Related articles
- How to import cert on Android
- Good ref on analysis of some iOS apps
- Fix in Burp to handle Android proxying
- Setting up Burp for listener cert
- Thread on Burp forum
- Episode307 on PaulDotCom
My debloat list for SGS3 with Rogers Wireless
Other Refs
Apps Safe to Remove on Samsung Galaxy S3 (Sprint Version, Stock Rooted)
Good list, no comments for apk's
T-Mobile Galaxy Note II General > List of apps for Debloating and "Android OS" Battery Hogging
Good list, battery drain fix with mediaserver, sugg. Media Fix Root
Galaxy Y GT-S5360 General > [LIST] System Apps that are SAFE* to remove!
Great list, with comment for each apk
Samsung Galaxy S3 - Spreadsheet of applications safe to remove
I think it's based on the S2 spreadsheet, all apk's with comments
Spreadsheet of Galaxy S apk-list-what-you-need-and-dont-need
Here we will work on the host's files directly instead of exporting them to a different format (ie: OVF, OVA...) and then reimporting them.
/vmfs/volumes/4e5bfad0-283f8ee6-1b9d-b499ba04496a/Small and temporary VM for Eric # vi Small\ and\ temporary\ VM\ for\ Eric.vmdk
# Disk DescriptorFile
version=1
encoding="UTF-8"
CID=f7fc44b3
parentCID=ffffffff
isNativeSnapshot="no"
createType="vmfs"
# Extent description
RW 2097152 VMFS "Small and temporary VM for Eric-flat.vmdk"
RW 32 VMFS "/bootbank/state.tgz"[...]
Good! we can get host volume details from a guest!
/vmfs/volumes/4e5bfad0-283f8ee6-1b9d-b499ba04496a/Small and temporary VM for Eric # vi Small\ and\ temporary\ VM\ for\ Eric.vmdk
# Disk DescriptorFile
version=1
encoding="UTF-8"
CID=f7fc44b3
parentCID=ffffffff
isNativeSnapshot="no"
createType="vmfs"
# Extent description
RW 2097152 VMFS "Small and temporary VM for Eric-flat.vmdk"
RW 8386560 VMFSRAW "/dev/disks/naa.600508b1001c1bd269ddc2f549010bad:2"
[...]
Mark Bagget was able to extract web session details (including user credentials using SSL) by turning on some event tracing on a Windows target (i.e. post exploitation tool). This is described on the PaulDotCom show notes at
Episode300 - PaulDotCom Security Weekly. NB: this method has prerequisites (WinInet API usage).
There exists an interesting “feature” in Cisco IP phones that allows a crafty user to remotely control a Cisco IP phone and set it to call a remote number (if setup to do so) and allow audio to stream normally — in effect allowing someone to remotely audio bug a room. In all fairness, this feature requires the controlling user to know the configured password for the phone which many installations leave the default password of “cisco” set.
To try this out:
- Telnet to the phone (e.g. “telnet 192.0.2.10″). You may need to bridge your PC to the IP Phone VLAN from within the office (see http://www.linuxjournal.com/article/10821?page=0,2, use VLAN as determined from an IP phone's settings - eg: VLAN 161, IP: 172.16.2.241/255.255.255.127, DHCP server: 172.16.29.10, Host Name: SEPD0C282439930)
- Enter the password for the phone At the “SIP Phone>” prompt: Start a “test” session with “test open”
- Virtually take the phone off the hook with “test offhook”
- Virtually dial the telephone number where the audio stream should go with “test key
” (e.g. “test key 14155556666″) The phone will start to make the call… Switch to speakerphone with “test key spkr” (to virtually push the Speakerphone key) Listen to the audio streaming from the phone…
SANS Security Awareness Presentations:
Securing The Human: takes you step by step how to build a high-impact awareness program that ensures your organization is not only compliant but secure by changing human behavior. Topics include building your Steering Committee, identifying WHO you are targeting in your program, WHAT you want to communicate and HOW. In addition we cover key topics such as updating your program and how to measure it through effective metrics.Securing The Kids: for parents to help better understand and how to protect their kids online. We cover the top three risks kids face online and the top five steps you can take to protect them. This course is based on the experiences and lessons learned from a variety of SANS top instructors who not only specialize in security, but are parents just like you.Internet Security Guide For Kids:for parents to present to K-5th graders on how they can safely use the Internet. The information here is similar to the lessons learned in Securing The Kids, but presented in a graphical, kid friendly manner.
Problem:
What needs to be configured to ensure a thorough web application audit is performed by Nessus?
Solution:
Tenable encourages users to run a full vulnerability scan with all plugins enabled. If you want to streamline a policy to only focus on a web application, the following steps outline the process for creating a new policy designed to run a web application audit:
For more information about the settings you can watch our instructional videos at:
- Create a new policy. (Policies -> Add)
- Under the “General” tab options, set up a scan as you normally would. Ensure at least one TCP-based port scanner is selected and provide a list of ports with web servers running on the host(s). Note: Only use this method if you are absolutely sure you know of all web servers running on the targets. Otherwise, select a port range so that Nessus can detect web servers and applications to audit.
- Under the “Plugins” tab, ensure the following plugin families are enabled:
- CGI abuses – This plugin family checks for a wide range of commercial and open source applications that have documented vulnerabilities. These checks include software detection, information disclosure, SQL injection, file inclusion, overflows and more.
- CGI abuses : XSS – This plugin family checks for a wide range of commercial and open source applications that have documented Cross-site Scripting (XSS) vulnerabilities.
- Database – Many web applications will utilize a database for storing large amounts of data. SQL injection attacks are designed to target database servers via web applications.
- FTP – Some sites use FTP for administrators to upload web application content or update the application.
- General – This plugin family contains plugins that identify operating systems via HTTP, perform a wide variety of SSL checks and more.
- Service detection – Contains checks for a wide variety of services and technologies, many of which support web servers and applications.
- Web servers – This plugin family contains over 500 checks for vulnerabilities in popular web servers including Apache, Tomcat, IIS and WebSphere. In addition, this plugin family includes checks for frameworks such as PHP, common web server issues associated with the HTTP(S) protocol, OpenSSL checks and more.
- Under the “Preferences” tab, there are several drop-down menus with additional configuration options that must be specified:
- Under “Global variable settings”, select “Enable CGI scanning”. Optionally, the “Thorough tests (slow)” can be enabled and “Report verbosity” can be set to “Verbose” to provide additional vulnerability checks and better reporting.
- The “HTTP cookies import” drop-down can be used to import cookies as a means for authenticating to the application. This is not explicitly required, but some means of authentication should be provided.
- The “HTTP login page” drop-down provides over a dozen options that direct Nessus to a custom web application. This includes the URL to the login page (e.g., /application/login.php), login form (i.e., if the login data is sent to a different location), relevant form fields for authentication (the “user” and “pass” variables should be changed to reflect your application, %USER% and %PASS% are pulled from the “Login configurations” drop-down menu) and options that control how Nessus behaves in relation to the authentication process.
- The “Login configurations” can be used if the application is protected using HTTP Basic Authentication, Digest or NTLM.
- The “Web Application Tests Settings” drop-down contains several important options for enabling testing of custom applications. The “Enable web applications tests” must be enabled, or Nessus will only scan for known vulnerabilities based on prior public disclosures. This page also contains options for limiting the time to test an application, use of POST requests, the type of argument values to use (refer to the Nessus User Guide for additional information on this option) and more.
- The “Web mirroring” drop-down directs Nessus’ behavior for mirroring the application, a step performed before tests are calculated and run. The total number of pages or depth of mirroring can be controlled, along with the starting page and a delimited list of regular expressions that are used to match web pages that Nessus will exclude (e.g., logout|emailus.php).
http://www.youtube.com/watch?v=fUCgvZnTILo
http://www.youtube.com/watch?v=B5qvVT9iho0
Additionally, you can find detailed information on the preferences in the Nessus User Guide.
Other Refs:
From the Discussions Forum, another related post regarding the use of cookie importing: https://discussions.nessus.org/thread/4395 The missing link in the Nessus docs is that to get the cookie file, you need to use Firefox and export using an add-on such as: https://addons.mozilla.org/en-US/firefox/addon/export-cookies/?src=api Also very important is to tweak a few settings in Nessus: Enable CGI scanning, HTTP Cookies import, Web App Test Settings, Web Mirroring starting points (+ choose some plugins that use these)
Last week’s blog post by SensePost’s Behrang Fouladi demonstrated another way determined attackers could in certain cases circumvent protections built into SecurID.
By reverse engineering software used to manage the cryptographic software tokens on computers running Microsoft’s Windows operating system, he found that the secret “seed” was easy for people with control over the machines to deduce and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.
“When the above has been performed, you should have successfully cloned the victim’s software token and if they run the SecurID software token program on your computer, it will generate the exact same random numbers that are displayed on the victim’s token,” Fouladi wrote.
--
The article Abusing Password Managers with XSS « Neohapsis Labs is the perfect example for why we avoid using automated password submission features in web browsers (either built-in, plugins or other tools). We somehow need to reach a balance between security and ease-of-use.
--
Everybody should be using this service at home: OpenDNS – Parental Controls.
There are various options but I particularly like the HomeVIP option. It costs 20$/year but it provides reporting that is very useful to understand your Internet usage.
Brought to you by Tenable…
Nessus uses data provided by Internet Identity IID, a company that maintains a list of hosts it has determined through various technical means are part of a botnet. Nessus does not perform the technical checks itself; rather it compares the IP addresses being scanned against a list maintained by IID. Inclusion in IID’s list is typically accurate, they experience a very low rate of false positives.
If a host is reported as part of a botnet, there are several things you can do to help validate the finding and respond to the issue:
If you still have questions about your host appearing in the list, you can contact IID at activeknowledge.signals.requests@internetidentity.com with questions. Your initial mail should include the IP address in question, when the IP was reported i.e., when you ran your Nessus scan and any additional information about the host that may be relevant.via Tenable Customer Support Portal (for registered users).
- Check the host against additional third-party lists to determine if the host shows up in those resources: http://isc.sans.edu/sources.html, http://www.malwaredomains.com, http://www.ipvoid.com
- Check the host against known Unsolicited Bulk E-mail UBE/spam blacklists: http://www.dmoz.org/Computers/Internet/E-mail/Spam/Blacklists
- Look for any evidence of the host being compromised e.g., suspicious activity, newly installed software, machine resources being heavily utilized.
- Perform a full vulnerability scan to determine if any high-risk or critical vulnerabilities are present, that may represent the point of intrusion. Ensure web application auditing is enabled, as Nessus can identify malicious web content related to botnet activities.
- Move the host to an isolated network and use a network sniffer to monitor traffic being sent from the machine.
Here’s a very interesting site that demonstrates how to clone contactless proximity cards. The author provides electronic schematics and cloning techniques.
Here’s where to go for installing Google Chrome Frame. To know more about this mechanism to use Chrome from within Internet Explorer, we can go here for a good intro. Adding this IE module will, for instance, allow you to use HTML5 extensions.
The WebPagetest site provides a great way to check a web site’s performance.
Réputation et marque de commerce
|
Viabilité financière
|
Propriété intellectuelle
|
Confidentialité et partenaires
|
Here’s some details on the vulnerability that allows the bypass of WPA/WPA-2 security when a Wireless Access Point has “WIFI Protected Setup” enabled (for certain models & manufacturers). A spreadsheet is currently in construction with the results of WPS Vulnerability Testing (by the security community). My testing with a DLink DIR655 have been non conclusive – i.e. the device doesn’t appear to be vulnerable.