March 29, 2015

Although already a few months old, this little video from the folks at Offensive Security shows that often a system designed to protect the endpoints (like in this case a Symantec solution) becomes the actual entry point for a breach. We had similar experiences with other vendor security solutions.

This highlights the need of proper Penetration Testing rather than just Vulnerability Scanning. A vulnerability scanner only detects vulnerabilities already known, but can’t detect any not-known flaws. This is where the human Pentester thinking out of the box comes in.

Symantec Endpoint Protection Privilege Escalation 0day from Offensive Security on Vimeo.

Share

December 15, 2014

Today we would like to share a useful resource page with you. If you have a file which you may suspect to be malicious, you can upload it there and it will run checks against the most common AV engines. We use that website too, in order to check encoded client side exploits before sending them in Social Engineering audits. Unfortunately it’s really easy to bypass common AV engines when creating malicious Payloads. The bad guys unfortunately know this too.

So which AV program is the best or in other words the hardest to get around? In our experience, the best AV engine to detect even most encoded malware is Kaspersky.

So if you receive a malicious payload, download it to a standalone sandbox (like VMware) and then upload it to Virus Total to check against common AV engines.

https://www.virustotal.com

Share

New Exploits are published daily

Author: Martin Voelk
December 15, 2014

Below you’ll see a snapshot of 10 new exploits which have been published in 1 single day. Imagine that times 30 per month! This is why regular Penetration Testing is so important as it becomes increasingly difficult for companies to keep up with patching and maintenance just on the Security side alone.

Screen Shot 2014-12-15 at 12.22.12

Share

Exploit Databases

Author: Martin Voelk
November 27, 2014

What are exploits? Exploits are software snippets which have been written by Security Professionals or Hackers in order to exploit a vulnerability or flaw in a software or service. Exploits will alter the program flow and typically execute third party code on the victim machine. The sole purpose of exploitation is to alter the intended functions of a system or service in order to gain access to the target system.

There are hundreds of exploits available on public websites.

The 2 main publicly available ones are:

  • securityfocus.com
  • exploit-db.com

There are also a number of websites and individuals who trade so-called ZERO-DAY exploits. Those exploits are exploits, where the vendors don’t have provided a bug fix or update yet, because those exploits haven’t been made known to the public. Dependent on gravity of the exploit, they are trade legally and illegally for tens of thousands of dollars. One of those providers is

  • vupen.com
Share