XSS in Microsoft ReportViewer
Lost amongst the numerous issues patched during this month's Patch Tuesday was a bug I found in Microsoft's ReportViewer 2005 Web Controls. While the issue was really just a vanilla XSS, the surprising...
View ArticleClik here to view.
.NET Server.Transfer vs Response.Redirect - Reiterating a Security Warning
During several recent .NET (C#) security code review projects, multiple severe authorization bypass vulnerabilities were identified that allowed unprivileged remote users to access any page hosted on...
View ArticleEkoparty Presentation: Cloud & Control
I gave my first presentation at a security conference on Friday, presenting at ekoparty on some work I did at the beginning of the year on distributing complex tasks to hundreds or thousands of...
View ArticleSOURCE Barcelona: Rails Slides Posted
My presentation slides (Security Goodness with Ruby on Rails) from last week's SOURCE Barcelona Conference are posted here. During the talk I spoke about strategies for both auditing and writing more...
View ArticleDebunking NSLog Misconceptions
It is a fairly common occurrence to encounter iOS applications that are logging sensitive data during mobile application security assessments. Some examples of sensitive data we have seen logged...
View ArticleUsing Metasploit to Access Standalone CCTV Video Surveillance Systems
if (ip.proto == TCP && tcp.src == 5920) { replace(“\x00\x01\x03\x01\x00\x00\x00\x00”, “\x00\x01\x05\x01\x00\x00\x00\x00”); msg(“Filter executed.\n”); }
View ArticleSecuring Development with PMD
Back in April I presented my Securing Development with PMD (Teaching an Old Dog New Tricks) presentation at OWASP AppSec DC. The main idea was to demonstrate how security can be integrated into...
View ArticleMetasploit Post Exploitation Module Updates
Post exploitation is a critical component of any penetration test. In support of such activities we’ve recently comitted a few updates to the post exploitation modules within Metasploit: 1) Microsoft...
View ArticleClik here to view.
Find Bugs Faster with a WebMatrix Local Reference Instance
An ever increasing number of modern web applications are created using open source web frameworks and libraries. Open Source Content Management Systems are a popular example for quickly and easily...
View ArticleClik here to view.
Plaintext Caching with iOS Document Interaction APIs
The iOS Document Interaction APIs provide applications with the ability to have another application installed on the device handle a file. The most common scenario of this behavior is the Mail...
View ArticleIntroducing SendSafely.com: An Easier way to Securely Send Files
Imagine this scenario: It is 4PM on a Thursday afternoon. You’ve worked hard all week, doing what just may be your best work ever. You’ve been scrambling to finish up a report you owe your...
View ArticleUsing Content Security Policy to Prevent Cross-Site Scripting (XSS)
Note: This post has been crossposted from the SendSafely blog. You can find the original post at http://blog.sendsafely.com/post/42277333593/using-content-security-policy-to-prevent-cross-site. On...
View ArticleClik here to view.
Resurrecting Wifitap
Security technology and common sense are not always 100% compatible. We recently encountered Cisco Wireless Client Isolation, a simple technology that prevents wireless clients from communicating...
View ArticleClik here to view.
Exploiting the Pizza Thief
A while back we came across an exploitation scenario with an FTP server that we were assessing that we thought was interesting enough to share - largely because its an issue that has been known about...
View ArticleClik here to view.
Retrieving Crypto Keys via iOS Runtime Hooking
I am going to walk you through a testing technique that can be used at runtime to uncover security flaws in an iOS application when source code is not available, and without having to dive too deeply...
View ArticleNetwork Testing 101: If Your Name's Not Down, You're Not Getting In
Looking at the basics of network testing, user enumeration is critical. If we can get usernames, access is only a hop skip and a jump away. Well, perhaps only a decent dictionary brute-force away.The...
View ArticleWriting an XSS Worm
User privacy is an increasingly important part of the Internet, and the social network DIASPORA* prides itself upon the creed that users own the data that they publish on sites. In a modern world,...
View ArticleRetrofitting Code for Content Security Policy
Note: This post has been crossposted from the SendSafely blog. You can find the original post at http://blog.sendsafely.com/post/50303516209/retrofitting-code-for-content-security-policy. In a...
View ArticleClik here to view.
Using Nessus to Audit VMware vSphere Configurations
Nessus has the ability to run compliance checking scripts for many different services and servers, and is a great resource for aligning a server with “best practice” server hardening guides, such as...
View ArticleClik here to view.
AlienVault OSSIM 4.2 - Enabling Custom Install
A tip that came up from a recent engagement was that with the release of the OSSIM installation ISO for version 4.2.0, the ability to do an Advanced installation is now disabled. Because we were...
View Article