Skip to main content

Posts

Showing posts from October, 2015

Security Risks: Owasp's/Best Way to Differentiate

Application Security Risks Type Of Risks Reference: Link

Pentesting Amazon Web Services with KALI Sana

The installation through the AWS EC2 interface is dead simple. Point, click. Cutting keys and firing up ssh is also easy. But before you get too comfortable, there’s a few things you should know. First, unlike every preceding version of BackTrack and Kali, you do not just log in as root and leave it there. In order to meet the Amazon terms of service, you must log in as a lower-level user (in this case, user “kali”) and then su to root:     $ sudo su     # <-- and you are root! Note no password is required. You should consider running ‘passwd’ to ensure your instance requires one. No one will ever, ever guess ‘toor’. You’re welcome. Second, you should also know this is a “barebones” install. I couldn’t find what the “barebones” term meant anywhere on the kali.org website or support forums. Well it actually means “The Kali Amazon image is what we call a ‘minimal image’, meaning, no tools pre-installed. You can install any tools you need individually, or...

Microsoft Patch Reverse Engineering: 1-DAY Exploits

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers. Lets now try to reverse a latest microsoft security patch{well in my next post I'll show how to use DarunG...