Fuzzing BackTrack 5 R1 시리즈

보안 소식/주간 이슈 2011. 10. 21. 14:39 Posted by TEAMCR@K

http://www.youtube.com/watch?v=G8MG3tm_2W4 (Fuzzing in Backtrack 5 R1 - Part 1)
http://www.youtube.com/watch?v=bAdV9d3XKO4 (Fuzzing BackTrack 5 R1 - Part2)
http://www.youtube.com/watch?v=3Rf96ziD2dw (Fuzzing BackTrack 5 R1 - Part3)
http://www.youtube.com/watch?v=tVV6Wzv2rIc (Fuzzing BackTrack 5 R1 - Part4-Final)

WireShark를 이제 Cloud 기반에서 사용할 수 있는 사이트가 있습니다.
이름 그대로. CloudShark라고 하네요.

Chrome 브라우저 (IE 브라우저에는 이상하게 안되네요.) 테스트를 해보니 결과 값이 동일하게 나옵니다.
어느곳에서 활용할 수 있을지 모르겠지만, 매우 재미있는 발상이네요.

http://www.cloudshark.org/

안드로이드 환경 분석 문서 및 도구들에 대해 정리가 잘된 사이트 입니다.

[더보기] 에 상세 링크(100개) 복사를 해놨습니다. 학습하는데 참고하시기 바랍니다.

URL 정보)
http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/


[링크] pentest-bookmarks

보안 소식/주간 이슈 2011. 3. 18. 14:29 Posted by TEAMCR@K
모의해킹을 진행하는데 필요한 사이트들이 잘 수집되어 있습니다.

http://code.google.com/p/pentest-bookmarks/wiki/BookmarksList

Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
http://sla.ckers.org/forum/index.php
http://www.ethicalhacker.net/
http://www.backtrack-linux.org/forums/
http://www.elitehackers.info/forums/
http://www.hackthissite.org/forums/index.php
http://securityoverride.com/forum/index.php
http://www.iexploit.org/
http://bright-shadows.net/
http://www.governmentsecurity.org/forum/
http://forum.intern0t.net/

...(상세보기)를 통해 볼 수 있습니다.

이전에도 FTP 서비스를 가지고 다양한 패턴으로 취약점이 발표되었는데,

이번에는 아이폰, 아이패드 앱 중 웹 서비스에 대한 Directory Traversal 취약점들이 많이 있네요.

환경도 단순하기 때문에, 테스트 해보는 것도 좋을거 같습니다. 이 외에도 동일한 프로세스를 가지고 있는 다른 앱들도 취약점들이 있을거라 판단되네요.


Remote Exploits

PDF 악성 코드 분석 및 분석 방법 등을 정리해 놓은 URL 들입니다.
2010년을 돌아보면서 재확인 할시에 도움이 될거 같네요. 

URL 정보 : http://eternal-todo.com/blog/pdf-security-analysis-tools-2010

After one year full of security issues related to the Portable Document Format I've made a little compilation of useful links to analyses and tools:

Analysis

2010-01-04: Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324  (embedded binaries)
2010-01-07: Static analysis of malicous PDFs (Part #2) (getAnnots, arguments.callee)
2010-01-09: PDF Obfuscation (variable substitution, LuckySploit, CVE 2008-2992)
2010-01-13: Generic PDF exploit hider. embedPDF.py and goodbye AV detection
2010-01-14: PDF Obfuscation using getAnnots() (getAnnots, arguments.callee, Neosploit)
2010-02-15: Filling Adobe's heap (Javascript, ActionScript and PDF Images)
2010-02-18: Malicious PDF trick: getPageNthWord
2010-02-21: Analyzing PDF exploits with Pyew
2010-03-01: Analyzing PDF Files (getPageNthWord, getPageNumWords)
2010-04-08: JavaScript obfuscation in PDF: Sky is the limit (getAnnots,arguments.callee)
2010-04-09: Malicious PDF file analysis: zynamics style  (PDF Dissector video)
2010-04-22: Will there be new viruses exploiting /Launch vulnerability in PDF?
2010-05-18: Quickpost: More Malformed PDFs 
2010-06-08: Analysis of a Zero-day Exploit for Adobe Flash and Reader (CVE-2010-1297)
2010-06-09: A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day (malware, ROP)
2010-06-21: World's Smallest PDF
2010-07-02: Exploring recent PDF exploits: A Time Killer (getPageNthWord,CVE-2008-2992,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)
2010-07-13: ReCon slides – How to really obfuscate your PDF malware
2010-07-20: PDF time bomb (CVE-2008-2992,CVE-2007-5659,CVE-2009-0927)
2010-08-04: PDF Exploit: Number of pages is the Key  (XOR, numPages,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)
2010-08-04: About the JailbreakMe PDF exploit
2010-08-12: More about the JailbreakMe PDF exploit (CVE-2010-1797)
2010-08-19: Anatomy of a PDF Exploit (AcroForm, TIFF, CVE-2010-0188)
2010-08-20: Analyzing CVE-2010-0188 exploits: The Legend of Pat Casey (Part 1)
2010-08-23: CVE-2010-1797 PDF exploit for Foxit Reader <= 4.0
2010-09-01: An approach to PDF shielding (encryption, object streams, nested PDF documents)
2010-09-13: Malicious PDF Challenges (getPageNumWords, getPageNthWord)
2010-09-17: The Rise of PDF Malware (whitepaper)
2010-09-26: Free Malicious PDF Analysis E-book
2010-10-02: Hiding PDF Exploits by embedding PDF files in streams and Flash ROP heapsprays (CVE-2010-2883)
2010-10-27: OMG WTF PDF - Julia Wolf (obfuscation, slides)
2010-10-28: CVE-2010-3654 Adobe Flash player zero day vulnerability
2010-10-28: New Adobe 0day (bug in flash player),CVE-2010-3654
2010-11-11: CVE-2010-4091 – printSeps - exploitation attempts
2010-12-03: CVE-2010-2883 with Flash JIT Spray (PDF in PDF) Event Invitation from The Heritage Foundation from spoofed Heritage address
2010-12-08: Scoring PDFs Based on Malicious Filter
2010-12-08: Released Malware Statistics and Scoring Tests
2010: A lot of analyses from Contagiodump blog

Tools

2010-05-31: PDF Dissector
2010-07-21: PDF Stream Dumper
2010-08-23: Opaf
2010-08-31: PDF Examiner (web interface)

URL 정보 : http://tools.securitytube.net/index.php?title=Open_Security_Training

Objective

We started SecurityTube.net in mid 2008 to serve as a place for sharing knowledge in computer and network security topics. The below videos created by our team over the last 2 years is the first step in that direction. Hope you like them!

Video Series

Exploit Research Megaprimer Series

  1. Exploit Research Megaprimer Part 1 Introduction by Vivek http://bit.ly/i9gIIm
  2. Exploit Research Megaprimer Part 2 Memcpy Buffer Overflow Exploitation http://bit.ly/fLmhLu
  3. Exploit Research Megaprimer Part 3 Strcpy Buffer Overflow Exploitation http://bit.ly/gx3lTU
  4. Exploit Research Megaprimer Part 4 Minishare Buffer Overflow Exploitation http://bit.ly/gufuCb
  5. Exploit Research Megaprimer Part 5 FreeSSHD Buffer Overflow http://bit.ly/eVCMB5
  6. Exploit Research Megaprimer Part 6 SEH Basics http://securitytube.net/Exploit-Research-Megaprimer-Part-6-SEH-Basics-video.aspx
  7. Exploit Research Megaprimer Part 7 Overwrite SEH http://securitytube.net/Exploit-Research-Megaprimer-Part-7-Overwrite-SEH-video.aspx
  8. Exploit Research Megaprimer Part 8 Exploiting SEH http://bit.ly/eznTUc
  9. Exploit Research Megaprimer Part 9 Guest Lecture by Andrew King http://bit.ly/dMo0QI

Assembly Language Primer for Hackers Series (Linux)

  1. Assembly Primer for Hackers (Part 1) System Organization http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-1%29-System-Organization-video.aspx
  2. Assembly Primer for Hackers (Part 2) Virtual Memory Organization http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-2%29-Virtual-Memory-Organization-video.aspx
  3. Assembly Primer for Hackers (Part 3) GDB Usage Primer http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-3%29-GDB-Usage-Primer-video.aspx
  4. Assembly Primer for Hackers (Part 4) Hello World http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-4%29-Hello-World-video.aspx
  5. Assembly Primer for Hackers (Part 5) Data Types http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-5%29-Data-Types-video.aspx
  6. Assembly Primer for Hackers (Part 6) Moving Data http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-6%29-Moving-Data-video.aspx
  7. Assembly Primer for Hackers (Part 7) Working with Strings http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-7%29-Working-with-Strings-video.aspx
  8. Assembly Primer for Hackers (Part 8) Unconditional Branching http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-8%29-Unconditional-Branching-video.aspx
  9. Assembly Primer for Hackers (Part 9) Conditional Branching http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-9%29-Conditional-Branching-video.aspx
  10. Assembly Primer for Hackers (Part 10) Functions http://securitytube.net/Assembly-Primer-for-Hackers-%28Part-10%29-Functions-video.aspx
  11. Assembly Primer for Hackers (Part 11) Functions Stack http://www.securitytube.net/Assembly-Primer-for-Hackers-%28Part-11%29-Functions-Stack-video.aspx

Buffer Overflow Primer for Hackers Series

  1. Buffer Overflow Primer Part 1 (Smashing the Stack) http://www.securitytube.net/Buffer-Overflow-Primer-Part-1-%28Smashing-the-Stack%29-video.aspx
  2. Buffer Overflow Primer Part 2 (Writing Exit Shellcode) http://www.securitytube.net/Buffer-Overflow-Primer-Part-2-%28Writing-Exit-Shellcode%29-video.aspx
  3. Buffer Overflow Primer Part 3 (Executing Shellcode) http://www.securitytube.net/Buffer-Overflow-Primer-Part-3-%28Executing-Shellcode%29-video.aspx
  4. Buffer Overflow Primer Part 4 (Disassembling Execve) http://www.securitytube.net/Buffer-Overflow-Primer-Part-4-%28Disassembling-Execve%29-video.aspx
  5. Buffer Overflow Primer Part 5 (Shellcode for Execve) http://www.securitytube.net/Buffer-Overflow-Primer-Part-5-%28Shellcode-for-Execve%29-video.aspx
  6. Buffer Overflow Primer Part 6 (Exploiting a Program) http://www.securitytube.net/Buffer-Overflow-Primer-Part-6-%28Exploiting-a-Program%29-video.aspx
  7. Buffer Overflow Primer Part 7 (Exploiting a Program Demo) http://www.securitytube.net/Buffer-Overflow-Primer-Part-7-%28Exploiting-a-Program-Demo%29-video.aspx
  8. Buffer Overflow Primer Part 8 (Return to Libc Theory) http://www.securitytube.net/Buffer-Overflow-Primer-Part-8-%28Return-to-Libc-Theory%29-video.aspx
  9. Buffer Overflow Primer Part 9 (Return to Libc Demo) http://www.securitytube.net/Buffer-Overflow-Primer-Part-9-%28Return-to-Libc-Demo%29-video.aspx

Format String Vulnerability Series

  1. Format String Vulnerabilities Primer (Part 1 The Basics) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-1-The-Basics%29-video.aspx
  2. Format String Vulnerabilities Primer (Part 2 Understanding Format Functions) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-2-Understanding-Format-Functions%29-video.aspx
  3. Format String Vulnerabilities Primer (Part 3 Crashing the Program) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-3-Crashing-the-Program%29-video.aspx
  4. Format String Vulnerabilities Primer (Part 4 Viewing the Stack) http://www.securitytube.net/Format-String-Vulnerabilities-Primer-%28Part-4-Viewing-the-Stack%29-video.aspx

Metasploit Megaprimer Series

  1. Metasploit Megaprimer (Exploitation Basics and need for Metasploit) Part 1 Tutorial http://securitytube.net/Metasploit-Megaprimer-%28Exploitation-Basics-and-need-for-Metasploit%29-Part-1-video.aspx
  2. Metasploit Megaprimer (Getting Started with Metasploit) Part 2 Tutorial http://securitytube.net/Metasploit-Megaprimer-%28Getting-Started-with-Metasploit%29-Part-2-video.aspx
  3. Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi) Tutorial http://securitytube.net/Metasploit-Megaprimer-Part-3-(Meterpreter-Basics-and-using-Stdapi)-video.aspx
  4. Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-4-%28Meterpreter-Extensions-Stdapi-and-Priv%29-video.aspx
  5. Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito) Tutorial http://securitytube.net/Metasploit-Megaprimer-Part-5-%28Understanding-Windows-Tokens-and-Meterpreter-Incognito%29-video.aspx
  6. Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts) Tutorial http://securitytube.net/Metasploit-Megaprimer-Part-6-%28Espia-and-Sniffer-Extensions-with-Meterpreter-Scripts%29-video.aspx
  7. Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-7-%28Metasploit-Database-Integration-and-Automating-Exploitation%29-video.aspx
  8. Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-8-%28Post-Exploitation-Kung-Fu%29-video.aspx
  9. Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-9-%28Post-Exploitation-Privilege-Escalation%29-video.aspx
  10. Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitation-Log-Deletion-and-AV-Killing%29-video.aspx
  11. Metasploit Megaprimer Part 11 (Post Exploitation and Stealing Data) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-%28Post-Exploitation-and-Stealing-Data%29-Part-11-video.aspx
  12. Metasploit Megaprimer Part 12 (Post Exploitation Backdoors and Rootkits) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-12-%28Post-Exploitation-Backdoors-and-Rootkits%29-video.aspx
  13. Metasploit Megaprimer Part 13 (Post Exploitation Pivoting and Port Forwarding) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-13-%28Post-Exploitation-Pivoting-and-Port-Forwarding%29-video.aspx
  14. Metasploit Megaprimer Part 14 (Backdooring Executables) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-14-%28Backdooring-Executables%29-video.aspx
  15. Metasploit Megaprimer Part 15 (Auxiliary Modules) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-15-%28Auxiliary-Modules%29-video.aspx
  16. Metasploit Megaprimer Part 16 (Pass the Hash Attack) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-16-%28Pass-the-Hash-Attack%29-video.aspx
  17. Metasploit Megaprimer Part 17 (Scenario Based Hacking) Tutorial http://www.securitytube.net/Metasploit-Megaprimer-Part-17-%28Scenario-Based-Hacking%29-video.aspx

Windows Assembly Language Primer

  1. Windows Assembly Language Primer Part 1 (Processor Modes) http://securitytube.net/Windows-Assembly-Language-Primer-Part-1-%28Processor-Modes%29-video.aspx
  2. Windows Assembly Language Primer for Hackers Part 2 (Protected Mode Assembly) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-2-%28Protected-Mode-Assembly%29-video.aspx
  3. Windows Assembly Language Primer for Hackers Part 3 (Win32 ASM using MASM32) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-3-%28Win32-ASM-using-MASM32%29-video.aspx
  4. Windows Assembly Language Primer for Hackers Part 4 (MASM Data Types) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-4-%28MASM-Data-Types%29-video.aspx
  5. Windows Assembly Language Primer for Hackers Part 5 (Procedures) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-5-%28Procedures%29-video.aspx
  6. Windows Assembly Language Primer for Hackers Part 6 (Macros) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-6-%28Macros%29-video.aspx
  7. Windows Assembly Language Primer for Hackers Part 7 (Program Control using JMP) http://securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-7-%28Program-Control-using-JMP%29-video.aspx
  8. Windows Assembly Language Primer for Hackers Part 8 (Decision Directives) http://www.securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-8-%28Decision-Directives%29-video.aspx
  9. Windows Assembly Language Primer for Hackers Part 9 (Loops) http://www.securitytube.net/Windows-Assembly-Language-Primer-for-Hackers-Part-9-%28Loops%29-video.aspx

Scenario Based Hacking

  1. Scenario Based Hacking Part 1 (No Patches, No AV, Direct Access) http://securitytube.net/Scenario-Based-Hacking-Part-1-%28No-Patches,-No-AV,-Direct-Access%29-video.aspx
  2. Scenario Based Hacking Part 2a (No Patches, No AV, Behind NAT) http://securitytube.net/Scenario-Based-Hacking-Part-2a-%28No-Patches,-No-AV,-Behind-NAT%29-video.aspx
  3. Scenario Based Hacking Part 3 (OS Patched, No AV, Behind NAT) http://securitytube.net/Scenario-Based-Hacking-Part-3-%28OS-Patched,-No-AV,-Behind-NAT%29-video.aspx
  4. Scenario Based Hacking Part 4 (OS and Software Patched, No AV, Behind NAT) http://securitytube.net/Scenario-Based-Hacking-Part-4-%28OS-and-Software-Patched,-No-AV,-Behind-NAT%29-video.aspx

Router Hacking Series

  1. Router Hacking Part 1 (The Basics) http://securitytube.net/Router-Hacking-Part-1-%28The-Basics%29-video.aspx
  2. Router Hacking Part 2 (Service Enumeration, Fingerprinting and Default Accounts) http://securitytube.net/Router-Hacking-Part-2-(Service-Enumeration,-Fingerprinting-and-Default-Accounts)-video.aspx
  3. Router Hacking Part 3 (Bruteforcing and Dictionary Attacks with Hydra) http://securitytube.net/Router-Hacking-Part-3-(Bruteforcing-and-Dictionary-Attacks-with-Hydra)-video.aspx
  4. Router Hacking Part 4 (SNMP Attacks using SNMPCheck) http://securitytube.net/Router-Hacking-Part-4-(SNMP-Attacks-using-SNMPCheck)-video.aspx
  5. Router Hacking Part 5 (SNMP Attacks using SNMPEnum) http://securitytube.net/Router-Hacking-Part-5-(SNMP-Attacks-using-SNMPEnum)-video.aspx
  6. Router Hacking Part 6 (Dictionary Attack using Metasploit on SNMP) http://www.securitytube.net/Router-Hacking-Part-6-%28Dictionary-Attack-using-Metasploit-on-SNMP%29-video.aspx

HITB Magazine Issue 005 Released

보안 소식/주간 이슈 2011. 2. 10. 11:27 Posted by TEAMCR@K

 HITB Magazine Issue 005 Released

HITB Magazine
=============
http://magazine.hackinthebox.org/

Direct Link
===========
http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-005.pdf

A very Happy New Year and a warm welcome to Issue 05 - The first HITB Magazine release for 2011!

Just over a year has passed since Issue 001 and 2010 was definitely a great year for our humble magazine with over a 100,000 downloads of the 4 issues released which included 24 unique technical articles authored or co-authored by over 30 security experts from around the world! Since April 2010, readers have also had an opportunity to get familiar with prominent figures from the IT security industry thanks to the new "Interviews" section.

We believe our goal of giving researchers further recognition for their hard work, and to provide the security community with beneficial technical material as stated in our editorial note of Issue 001 has been successfully achieved. All this however, wouldn't have be possible without YOU - our loyal and supportive readers! It is you who provide us the most motivation to keep on pushing the boundaries and to improve on each successive issue we release, so THANK YOU!

As always, feedback of any kind is greatly appreciated so don't hesitate to drop us a line if you have any suggestions or comments. Stay tuned for Issue 006 which will be released in May 2011 in conjunction with the 2nd annual HITB Security Conference in Europe, HITB2011 - Amsterdam! See you there and in the meantime, enjoy the issue!

Warmest,

Matthew "j00ru" Jurczyk
http://twitter.com/j00ru

2011년 전후로 해서 최근 잼난 동영상들 링크입니다. 학습하는데 도움 되시기 바랍니다.

http://securitytube.net/Malware-Unpacking-in-OllyDbg-video.aspx
(Malware-Unpacking-in-OllyDbg-video)
http://vimeo.com/18645356 (XSSF - Stealing ANDROID SD Card files)
http://www.youtube.com/watch?v=q31Q-nEUqok (Thumbnail Vuln Demo by 6l4ck3y3)
http://www.blip.tv/file/4640708 (PDF Advanced Forensics Analysis)
http://vimeo.com/18821178 (Reverse Engg. Demonstration)
http://vimeo.com/6089466  (The art of Exploitation )
http://vimeo.com/6431352 (exploits internal working )
http://vimeo.com/6460509 (Antivirus Bypassing )
http://vimeo.com/6473218 (bypassing Av using metasploit )
http://vimeo.com/6757328 (Social Engg. Attacks)
http://vimeo.com/6987936 (Multilevel Attack with java applet)
http://vimeo.com/7613487 (Metasploit and Antivirus )
http://vimeo.com/8561768 (Remote buffer overflow tutorial)
http://vimeo.com/14139105 (Injecting code into a process plus bypass AV)
http://vimeo.com/14404326 (DLL Hijacking Exploits )