An Autonomous Zone

I’ve been meaning to play with Pai Mei for a while – and I’m a little late for hopping on the bandwagon for this great framework.
However, better late than never. In the last couple of days I finally installed it on a box and I’m in the process of screwing around it and trying to [...]

[Read more →]

In a previous post I talked a bit about NTOSpider, how it was “o.k.” with what it did, and how I was generally disappointed overall in the effectiveness of web app scanners in the market. As a matter of fact, Caleb Sima (founder and CTO of SPI Dynamics) actually had a couple of good points [...]

[Read more →]

I was chatting a while ago about Windows Messaging with someone and the pitfalls associated with it.
So – if one is unfamiliar with Windows Message Handling here’s a decent brush-up:
http://www.codeproject.com/KB/dialog/messagehandling3.aspx
BTW – the following is pretty much taken from toassa (like one of the best tech books ever written): http://taossa.com/
Essentially – Windows OS’s deliver messages to [...]

[Read more →]

I came across an interesting blog post of security misconceptions from Errata Sec. a while ago:
http://erratasec.blogspot.com/2008/06/verizon-500-breach-report.html
Basically the data came from a report/study of 500 forensic investigations that Verizon released.
http://www.verizonbusiness.com/resources/security/databreachreport.pdf
Personally – I think the security industry is chock-full of misconceptions of the what/how/why of hackers and breaches.
While this report is interesting – the biggest problem [...]

[Read more →]

IPC Pipes (especially on Windows) are a pretty interesting topic for me because it has a lot to do with generic object and file security.
First, here’s the definition of a Pipe from msdn: http://msdn2.microsoft.com/en-us/library/aa365780(VS.85).aspx :
A pipe is a section of shared memory that processes use for communication. The process that creates a pipe is the [...]

[Read more →]

So I think this a really cool blog entry by the Windows master Mark Russinovich: “The Case of the Insecure Security Software”.
In short it discusses a tool he wrote called AccessChk which helps identify weak permissions problems. Apparently he had received some requests from groups within Microsoft and elsewhere to extend its coverage of securable [...]

[Read more →]

NTOSpider – I generally use it as a scanner (amongst others) when I’m looking for web app input validation issues, and I’ve thought it to be pretty decent. By no means is it the best one out there – which I’ll talk about in a sec, but it is a scanner that has [...]

[Read more →]

So I’ve written a couple of posts about some fuzzing methodologies, mods to tools, etc. Basically they kind of went over the fact that at the moment I’m into fuzzing compressed binary files like zip, cab, rar, etc. and my thoughts on how I’m going about doing it.
For the last little while I’ve been looking [...]

[Read more →]

So in light of it being the beginning of October I decided to celebrate by spending a little time on re-writing some of the functionalities of FileFuzz.
As I had mentioned in a previous post about this topic, fuzzing typically falls into two different categories – brute force (mutation-based fuzzing) and intelligent brute force (generation-based) fuzzing. [...]

[Read more →]

So I’ve been wanting to play with some fuzzers for a bit and get some fuzzers going on some boxes that I have laying around (they might as well be doing something – right?).
After reading “Fuzzing – Brute Force Vulnerability Discovery” http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119 (which I highly recommend if you want to get into fuzzing anything) I [...]

[Read more →]