Security Basics

RE: locating exploits in open source

Tue, 22 May 2012 22:20:04 GMT

Posted by Vincent Verloop on May 22

Search for Metaspoitable. It's a Virtual Machine (linux). Also look for
Nessus.

-----Oorspronkelijk bericht-----
Van: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
Namens Bob Bobson
Verzonden: dinsdag 22 mei 2012 23:45
Aan: security-basics () securityfocus com
Onderwerp: Re: locating exploits in open source

Alternatively you can attempt to locate a version ofDamn Vulnerable Linux.
Although it has been...

Re: locating exploits in open source

Tue, 22 May 2012 21:59:46 GMT

Posted by Robert Musser on May 22

Active torrent of Damn Vulnerable Linux:
https://thepiratebay.se/torrent/6519397/Damn_Vulnerable_Linux_1.5_-_Infectious_Disease

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site...

Re: locating exploits in open source

Tue, 22 May 2012 21:46:03 GMT

Posted by Bob Bobson on May 22

Alternatively you can attempt to locate a version ofDamn Vulnerable Linux. Although it has been discontinued and most
torrents have died by now (there are still a few seeds here and there), it remains one of my personal favorites when it
comes to learning about vulnerabilities.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the...

Re: How to prevent zero day attacks

Tue, 22 May 2012 21:32:37 GMT

Posted by Michał Purzyński on May 22

Just make sure it will detect EMET specific ASLR that does differ from platform one.

It's secure till it stays in the box. Against remote attacks, not physical ;)

Like i said. If you want to have a full cover, you need to recompile lots of binaries, libs, etc.

Yeah, you are right - people do not patch their systems. And even if they do, who tests them later? Windows
administrators - when was the last time you have checked if MS security...

Re: How to prevent zero day attacks

Tue, 22 May 2012 19:50:18 GMT

Posted by Jeffrey Walton on May 22

EMET is a nice tool (I don't hear it mentioned too often. Another neat
one is BinScope, which allows you to examine platform security
integration, such as ASLR and DEP.

So much for "Secure Out of the Box".

Don't hold your breathe for --noexec-heap (unless its a hardend
distribution). Checksec is a good tool to audit binaries for this.

According to Verizon Data Breach Report, most breaches are not 0-day,
which probably makes...

Re: locating exploits in open source

Tue, 22 May 2012 18:55:10 GMT

Posted by AK on May 22

ASLR is not your only problem under Linux. If you are using a modern
distribution (e.g. your homebox) there are loads other protections
enabled. Your best bet is to download an older one, turn off protections
where needed (via proc and via linker options) and start from there.
Userland exploitation is not beginner material with all the mitigations
enabled.

------------------------------------------------------------------------
Securing Apache...

RE: How to prevent zero day attacks

Tue, 22 May 2012 18:51:41 GMT

Posted by David Gillett on May 22

amishra.jsr () gmail com [mailto:amishra.jsr () gmail com] wrote:

technique. This doesn't help in zero day attack. Therefore, what can be done
to prevent zero-day attacks?

While this is the "traditional" approach, "all" may be an overstatement.
Several antivirus/antimalware solutions include a "heuristic" component
which can, if not *prevent* an attack, alert you that an application's
behavior is...

Re: How to prevent zero day attacks

Tue, 22 May 2012 18:47:05 GMT

Posted by synja on May 22

There are a few other things that *need* to be mentioned:

1. Make sure the asset you are protecting is worth the value of the protection.

2. If you don't know what you're doing, DO NOT add complexity. A poorly configured protection mechanism is just as bad
if not worse than nothing at all.

3. The OS usually contains the tools you need already. Learn them and make sure something is missing before you add
software.

Rob
Sent on the...

Re: locating exploits in open source

Tue, 22 May 2012 17:59:23 GMT

Posted by Littlefield, Tyler on May 22

Thanks all for the info. I really appreciated it. Luckaly I have some
experience with asm, though it is limited. The videos are nice, though I
am going to have to supplement them with extra materials more than
usual, since I am blind and it's hard to tell what he is doing all the time.

Anyway, again I appreciate the help. I do have a question.
If I am going to use a buffer overflow, I want to make sure I understand
this right.
If I have...

Re: How to prevent zero day attacks

Tue, 22 May 2012 17:28:02 GMT

Posted by Memory Vandal on May 22

Most people think of only defensive ways to protect. One must think
how can the system be broken offensively and fix the holes found.
Clearly, most implementers dont have any offensive experience as they
think only to plug holes they know of.

How about a 0day in the sandbox created to prevent a 0day scenario in
an application? Lower user privileges? the payload would run with
lower priviledge and still may be able to read user files (like stored...

RE: How to prevent zero day attacks

Tue, 22 May 2012 16:58:13 GMT

Posted by Jerome Athias on May 22

try to be aware of them

Envoyé à partir de mon Windows Phone
De : Michał Purzyński
Envoyé : 22/05/2012 17:20
À : sjalex () taidri com
Cc : synja () synfulvisions com; amishra.jsr () gmail com;
listbounce () securityfocus com; security-basics () securityfocus com
Objet : Re: How to prevent zero day attacks
Are we talking about some specific systems or just generic techniques?

If generic - you've got some good answeres already. I would...

Re: How to prevent zero day attacks

Tue, 22 May 2012 16:23:36 GMT

Posted by Michał Purzyński on May 22

Are we talking about some specific systems or just generic techniques?

If generic - you've got some good answeres already. I would add - segment your networking. Assume every system will be
owned, sooner or later - and plan for it. Local firewall is nice, but when (not if) someone will get
"root/Administrator" access he will bypass it anyway. Inwest into good network design, think - what could i do, as the
attacker, after...

RE: locating exploits in open source

Tue, 22 May 2012 15:59:57 GMT

Posted by Mike Vella on May 22

You may wish to take a look at assembly language. It will give you a good
grounding in understanding why\how buffer overflows are exploited.
It will highlight the importance of good coding practices.
You will need to be familiar with a programming language to truly have fun
with this.
I wish I had more time to contribute to these forums! I could type for a
long time about such things.
Take a look here , someone posted it a week or two ago.....

Re: locating exploits in open source

Tue, 22 May 2012 15:49:23 GMT

Posted by haZard0us on May 22

Fuzzing is a way to find it.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on...

Re: How to prevent zero day attacks

Tue, 22 May 2012 15:44:34 GMT

Posted by Stephanus J Alex Taidri on May 22

Seconded to Rob....

Limit the OS to run with least privilege as possible instead of
granting administrator access to normal user.
This is common for Linux OS, Mac OS and Windows 7 onwards to have apps
running with normal user privilege and required User Access Control
(UAC) to confirmed any changes that required root/admin privilege.

Train the end-users to not simply ignore any UAC pop-up window(s), to
read carefully and understand it well...