Interesting links – January 11
Potentially interesting links for January 11:
- wireplay – Facilitates fuzzing of unknown/custom protocols. Reads PCAP dumps of valid communication between the target server and its client application, then modify the original data to introduce possible faults in the server and replay it to the server.
- finddomains – Helps discover other domain names/web sites/virtual hosts hosted on a specific IP. Windows dot net only. Need Bing API key.
Interesting links – January 4
Potentially interesting links for January 4:
- Ending the PCI Blame Game – Great article on the current crimeware plague draining bank accounts and suggestions on how to deal with it “Third-wave attacks are now, in my opinion, a national security concern, as this same technique can defeat security protections in place across the power grid and the military.”
- Web Application Threat Classification – An effort to clarify and organize the threats to the security of a web site. Provides application developers, security professionals, vendors, and auditors withc a consistent language and definitions for web security related issues.
- WeChall Participating Sites – List of challenge sites. Test your pentest skills.
- Blue Coat EICAR test files – EICAR AV test pattern encoded and compressed using various methods (zip, rar, ms compress, etc).
Project Honeypot spam report
The unsung heroes at Project Honeypot have just released a short analysis of spam traffic observed over the past five years.
The report 1 Billion Spammers Served “celebrates” the project receiving it’s one billionth spam message in it’s worldwide network of spam traps. Some salient points:
- Number of bots has quadrupled each year with nearly 400,000 bots active on any given day.
- Most spammers still seem to be in the United States (as opposed to where it’s actually sent from, eg. China)
- Phishing spam most often claim financial institutions as the fictitious origin, followed by Facebook.
- Comment spam (e.g. on blogs) is increasing, but bots are as widely used (yet) to post comment spam.
The full report is here.
Consider joining the project. They offer some useful services: an HTTP blacklist to reduce address harvesting from your sites, an IP monitor service to alert you of suspicious activity form your netblocks (which I wrote about before), and real-time spam feeds to tune your filters. You can help the project via direct donations, installing a honeypot or donating an MX record to catch spammer scum yourself.
Interesting links – December 14
Potentially interesting links for December 14:
- Graudit – Simple script and signature sets to find potential security flaws in source code. Comparable to RATS, SWAAT and flaw-finder. For asp, jsp, perl, php and python
- halberd – Attempts to discover real servers behind virtual IPs, such as load balancers.
- SHODAN – Computer Search Engine – lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well.
- SG Ports Database (tcp/udp) – Good network port identification database
- MalwareURL – Database of reported malicious sites. Good for mining DNS and related sites info.
- Detect and Eliminate Computer Assisted Forensics (DECAF) – Allegedly provides real-time monitoring for signatures of Microsoft’’s COFEE forensics tool on USB devices and running applications, then performs log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings.
Interesting links – December 4
Potentially interesting links for December 4:
- Testing Methodologies – Processes for validating the performance and reliability of load balancers, firewalls, IPS, resistance to DoS and botnets
- Clientless SSL VPNs break web browser domain-based security models – Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks.
- fimap – Can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in web apps. Python.
Older articles »