2 min
Microsoft
Patch Tuesday - April 2013 Edition!
The April 2013 MS Tuesday advisories are is out and it forecasts an interesting
patching session for Microsoft administrators. There are 9 advisories, for 14
CVEs, affecting 16 distinct platforms in 5 categories of Microsoft products,
including the not-often-seen patching of “Microsoft Office Web Apps” and
“Microsoft Security Software”.
Once again there is an IE patch (MS13-028) which is rated critical, but this one
differs from last month's incarnation by applying to all supported versions
1 min
Video Tutorial: Installing Kali Linux on Virtual Box
Author: Jeremy Druin
Video Release Announcements: Twitter @webpwnized
Title: Installing Kali Linux on Virtual Box with Nessus and Metasploit
Link: Installing Kali Linux on Virtual Box with Nessus and Metasploit - YouTube
This video is from the April 2013 workshop of the KY ISSA covering the
installation of Kali Linux 1.01 on Virtual Box . Please see notes below the
video.
Notes:
1. Kali version 1.01 64-bit was used in making the video but th
2 min
Metasploit Now Supports Plan 9, the Evolution of Unix
Unix, Evolved
Today, we are delighted to announce the next phase of Metaploit's
expanded support for more diverse host
operating systems. On the heels of our integration work with Kali Linux, we've
been heads-down on putting the finishing touches on our support for the future
of Unix, Plan 9 from Bell Labs.
This renewed commitment to Plan 9 will come as a welcome relief for those of you
who have, until now, been stuck on hobby operating systems such as L
2 min
Weekly Update: Introducing Metasploit 4.5.3
Version bump to Metasploit 4.5.3
This week, we've incremented the Metasploit version number by one trivial point
to 4.5.3 -- this was mainly done to ensure that new users get the fixes for the
four
most
recent
vulnerabilities
4 min
Internet Census 2012 - Thoughts
This week, an anonymous researcher published the results of an "Internet Census"
- an internet-wide scan conducted using 420,000 insecure devices connected to
the public internet and yielding data on used IP space, ports, device types,
services and more. After scanning parts of the internet, the researcher found
thousands of insecurely configured devices using insecure / default passwords on
services and used this fact to make those devices into scanning nodes for his
project. He logged into the
2 min
Nexpose
Calculating Your Average Scan Time
If you are looking to balance out your scan schedule or add new scans to the
mix, it can be helpful to get some direct insight into how much time a new scan
is going to take. One way to estimate that is based upon how long your current
scans are already taking.
To that end, I threw together a script that looks at current scan history and
calculates average scan time per asset. To keep some balance, I only look at
Full audit scans and their live assets. I then calculate the average number of
min
3 min
Patch Tuesday - March 2013 Edition!
Microsoft March 2013 security bulletins are bringing us a slightly
lighter-than-usual patching load and, perhaps, a slightly muted patching urgency
compared to recent months. There are seven advisories, though they cover 20
unique vulnerabilities. Four of the advisories are listed as “Critical”, but
only the first one which applies to all supported versions of Internet Explorer
(6-10) seems likely to be an immediate threat to the average user.
The IE advisory (MS13-021) contains 9 distinct CV
2 min
Metasploit
Metasploit Now Supports Kali Linux, the Evolution of BackTrack
Today, our friends at Offensive Security announced Kali Linux
, which is based
on the philosophy of an offensive approach to security. While defensive
solutions are important to protect your network, it is critical to step into the
shoes of an attacker to see if they're working. Kali Linux is a security
auditing toolkit that enables you just that: test the security of your network
defenses before others do.
Kali is a free, open sour
4 min
Exploits
Exploit for new Vulnerability on Honeywell EBI ActiveX (CVE-2013-0108)
Today, we present to you a new vulnerability, CVE-2013-0108
, discovered in
Honeywell Enterprise Buildings Integrator (EBI)
R310 - R410.2. This platform is used to integrate different systems and devices
such as heating, ventilation, and air conditioning (HVAC) controls; security;
access control; life sa
4 min
New Heap Spray Technique for Metasploit Browser Exploitation
!(/content/images/post-images/14831/Screen shot 2013-03-01 at 10.33.14
AM.png#img-half-right)
Browser vulnerabilities have always been serious threats in today's security
trends. It's almost becoming too common to see people dropping browser 0days to
beef up botnets, or deploying them for "sophisticated" APT-level attacks, etc.
Although browser 0days surface more frequently than ever, some of the techniques
don't seem to change much. The most common trick you'll see is a heap spray
2 min
Compliance
Malicious SSIDs And Web Apps
On February 13th 2013, Cisco released a security notice related to CVE-2013-1131
. According to Cisco, the vulnerability is due to improper validation of the
Service Set Identifier (SSID) when performing a "site survey" to discover other
wireless networks. On the face of it, this vulnerability seems to be low-risk.
Indeed, site surveys are not often performed and an adversary would need to
either be incredibly luc
1 min
Nexpose
Making the Nexpose Gem Easier to Use
In an effort to make API access to Nexpose easier, some efforts are underway to
make the Nexpose Gem easier to use. For those
unfamiliar with the gem, it is a Ruby library that allows for easier scripting
against a Nexpose security console.
Changes to Site
Making changes to a site configuration through the gem used to be a little
complex. The attributes on the configuration were locked down from editing, and
sometimes buried deep in structures that mirrored th
3 min
Metasploit
Weekly Update: Splitting DNS Modules and a D-Link Auth Bypass
DNS Module Split up
This week, we appear to have a whole bunch of new DNS-based enumeration and
information gathering modules. In fact, this was actually more of a housekeeping
chore, largely by longtime Metasploit contributor Carlos @darkoperator Perez.
Darkoperator wrote most of the original enum_dns module as well.
enum_dns became a bit of a junk drawer of DNS functionality -- it did a whole
bunch of everything for DNS. So, instead of just tacking on more and more over
time, it's been split
1 min
IT Ops
Per-log retention period
Typically, you would like to keep logs from development environment (with all
debugging messages enabled) for only a limited amount of time, while production
logs far longer. Up to now you had to set the retention period for the whole
account, keeping development logs longer than needed. We are happy to announce
per-log retention configuration! It gives you the option to fine-tune your
retention policy in a more fine-grained manner than with a default per-account
setting. To set a new log retent
1 min
Vulnerability Correlation -- Enabled by Default
Vulnerability correlation is a feature of Nexpose where a vulnerable result from
one vulnerability can be overridden by an invulnerable result from another. As
an example of how this works and why it is a useful option to have enabled, take
CVE-2011-3192 , a
fun DoS vulnerability that affected Apache HTTPD back in 2011. Nexpose has one
unauthenticated vulnerability check (lets call it V1) that will run against all
discovered Apac