures) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-5-%28Procedures%29-video.aspx
  6. Windows Assembly Language Primer for Hackers Part 6 (Macros) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-6-%28Macros%29-video.aspx
  7. Windows Assembly Language Primer for Hackers Part 7 (Program Control using JMP) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-7-%28Program-Control-using-JMP%29-video.aspx
  8. Windows Assembly Language Primer for Hackers Part 8 (Decision Directives) http://www.securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-8-%28Decision-Directives%29-video.aspx
  9. Windows Assembly Language Primer for Hackers Part 9 (Loops) http://www.securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-9-%28Loops%29-video.aspx

Scenario Based Hacking

  1. Scenario Based Hacking Part 1 (No Patches, No AV, Direct Access) http://securitytube.net/Scenario-Based-Hacking-Part-1-%28No-Patches,-No-AV,-Direct-Access%29-video.aspx
  2. Scenario Based Hacking Part 2a (No Patches, No AV, Behind NAT) http://securitytube.net/Scenario-Based-Hacking-Part-2a-%28No-Patches,-No-AV,-Behind-NAT%29-video.aspx
  3. Scenario Based Hacking Part 3 (OS Patched, No AV, Behind NAT) http://securitytube.net/Scenario-Based-Hacking-Part-3-%28OS-Patched,-No-AV,-Behind-NAT%29-video.aspx
  4. Scenario Based Hacking Part 4 (OS and Software Patched, No AV, Behind NAT) http://securitytube.net/Scenario-Based-Hacking-Part-4-%28OS-and-Software-Patched,-No-AV,-Behind-NAT%29-video.aspx

Router Hacking Series

  1. Router Hacking Part 1 (The Basics) http://securitytube.net/Router-Hacking-Part-1-%28The-Basics%29-video.aspx
  2. Router Hacking Part 2 (Service Enumeration, Fingerprinting and Default Accounts) http://securitytube.net/Router-Hacking-Part-2-(Service-Enumeration,-Fingerprinting-and-Default-Accounts)-video.aspx
  3. Router Hacking Part 3 (Bruteforcing and Dictionary Attacks with Hydra) http://securitytube.net/Router-Hacking-Part-3-(Bruteforcing-and-Dictionary-Attacks-with-Hydra)-video.aspx
  4. Router Hacking Part 4 (SNMP Attacks using SNMPCheck) http://securitytube.net/Router-Hacking-Part-4-(SNMP-Attacks-using-SNMPCheck)-video.aspx
  5. Router Hacking Part 5 (SNMP Attacks using SNMPEnum) http://securitytube.net/Router-Hacking-Part-5-(SNMP-Attacks-using-SNMPEnum)-video.aspx
  6. Router Hacking Part 6 (Dictionary Attack using Metasploit on SNMP) http://www.securitytube.net/Router-Hacking-Part-6-%28Dictionary-Attack-using-Metasploit-on-SNMP%29-video.aspx
저작자표시 비영리 변경금지
 

티스토리툴바