Tuesday, February 22, 2011

Watcher v1.5.1 has been released

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

  • Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer)
  • Works seamlessly with complex Web 2.0 applications while you drive the Web browser
  • Non-intrusive
  • Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS)
  • Configurable domains with wildcard support
  • Extensible framework for adding new checks

Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com

Download Watcher from: http://websecuritytool.codeplex.com

Saturday, February 19, 2011

IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

I am quite interested in Lotus Domino security, I think it makes an interesting platform for attacking for several reasons. It is a fully packed solution for enterprises (email, collaboration platform and custom application platform) and I don't believe the product has even really been scrutinized from a security pespective.

A remote code execution exploit is now available for the LDAP service, which is enabled by default :s The source of an exploit can be found here.

DOM XSS Scanner

DOMXSS Scanner

DOMXSS Scanner is an online tool that helps you find potential DOM based XSS security vulnerabilities. Enter a URL to scan the document and the included scripts for DOMXSS sources and sinks in the source code of Web pages and JavaScript files.


Friday, February 18, 2011

Java SE 6 Update 24 released

JDK 6 Update 24 is now available to download from Oracle’s Java download page. Looking at the release notes, this is mainly a security and bug fix release. Thankfully, they have addressed the floating point parsing vulnerability which resulted in a denial of service of the JVM through excessive resource consumption.

Sunday, February 13, 2011

Patriot NG 2.0 released

Patriot NG is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks. It is available for Windows XP, Windows Vista, Windows 7 (32Bits & 64bits)

Patriot monitors:

  • Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered.
  • New files in 'Startup' directories
  • New Users in the System
  • New Services installed
    Changes in the hosts file
  • New scheduled jobs
  • Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)
  • Changes in ARP table (Prevention of MITM attacks)
  • Installation of new Drivers
  • New Netbios shares
  • TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)
  • Files in critical directories (New executables, new DLLs...)
  • New hidden windows (cmd.exe / Internet Explorer using OLE objects)
  • Netbios connections to the System
  • ARP Watch (New hosts in your network)
  • NIDS (Detect anomalous network traffic based on editable rules)

Download: http://www.security-projects.com/?Patriot_NG:Download

Documentation: http://www.security-projects.com/ManualPatriot-NG2.0EN.pdf

Video demo: http://vimeo.com/19798452

BeEF v. Released

BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which command module and at which target.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals.
BeEF provides a professional and simple user interface. It is easy to deploy and is implemented in Ruby so it will run on most Operating Systems. The framework contains various command modules which employ BeEF's simple API. This API facilitates quick development of custom modules by the user.

Download: http://code.google.com