Paypal CRMgateway XSS

Paypal used to suffer from a lot from phishing attacks in the past and i bet even today, the bad guys are finding ways to exploit this hole to get more money. I was again playing around and i managed to find a XSS hole in paypal's crmgateway. Well, it seems like paypal never learn their lesson in the past and still allows for injections. Anyway, i had already cancelled my account with paypal because of their bad service and unforgivable mistake they...

Read More

A Plea to the Worthies

You may have seen stories like Cybersecurity Experts Collaborate with subtitles like A think tank has tapped several heavyweight security experts to staff a commission that will advise the president. That story continues:The Center for Strategic and International Studies (CSIS) wants the commission to come up with a list of recommendations that the new president who takes office in January 2009 "can pick up and run with right away," said James Lewis,...

Read More

Hacking and Cracking Wireless

One day after intruding into the router, i remembered my colleague Mark compiled a list of Aircrack-ng commands for cracking and injection. He was doing a wireless project and managed to capture the commands needed when doing the pentest. Check it out. This is a summarized version of the Aircrack-ng commands and it comes in very handy when doing a wireless audit and save you the time needed to read manuals. Use it in your next wireless audit. Thank you Mark for the compilation and your effort.--------------------------------------------------------------------install...

Read More

Hacked into a Wireless Router.

These days, i am just mad crazy. Hacking, hacking and still hacking. Basically i am dead boring and decide to see how far can i go with my hacking skills. Today, after finishing auditing a customer, i wanted to check my email as i need to send out an urgent email. I saw an internet cafe with Wifi connection, however there was encryption on. Within a few minutes, i managed to crack their password and hacked straight into their router. With that, i...

Read More

Web Application Security with Joe Walker

This is a great slideshare from Joe Walker with all the new hacking techniques that involves with ajax and Web2.0. Its content is simple yet very entertaining and easily understandable. Check it out guys, | View | Upload your own http://getahead.org/blog/joe/The Hacka ...

Read More

Free Audit, Is it Real??

Ok, i am providing free audits for those who need my help in assisting them to secure their applications or networks and read properly, i am NOT charging a single cent for my effort of work in helping you. The reason for doing so is because i am giving back to the community that once helped me in getting where i am today. I remembered i was hacking like nobody business back in the days with trojans, port scanning, exploits, etc..I was very young then and indeed very enthusiastic in all sorts of hacking. Today, because of the busy work schedule...

Read More

Wake Up Corporate America

I am constantly hammered for downplaying the "inside threat" and focusing on external attackers. Several months ago I noted the Month of Owned Corporations as an example of enterprises demonstrating security failures exploited by outsiders. Thanks to Bots Rise in the Enterprise, it appears the external threat is finally getting more attention:Who says bots are just for home PCs? Turns out bot infections in the enterprise may be more widespread...

Read More

Detecting BroadVision Applications. Are they secure?

Are proprietary applications secure? Well, i guess yes and no. Security researchers are constantly researching for flaws in those applications and only if a bug is reported, will only then the company take actions to secure their loopholes. I am currently auditing a BroadVision application and what a surprised i got from my results. I am not supposed to reveal anything, but i let me tell you, for a critical application like this, i am not sure if the customer is using an old version of BroadVision or it was simply not check for sanitization. I...

Read More

Injection Vectors, Are you up for it?

Recently, i had been doing a lot of web penetration test and i realised that most of them suffers from injection flaws. Well, some can be deadly and some were just pretty minor. Well, it doesnt matter whether how severe the injection point is, if your site can be injected, it means that there are still some sanatizing and input validation work which still need to be followed up. Whenever i perform a penetration test on huge organization, scanners...

Read More

An Important Lesson, Passive Enumeration with Paterva

I am about to assigned to a very exciting project and one of the most important elements of hacking is passive enumeration. I mean to bring down an organization or their networks, passive enumeration is definitely a must! This weekend i was scouring around for effective tools that would allow me to perform my search much faster and in a more logical and graphical manner and i happen to stumble on a site called Paterva. This is a wonderful toy for...

Read More

Citrix Hacking

Few weeks ago, pdp released an article about citrix hacking and it actually caught my attention. I read through a total of 4 pdp's posts and also wirepair's whitepaper on hackingcitrix. It was overall a basic yet interesting article and actually gave me an idea on how to start enumeration and hacking citrix. Well, for my next trick when i am about to audit citrix soon, i will start employing the techniques that was discussed in the article and also include one of my favourite tricks of all time that would actually find flaws in the Citrix application....

Read More

Checkpwd 2.00 A12 released

Alexander Kornbrust of red database security just released the much anticipated checkpwd oracle cracking tool. This release has much improvement over the previous releases. Some of those include:* support for Oracle 11g passwords* support for APEX passwords (1.4-3.0.1)* collect passwords from the database* collect password candidates from the database* option not to display the oracle password in command line* crack passwords from the password history* crack role passwords* save checkpwd default configuration in a configuration file* read username...

Read More

Are You Secure? Prove It.

Are you secure? Prove it. These five words form the core of my recent thinking on the digital security scene. Let me expand "secure" to mean the definition I provided in my first book: Security is the process of maintaining an acceptable level of perceived risk. I defined risk as the probability of suffering harm or loss. You could expand my five word question into are you operating a process that maintains an acceptable level of perceived risk?Let's...

Read More

Microsoft, Explain Threats to Microsoft

The Microsoft Malware Protection Center recently published their third Security Intelligence Report. The front page of the report saysAn in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software, focusing on the first half of 2007Inside it continues:This report provides an in-depth perspective on software vulnerabilities (both in Microsoft software and third-party software), software...

Read More

FreeBSD 7.0 Developments

I am happy to announce that progress is being made towards the release of FreeBSD 7.0. This announcement says the release cycles for FreeBSD 7.0 and 6.3 have begun. The first 7.0-BETA1 .iso's you might want to test on a fresh system have been published. The announcement says "Instructions on using FreeBSD Update to perform a binary upgrade from FreeBSD 6.x to 7.0-BETA1 will be provided via the freebsd-stable list when available."The FreeBSD 7.0...

Read More

Counterintelligence and the Cyber Threat

Friday I attended an open symposium hosted by the Office of the National Counterintelligence Executive (ONCIX). It was titled Counterintelligence and the Cyber Threat and featured speakers and panels from government, law enforcement, industry, legal, and academic organizations. I attended as a representative of my company because our CSO, Frank Taylor, participated in the industry panel.If you're not familiar with the term counterintelligence,...

Read More

Results from Hacking a huge organization

The other night i was auditing one of the customers here in Singapore. It was a huge organization with massive workforce and manpower. Normally huge organization tend to give people an impression that they must be secure because either they have enough internal people to do the patching or they must be doing some kind of upgrading work every now and then to have their servers or networks compliance with the government authority.The results from my audit depicted that life isn't a bed of roses. Multiple servers suffers from DoS, buffer overflows...

Read More

Russian Business Network

This week Brian Krebs of Security Fix wrote Shadowy Russian Firm Seen as Conduit for Cybercrime, Taking on the Russian Business Network, Mapping the Russian Business Network, and The Russian Business Network Responds. These are great articles, that, at the very least, bring a true threat to a wider audience. This Slashdot post featured a helpful thread providing some technical details on the network itself. If you would like to try identifying some of the networks involved, my post Routing Enumeration might be helpful. Searches via RIPE could...

Read More

Short update on audit

For those of you guys who are waiting for the result of the audit, because of the things i found and the sheer volume of report writing i am doing, i will only update the findings next week when i finish the report. Sorry for the wait, but thanks for the understanding.The Hacka ...

Read More

e... singapore, re-evaluate your website!

Well, i am roughly around 10 mins before i start audit, but anyway, i would love to talk about e... singapore. Heard quite a few bad things about e... singapore and i remembered while i was at Dubai, i was asking them for a job, but in the end, they void my application. Back in Singapore, my colleagues were just talking about security companies in Singapore and they mentioned e.... I have no grudges against e..., but frankly speaking, as a MSS and now trying to expand their business into the IS field, i am issuing a challenge against them. By just...

Read More

ScanAlert, Hacker Safe?

Yesterday, i heard from my colleagues that we would be joining forces with ScanAlert and i was really puzzled with the move. I was asking myself that if ScanAlert is really Hacker Safe? Are they really that good with their scanners? Did they use open source scanners and customized it to their own? Are those clients they have really safe from hackers? Can i say that if i use ScanAlert service to scan my website or network, i will be safe from hackers?...

Read More

Review of LAN Switch Security Posted

Amazon.com just posted my three star review of LAN Switch Security: What Hackers Know About Your Switches. From the review:I really looked forward to reading LAN Switch Security (LSS), simply because it covered layer 2 issues. These days application security, rootkits, and similar topics get all the press, but the foundation of the network is still critical. Unfortunately, LSS disappointed me enough to warrant this three star review. I'm afraid those before me who wrote five star reviews 1) don't read enough other books or 2) don't set their expectations...

Read More

CSI Annual 2007 Contest

I've been given a press pass to attend CSI 2007 in Washington, DC, 3-9 November 2007. In exchange for posting the following, I've also got a $100 discount for anyone using the code CSI2007.CSI Annual Conference 2007 November 3-9, 2007 Hyatt Regency Crystal City Arlington, Virginia www.CSIAnnual.comCSI 2007, held November 3-9 in Arlington, VA, delivers a business-focused overview of enterprise security. 2,000+ delegates, 80 exhibitors and features...

Read More

Air Force Cyberspace Report

This week I attended Victory in Cyberspace, an event held at the National Press Club. It centered on the release of a report written by a href="http://www.irisresearch.com/grant.html">Dr. Rebecca Grant for the Air Force Association's Eaker Institute. The report is titled Victory in Cyberspace (.pdf). The panel (pictured at left) included Lt. Gen. Robert J. Elder, Lt Gen. (ret) John R. Baker, and Gen. (ret) John P. Jumper. Dr. Grant is seated...

Read More

XSS-Proxy PoC

The other day, i was thinking about how can i actually get more sales during a meeting session with customers and with the current bloom of hacking websites, i thought its time to actually show customers of what i can do and the impact of a XSS vulnerability. I referred to the book "XSS Exploit and Defence" by Jeremiah and Rsnake and i decided to go with a tool called the XSS-Proxy. All i can say is this tool is really light and easy to use. All...

Read More

Alternatives to "Expert Opinions"

If you read The Doomsday Clock you probably recognize I have a dim opinion of "expert opinion," especially by committee. At the risk of making a political statement, I rank expert opinion alongside central planning as some of the worst ways to make decisions -- at least where a large amount of complexity must be accommodated.What is my alternative? I believe free markets are the best way to synthesize competing data points to produce an assessment....

Read More

The Doomsday Clock

Tonight I finished watching a show called The Doomsday Clock, on the best TV channel (the History Channel, of course). I was vaguely aware of the clock, maintained by the Bulletin of the Atomic Scientists, but I didn't know the history of the project. According to Minutes to Midnight:The Bulletin of the Atomic Scientists’ Doomsday Clock conveys how close humanity is to catastrophic destruction--the figurative midnight--and monitors the means humankind...

Read More

Be the Caveman Lawyer

A few weeks ago I recommended security people to at least Be the Caveman and perform basic adversary simulation / red teaming. Now I read Australia's top enterprises hit by laymen hackers in less than 24 hours:A penetration test of 200 of Australia's largest enterprises has found severe network security flaws in 79 percent of those surveyed.The tests, undertaken by University of Technology Sydney (UTS), saw 25 non-IT students breach security infrastructure...

Read More

AppCodeScan beta Released

Few minutes ago, Shreeraj just updated me with the release of a new tool from Blueinfy. This tool basically check your source code for potential entry points for xss, sql injection, poor validation etc. Well, personally i had not tested the tool due to time constraints and my busy schedule. I would strongly recommend anyone who has the time to actually download the tool and give it a try and its free anyway. The tool is called AppCodeScan and for those who had already tried the tool, feel free to let me know as trust me, i am really eager to try...

Read More

Try this at your own risk, COKE Machine hacked!!

I was checking PDP's hack on citrix and i stumble across a coke machine hack. Well, i am not sure if this is an old exploit or if it is still working as of today or it is patched. However, i could not replicate this hack on a vending machine here. Maybe it is of a different model or different system or different chipset. Whatever it is, this is a cool one. Simple yet effective.The Hacka ...

Read More

One Review and One Prereview

Amazon.com just published my five star review of Security Data Visualization by Greg Conti. From the review:Security Data Visualization (SDV) is a great book. It's perfect for readers familiar with security who are looking to add new weapons to their defensive arsenals. Even offensive players will find something to like in SDV. The book is essentially an introduction to the field, but it is well-written, organized, and clear. I recommend all security...

Read More

Just another XSS

Well, i am getting tired of your site "big organization". PoC shown with screenshots of your site being XSS numerous times. Just patch up quick and you will be alright. Hire me or get someone to do the job. What ever you decide, wish you good luck and all the best. The Hacka ...

Read More

Intruders Continue to Be Unpredictable

One of my three basic security principles is advanced intruders are unpredictable. Believing you can predict what intruders are going to do next results in soccer-goal security. As I said in Pescatore on Security Trends, advanced attackers are digital innovators. I think I will start calling advanced intruders intrupreneurs.I just read and watched great examples of this principle in action courtesy of pdp at CITRIX: Owning the Legitimate Backdoor....

Read More

Preventation is better than Cure

With over 6 years of experience in penetration tests of all sorts of systems from networks to web applications to databases to many others more, I can say that i have successfully achieve my goals as "hacker" or a white hat. As usual, i am constantly keeping myself abreast of the lastest exploits and hacking methodology. I am not really a true researcher, but however a guy who loves to read all sorts hacking books or articles. Well, with the recent work i am doing on web applications, i can say that most web applications are truly not secure and...

Read More