Archive for Tools
Author: Dave Lewis
March 31, 2008 at 8:03 am · Filed under Data Security, Tools
Thanks to Pete Finnigan’s site we learn that there is a new version of the Oracle password cracker “woraauthbf” available.
From PF’s blog:
The Oracle password cracker woraauthbf written by Laszlo Toth has been updated and released as a new version 0.21R2 (The R2) is the new part, so even if you are running version 0.21 then please download the new release. The fix relates to a bug I found in 11g that if more than one user has the same password the cracker found the first occurance only. The bug fix corrects this. This is minor as the cracker could be used without error on the earlier database releases and its unlikely that many people are running 11g in production yet anyway.
For links and more on this check out his site. If you’re interested in Oracle security then you should really consider signing up for this RSS feed.
Article Link
Author: Dave Lewis
February 26, 2008 at 8:29 am · Filed under Search, Tools
Well, the cDc (Cult of the Dead Cow) has resurfaced. Not that they ever went anywhere. Just, in terms of the mainstream media it has been a while since Tod, Laird and company have been in the news. They first gained notoriety with the release of the back door application “Back Orifice”. Just this past week they released “Goolag“, a tool to make Google hacking even easier than it already was.
From GCN:
Goolag Scan runs with Windows, has a good graphical interface along with a library of about 1,500 carefully crafted searches that can reveal sensitive information about or from queried Web sites. The tool is neutral; it can be used for penetration-testing by administrators and application owners to identify weaknesses or by hackers to find vulnerabilities to exploit.
“Tools like this scanner are a wake-up call for application owners,” Shulman said. “And that is a good thing. The issue of data leakage into search engines is a big issue.”
The Cult of the Dead Cow has said much of its research in this area has been against government servers where it has been able to turn up sensitive information that has been unwittingly exposed.
“With a lot of script kiddies having this tool, I think the government can expect a rough period of headlines,” Shulman said.
From the cDc press release:
“It’s no big secret that the Web is the platform,” said cDc spokesmodel Oxblood Ruffin. “And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for web site owners to patch up their online properties. We’ve seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large web site, I’d be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious.”
Article Link
cDc Press Release
Tags: Goolag, Google Hacking, Cult of the Dead Cow
Author: Dave Lewis
February 21, 2008 at 10:11 am · Filed under SCADA Security, Tools
From the press release:
Toronto, Canada — February 20, 2008
Lofty Perch, Inc. (www.loftyperch.com), a global leader in cyber-security solutions for process control, SCADA, and critical infrastructure announced today that it has been selected by the Department of Homeland Security to be a licensed distributor of the DHS Control Systems Cyber Security Self- Assessment Tool (CS2SAT). This application, created at the Idaho National Laboratory for the DHS National Cyber Security Division, was developed specifically to assist SCADA and Process Control System-users in improving the cyber security posture of their control systems. The CS2SAT application is a security assessment support tool based on industry standards, best practices, and regulatory guidance, and assists asset owners and operators in identifying actionable mitigations for their control system architectures.
“We are very proud in becoming a licensee for this vital technology. Lofty Perch will be able to provide unparalleled service to the SCADA and control system communities based on our history with the tool,” said President and CEO Mark Fabro. “Our industrial cyber security subject matter expertise and market exposure have us perfectly positioned to get this technology to the entire community of interest in the most effective way.”
Lofty Perch has been working with the CS2SAT technology since its inception. Recently their Senior Engineer, Ed Gorski received an award from the Idaho National Laboratory in recognition of his wide-ranging contributions to the CS2SAT project.
Mark Zanotti, Lofty Perch’s VP and Chief Technology Officer, will lead the effort for the CS2SAT support. “In addition to making the tool widely available, we will also be providing direct support to our customers.” said Zanotti. ”Lofty Perch is the first CS2SAT licensee that will not outsource their support function as we can provide direct value based on our work with INL. We are excited about being able to provide our clients with a robust set of services and training designed specifically for the CS2SAT technology.”
Lofty Perch intends to initially license the tool for $399.00 USD. For information on CS2SAT availability, pricing, and services please contact cs2sat@loftyperch.com.
No, Mark didn’t put me up to this.
Article Link (.pdf)
Tags: Lofty Perch, Mark Fabro, SCADA Security
Author: Dave Lewis
February 8, 2008 at 8:29 am · Filed under Forensics, Tools
From the press release:
Backbone Security, the market leader in advanced digital steganalysis tools, proudly announced their industry leading steganography application detection tool, Steganography Analyzer Artifact Scanner, passed rigorous testing by the Defense Cyber Crime Institute (DCCI) at the opening of The Computer Forensics Show today.
Developed in Backbone’s Steganography Analysis and Research Center (SARC), StegAlyzerAS is the most comprehensive and accurate steganography application detection tool available on the commercial market. Capable of detecting file and Windows registry artifacts associated with 650 steganography applications, StegAlyzerAS V3.0 is the digital forensic examiner’s tool of choice for detecting use of steganography to conceal evidence of criminal activity.
The DCCI test report states that StegAlyzerAS was able to: 1) identify the hash values of a significant number of files in the distribution libraries of a considerable number of steganography programs, 2) minimize the number of false positives by ignoring files typically associated with steganography applications but are also used in versions of the Windows operating system and popular software applications not associated with steganography, and 3) identify, with a high degree of accuracy, steganography programs that have been installed on suspect media even though only a small number of files associated with the programs currently reside on the media.
Article Link
Tags: Forensics, Computer Forensics, Stego, StegAlyzerAS
Author: Dave Lewis
February 6, 2008 at 2:39 pm · Filed under Crypto, Tools
The latest iteration of this handy tool is now out (Feb 5, ‘08). The new version now provides for full disk encryption.
From TrueCrypt:
Main Features:
* Creates a virtual encrypted disk within a file and mounts it as a real disk.
* Encrypts an entire hard disk partition or a storage device such as USB flash drive.
* Encryption is automatic, real-time (on-the-fly) and transparent.
* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography – more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Article Link
Tags: TrueCrypt, Disk Encryption, Encryption
Author: Dave Lewis
February 6, 2008 at 11:38 am · Filed under Tools
NIST has released a list of security tools that conform to it’s Security Content Automation Protocol (S-CAP). Three vendors have made the first cut. The companies are Gideon Technologies, Secure Elements and Threat Guard.
The U.S. Office of Management and Budget has required, in a memorandum to Federal CIOs, that “Information technology providers must use S-CAP validated tools, as they become available, to certify their products do not alter these configurations, and agencies must use these tools when monitoring use of these configurations.”
In response, NIST has established an SCAP Validation program. Independent, third-party labs have been accredited to conduct testing on products in order to validate their SCAP capabilities. Once validated, the products are listed here.
Article Link
Tags: NIST S-CAP, NIST Security Tools
Author: Dave Lewis
January 28, 2008 at 11:37 am · Filed under Tools
Hey folks. I just wanted to pass along the announcement from HDM that Metasploit has released the latest iteration of their tool suite. Version 3.1 of the Metasploit framework is now available for download.
From the Metasploit blog:
The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. “Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community” said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework.
These projects include the METASM pure-ruby assembler developed by Yoann Guillot and Julien Tinnes, the “Hacking the iPhone” effort outlined in the Metasploit Blog, the Windows kernel-land payload staging system developed by Matt Miller, the heapLib browser exploitation library written by Alexander Sotirov, the Lorcon 802.11 raw transmit library created by Joshua Wright and Mike Kershaw, Scruby, the Ruby port of Philippe Biondi’s Scapy project, developed by Sylvain Sarmejeanne, and a contextual encoding system for Metasploit payloads. “Contextual encoding breaks most forms of shellcode analysis by encoding a payload with a target-specific key” said I)ruid, author of the Uninformed Journal (volume 9) article and developer of the contextual encoding system included with Metasploit 3.1.
Read on.
Article Link
Tags: Metasploit, Metasploit 3.1, Metasploit Framework
Author: Dave Lewis
January 11, 2008 at 10:53 am · Filed under Tools
Here is a handy tool that I stumbled across this morning. Last week Microsoft published a new version of the tool SigCheck on what was once Sysinternals. This tool scans a file to check the validity of a digital signature. Here are the switches that available in the app.
C:\Tools\sigchk>sigcheck
Sigcheck v1.41
Copyright (C) 2004-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
usage: sigcheck [-a][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] (file or directory)
-a Show extended version information
-c Look for signature in the specified catalog file
-e Scan executable images only (regardless of their extension).
-i Show image signers
-m Dump manifest
-n Only show file version number
-q Quiet (no banner)
-r Check for certificate revocation
-s Recurse subdirectories
-u Show unsigned files only
-v Csv output
I hadn’t used this one previously but, I have been messing around with it. It’s a handy tool for checking Microsoft files.
Article Link
Tags: SigCheck, File Integrity, Signature Check, Digital Signature
Author: Dave Lewis
January 7, 2008 at 9:43 am · Filed under Tools
The site SearchSecurity has an interview today with Fyodor as he discusses his scanning application, NMAP.
From Search Security:
Nmap was mostly written during the summer of 1997, which I spent in Baltimore working as a teaching assistant at Johns Hopkins University. They set me up in a dorm room with Ethernet connectivity, giving me a new network to explore. At the time, I had a directory full of port scanners, such as Strobe for connect scanning, Reflscan for SYN scanning, and the UDP scanner from SATAN. I hacked them all to add options and features, but still found them frustrating to use. So I decided to write my own dream port scanner which would be faster, and support all the scan types and options I wanted.
Read on.
Article Link
Tags: NMAP, Fyodor, Insecure.org, NMAP Scanner
Author: Dave Lewis
January 3, 2008 at 8:43 am · Filed under Legal Aspects, Tools
Is the UK government following the German legislation from earlier this year?
From the Reg:
The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called “hacking tools”.
The controversial measure is among amendments to the Computer Misuse Act included in the Police and Justice Act 2006. However, the ban along with measures to increase the maximum penalty for hacking offences to ten years and make denial of service offences clearly illegal, are still not in force and probably won’t be until May 2008 in order not to create overlap with the Serious Crime Bill, currently making its way through the House of Commons.
A revamp of the UK’s outdated computer crime laws is long overdue. However, provisions to ban the development, ownership and distribution of so-called “hacker tools” draw sharp criticism from industry. Critics point out that many of these tools are used by system administrators and security consultants quite legitimately to probe for vulnerabilities in corporate systems.
Any comments?
Article Link
Tags: UK Computer Misuse Act, Police And Justice Act 2006, Hacker Tool Ban
Next entries »
Explore
Security Bloggers Network
