Comments for cyberwart

Comment on Undetected Malware Case Study: JAN2010-01 by Undetected Malware Case Study: JAN2010-01 at The Hacker News Network

Undetected Malware Case Study: JAN2010-01 at The Hacker News Network — Tue, 19 Jan 2010 03:58:13 +0000

[...] via Undetected Malware Case Study: JAN2010-01 « cyberwart. [...]

Comment on Password Cracking Insanity by mjw

mjw — Sat, 09 Jan 2010 03:54:45 +0000

To my knowledge Kerberos isn’t vulnerable to PTH style attacks due to the fact that permission tokens are time based and limited. I’m not a kerberos expert – not even close so I won’t dig into trying to get into possible attack vectors. My point is that if you have system on a box (generally required for PTH) and a process is running or will run with the account you need injecting into the process is easier. It’s a tried and true technique.

The issue is mostly letting what you want to do interfere with what you’re trying to do.

Comment on Password Cracking Insanity by ba7eth

ba7eth — Sat, 09 Jan 2010 02:27:51 +0000

Kerberos is a single-singon protocl, so what makes you think that it will not be vulnerable to pass-the-hash attack?

Granted there are no tools publicly available that does that on Kerberos. But when it becomes a stream there is no guarantees that this will be the case.

Or there is guarantees that Kerberos will be immune againt pass-the-hash attacks?

Comment on Mixing File Types by admin

admin — Tue, 11 Aug 2009 00:53:10 +0000

Just FYI on ActiveX yes a user will be presented with a signed control and will have to click to use it. In my experience they do so over 60% of the time. I’m good with that.

As to Word documents, if the macro is signed it will execute in default setting without prompting. CANVAS has this feature built in.

Comment on Mixing File Types by Sky

Sky — Tue, 05 Aug 2008 14:13:19 +0000

Prove it. for spaming a site and having very little to say, you do sound pretty stupid. there are security features like Security Settings for AX controls in Word. and the same goes for the HTML pull down, it only allows picture pull downs on trusted or “ok’d” docs…. so if you click ok its your own stupid fault.

Comment on Mixing File Types by Anon H4ck3r

Anon H4ck3r — Sat, 02 Aug 2008 12:01:16 +0000

AWESOME STUFF
thanx so much

Comment on Ripped from the Headlines: Antiforensics by Daniel

Daniel — Thu, 11 Oct 2007 13:34:41 +0000

I couldn’t understand some parts of this article Ripped from the Headlines: Antiforensics, but I guess I just need to check some more resources regarding this, because it sounds interesting.

Comment on Ripped from Elsewhere: Requirements for Effective Fuzzing by anonymous

anonymous — Thu, 30 Aug 2007 22:02:42 +0000

Actually there is an Ida plugin that will map code coverag.

Comment on How Hacking Dies…. to thunderous applause by xs

xs — Mon, 13 Aug 2007 06:11:42 +0000

The HEAP talk was “Understanding the HEAP by breaking it”. Very good technical paper to read when jacked up on Monster and Penguins.

I also agree that alot of the scene is move to more of a side channel. People meeting and talking. Same kind of stuff in our crew. Talking about new code, 0-days or just drinking and having fun.

We are going to hit shmoo next year and see what it is like. I think alot of people want to work with shmoo, it’s just getting them to respond to you and work with ya. Good luck with that.

Maybe we can find some sexy girls before next year and get them in our crew so we can go to the hacker pimps and the ninja parties. I have been going to Defcon and BH for fours years and have never been invited. Maybe we lack foo.

BH and DC seem to be selling out there talk spots to the highest vendor. Just look at who is speaking at BH this year. All of the major speakers were major sponsors to the con. HUMMM…. so DT sold it and then sold out.

Comment on How Hacking Dies…. to thunderous applause by mjw

mjw — Sat, 11 Aug 2007 04:00:20 +0000

I thought HD’s talk was alright. It’s the style of pen-testing that I prefer. Far too many people perform a “vulnerability assessment” and call it a pen test. I think there’s an important difference in that a VA is essentially scanning a network for a known vulnerability. It’s pretty much just auditing the patch management system. Pen testing, hacking to me, is right on with what HD was talking about. However, as that’s what I do all the time the talks seemed rather slow to me (not to mention they took up 2 blocks).

Which talk about heap exploiting are you talking about? The one talking about dereferenced pointers?

I think the real “scene” is moving to the sidelines of BH/Defcon. I got a nice DoS against the iPhone that I’m still playing with and I talked about a few cool topics with some buddies — but I just have to wonder what’s the point if the best part of the conference is talking with friends?

My new goal is to get more involved with the Shmoo group and try to help build up shmoocon. Despite have the same old taste of DC I think it’s the best route to having a really meaningful experience.