Showing Posts About

2008

DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks

At DeepSec 2008, Rafael Dominguez Vega presented research on administrative web application attacks. The presentation focused on script injection vulnerabilities in SSID and DHCP systems. Demonstration techniques for exploiting administrative web interfaces were discussed in the talk.

Presentation: DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks

A presentation at DeepSec 2008 by Rafael Dominguez Vega explored administrative web application attacks. The talk focused on script injection vulnerabilities discovered through SSID and DHCP attack vectors. Presentation slides are available for download and review.

  • 15 Sep 2008

Stockholm Sec-T Conference Roundup

The inaugural Sec-T conference in Stockholm featured diverse cybersecurity presentations covering virtualization security, cybercrime, and emerging technological threats. Speakers discussed organized criminal activities, vulnerabilities in operating systems, and enterprise software security challenges. The conference provided insights into cutting-edge security research across multiple domains of information technology.

DefCon16 - Virtually Hacking

A presentation by John Fitzpatrick from MWR InfoSecurity at DefCon 16 explored VMware security vulnerabilities. The talk focused on potential attack vectors in virtualized environments. The full presentation is available for download from the MWR InfoSecurity labs website.

  • 11 Aug 2008

Defcon 16 Talk Review: Advanced Software Armouring and Polymorphic Kung-Fu

Nick Harbour presented PE-Scrambler, an advanced Windows executable packer that manipulates binary code at the disassembly level to obstruct reverse engineering. The tool uses sophisticated techniques like destroying call trees, relocating code chunks, and creating ambiguous disassembly to make binary analysis challenging. Additionally, Harbour demonstrated FindEvil, a tool that detects packed binaries by comparing disassembly size to binary size.

  • 11 Aug 2008

Defcon 16 Talk Review: The Pentest is Dead, Long Live the Pentest

The article reviews a Defcon 16 talk about the evolution of penetration testing from an underground practice to a professional service. It highlights the shift from ad-hoc, tool-driven approaches to a more strategic, methodology-focused discipline. Key recommendations include developing creative testing methods, producing context-rich reports, and maintaining ongoing client partnerships.

  • 11 Aug 2008

Defcon 16 Talk Review: Time-Based Blind SQL Injection Using Heavy Queries and the Marathon Tool

This blog post compiles recent cybersecurity publications from WithSecure Threat Intelligence Team. The page highlights research on topics including AI security, privilege escalation, cyber threats to the Olympics, and mass exploitation of enterprise infrastructure. Multiple publications and advisories are listed, covering various cybersecurity research and vulnerability discoveries.

  • 31 Jul 2008

Behind Enemy Lines: Administrative Application Attacks White Paper released

A white paper by MWR InfoSecurity explores security vulnerabilities in administrative web applications. The research details how alternative network protocols like DHCP and 802.11 can be leveraged to conduct web-based attacks. The paper provides insights into practical exploitation techniques for testing and compromising administrative web applications.

IBM WebSphere MQ Security Part 1

This whitepaper examines security vulnerabilities in IBM WebSphere MQ middleware, a widely used enterprise messaging system. It highlights the complexity of securing middleware environments and introduces a penetration testing methodology for assessing WebSphere MQ security. The research aims to provide insights for security professionals responsible for protecting complex messaging infrastructure.

Security Implications of Windows Access Tokens

A whitepaper by Luke Jennings explores the security implications of Windows access tokens in enterprise environments. The document details how access token design can be exploited during penetration testing, highlighting systemic vulnerabilities in corporate security controls. The paper discusses the technical mechanisms of Windows access tokens and provides insights into potential post-exploitation techniques.