 | Sp0oKeR - Security as way of life | May 16, 2005 |
Here I will post some security tips, articles / paper mine or from other blogs that I think interested . I Iove computer subjects related in special: - Penetration Tests - Network Intrusion Detection System (Snort , Prelude) - Network Security Monitoring (NSM) - Incident Response - Firewall, - Host Intrusion Detection System ( special OSSEC ) - The Open Web Application Security Project (OWASP) - Capitulo Brasil - fuzzing - Vulnerability - Packet Analisys - Log Analysis - Web Application Firewall My contact spooker@gmail.com "Good security costs money but inadequate and ineffective security costs a whole lot more." Palestras e Treinamentos em Seguranca - Entrem em contato Dynamic Security Happy Hacking and enjoy! Rodrigo Montoro (Sp0oKeR) Vale a pena ouvir se tem um tempo livre =)!! Core Security Technologies invites you to tune into a new on-demand webcast featuring renowned security testing expert Victor R. Garza, senior contributing editor with InfoWorld: "Penetration Testing, The Next Security Testing Standard” -- available free online beginning today at Coresecurity.com. http://www.coresecurity.com/index.php5?module=Form&action=webinar&campaign=webcastdemand13 Based on his years of independent consulting and editorial reporting, Garza outlines the need for organizations to utilize penetration testing to gain visibility into their network, web application and end-user security postures – and to generate key data for addressing their most pressing IT risks. Among the points highlighted by the expert during the program are: *Why penetration testing has emerged as a security testing standard *Where penetration testing fits into the vulnerability management process and why it is so critical to your enterprise *What results you can expect from a penetration test *When you should conduct penetration tests *How to decide between in-house, product-based testing and outsourced services This webcast is ideal for everyone from hands-on security professionals looking for ways to better promote penetration testing to colleagues, to C-level executives wondering how real-world security assessment is crucial to the proactive defense of an organization’s information assets. The broadcast also includes input from Core Security experts about how CORE IMPACT helps IT security departments perform ongoing, automated pen testing to stay ahead of their organizations’ most pressing security and compliance issues. *View to the webcast here: http://www.coresecurity.com/index.php5?module=Form&action=webinar&campaign=webcastdemand13 Best Regards, Core Security Technologies 41 Farnsworth Street Boston, MA 02210 www.coresecurity.comHappy Hacking! Rodrigo Montoro (Sp0oKeR) Aviso retirado da securiteam, e muito interessante =) I updated a tool I wrote a long time ago. This time, it features: - full SSL support (client and server with certificates) - port proxying (TCP and UDP) - SSL proxying - IPv4/IPv6 proxying - IPv4 and IPv6 support To know more: http://www.gomor.org/bin/view/GomorOrg/SslNetcatSe o netcat já é bom, ele tunado é o que há! Happy Hacking! Rodrigo Montoro (Sp0oKeR) Nem preciso fazer muitos comentários sobre esse excelente projeto de HIDS (Host Intrusion Detection System) / LIDS (Log-Based Intrusion Detection System) que é originado e coordenado pelo Daniel Cid. Como havia postado antes alguns previews de funcionalidades, a versão 1.5 tem muito a agregar . From http://www.ossec.net/main/ossec-v15-released : We are very pleased to announce the general availability of OSSEC version 1.5. This version comes with lots of bug fixes and new features, including: -New log formats (info): - Solaris BSM auditing logs
- Asterisk logs
- Checkpoint and Smart Defense logs
- Debian package (dpkg) install/status/remove messages
- Shorewall logs
- Postfix SASL error messages
- Localized pure-ftpd messages (for 12 different languages)
- DJB multilog
-Greek translation of the install. -Added agent_control tool to manage the agents directly from the server (info). -New options to syscheckd/rootcheckd to better schedule the scans (info). -Performance improvements to the Windows Agent, specially when dealing with
large event logs. -Added new options to Rootcheck to look for common web exploits installed
on the system (used to attack others). Check the v1.5 Changelog to see all the changes and contributors. Download it from: http://www.ossec.net/main/downloads . Special thanks to Martin West, Sebastien Tricaud, Giannis Vrentzos, Sandro Gauci, Michael Starks, Cedric Bleimling, Dean Takemori and Dennis Golden for the contributions and John Lewis, Daniel Medianero, John Ives and Derek Morris for beta testing this release. Fonte: http://www.ossec.net/dcid/?p=133 Happy Hacking! Rodrigo Montoro (Sp0oKeR)
Achei bem interessante esse paper Abstract
--------
This paper describes a new way of a covert channels design. This is done by changing the protocol of
the tunnel while the tunnel exists and even change the protocol on a randomized way without restarting
the tunnel or reconnecting to the tunnel. A simple proof of concept tool called 'phcct' (protocol hopping covert channel tool)
also known as 'takushi' (what is japanese for taxi) is available on my website http://www.doomed-reality.org. phcct implements
only one (the easiest) version of such a randomized protocol hopping covert channel.
This paper will also describe why this specially makes forensic analysis more difficult. Paper: http://www.wendzel.de/?sub=paper_phccHappy Hacking! Rodrigo Montoro(Sp0oKeR) Excelente ferramentas para aquisição de senhas de winNT,XP,2000 e 2003 . Folks, The foofus.net team is pleased to announce updates to both fgdump (2.0.0) and pwdump (1.7.1), which incorporate a number of new features, the most significant of which is that both tools now support 64-bit targets. We are also pleased to announce the creation of a mailing list for the purposes of tool support, bug reports, feature requests and new revision announcements. This mailing list currently covers fgdump, pwdump and medusa. Feel free to sign up at http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net. For all the details on the latest fgdump and pwdump releases, please visit their home pages: http://www.foofus.net/fizzgig/fgdump http://www.foofus.net/fizzgig/pwdump As always, please contact me with any bug reports or feature requests. --f Happy Hacking! Rodrigo Montoro (Sp0oKeR) Novo recurso no OSSEC muito interessante, especialmente caso aconteça alguma suspeita de invasão ou modifição não autorizada no host "Basically, it allows you to query and get information from any agent you have configured on your server and it also allows you to restart (run now) the syscheck/rootcheck scan on any agent." Mais info: http://www.ossec.net/dcid/?p=130Também não menos interessante "This is a feature that have been requested for a while and now is finally available. In the past, the only way to specify when rootcheck/syscheck was supposed to run was based on the frequency (every 10 hours or every 2 days, for example)." Mais info: http://www.ossec.net/dcid/?p=131Happy Hacking! Rodrigo Montoro (Sp0oKeR) É com muito prazer que lançamos o release número 1 do snort zine. Tentaremos manter um zine mensal ou bimestral (ainda estamos avaliando e aceitando sugestões) com conteúdo mais especificos. A versão 1.0 está básica, mas como diria o ditado chines, para uma grande caminhada é necessário o primeiro passo. Os temas do Zine 1.0 são: - Snort Drinking Game - Metodos de search do Engine de Detecção do snort - Overview Snort 3.0 Alpha - Sistemas de Detecção de Intrusos (IDS)
Mais info: http://snort.org.br/index.php?option=com_content&task=view&id=38&Itemid=43Happy Snorting! Rodrigo Montoro (Sp0oKeR) Como sempre o conteudo da insecure magazine tende a agregar =)! - Security policy considerations for virtual worlds
- US political elections and cybercrime
- Using packet analysis for network troubleshooting
- The effectiveness of industry certifications
- Is your data safe? Secure your web apps
- RSA Conference 2008 / Black Hat 2008 Europe
- Windows log forensics: did you cover your tracks?
- Traditional vs. non-tranditional database auditing
- Payment card data: know your defense options
- Security risks for mobile computing on public WLANs: hotspot registration
- Network event analysis with Net/FSE
- Producing secure software with security enhanced software development processes
- AND MORE!
Para download: http://www.net-security.org/dl/insecure/INSECURE-Mag-16.pdfHappy Hacking!! Rodrigo Montoro (Sp0oKeR) | Start: | Apr 26, '08 10:00a | | End: | Apr 26, '08 12:00p | | Location: | São Paulo |
Repetirei a palestra que ministrei em LEME em março no FLISOL de São Paulo no dia 26/04/2008 . "Utilização de Software Livre para Seguranca – Do Teste de invasão a ferramentas de Defesas" Resumo: Serão abordados conceitos de redes e segurança, fases de um teste de invasão (Coleta de Informações, Reconhecimento, Ganhando Acesso, Elevação de privilégios, Mantendo Acesso, Limpando os rastros) e formas de proteção abordando temas como Firewall , NIDS ( Sistema de detecção de intrusos em rede) , HIDS (sistema de detecção de intrusos em hosts) e HoneyPots . Mais info: http://www.flisol.org.br/index.php?option=com_content&task=view&id=15&Itemid=26Vejo vocês lá! Happy Hacking! Rodrigo Montoro (Sp0oKeR) Mais um FISL ( http://www.fisl.org.br ), e como sempre bem legal (e esse ano extremamente lotado 7417 participantes). Frequento o FISL desde 2003 e com certeza sempre aproveito bastante. Bem sincero palestra não é o que mais assisto, pra mim pelo menos os bate papos nos corredores, stand dos grupos e bares pós evento sempre rendem mais, logico que assisto palestas, mas algumas somente =). Esse ano ministrei uma palestra pro Snort-BR, com o assunto Snort como Intrusion Prevention System, que pode ser acessada em: http://snort.org.br/index.php?option=com_content&task=view&id=36&Itemid=43 Além de palestrar, também fui coordenador de mesa com muita honra do TSO (criador ext2,ext3 e em desenv ext4) numa palestra de Q&A sobre kernel. O TSO fala extremamente bem, ótimas respostae conhecimento dispensa comentários. O owasp-br representados pelo Leonardo ( http://www.leocavallari.com ) e Marcos Aurélio ( http://deigratia33.blogspot.com ) falaram sobre o capitulo nacional e o top10, palestra bem interessante , que teve ótimo publico. Além dessas palestras assisti algumas como do criador do VIM, do TSO mas de ext4, do Alberto sobre ISO 27001 entre outras. Que venha o FISL10 em 2009 . Mais info do FISL: http://www.fisl.org.br Happy Hacking! Rodrigo Montoro (Sp0oKeR) OBS: alguém na palestra do OWASP, quando entreguei o livro que sorteamos, disse que lia o blog e queria trocar umas ideias, mas infelizmente tive que sair correndo para coordenar a mesa na Palestra do Galvão sobre XSS . Desculpe mas não lembro o nome, lembro que era de goiania! =) Por favor fique a vontade para entrar em contato por mail, msn . (This blog entry was automatically generated by Multiply's Wish-list Cross-posting feature.) Below are items recently added to my Amazon wish-list. If you are familiar with anything below and have any comments or alternate suggestions, please leave a reply. Click here to see my full and current wish-list.
SRI International, an independent nonprofit research and development organization, today announced the launch of the Malware Threat Center ( http://mtc.sri.com), a website dedicated to fighting malware. SRI's Malware Threat Center posts daily updates of firewall filters, malware-related domain name system (DNS) names, antivirus statistics, intrusion detection system (IDS) signatures, and malware binary data to help network administrators understand current and emerging computer security threats and provide key network defense information that can be configured into security products to help network administrators fend off the latest malware threats. No site do snort-br ( http://snort.org.br/index.php?option=com_content&task=view&id=32&Itemid=32 ), também lancei algo, logicamente nem perto disso, para começar o projeto malwares-br.rules, que seria um projeto de assinaturas do snort para os malwares nacionais, visto que não temos assinaturas para isso. Mais info: http://www.marketwire.com/mw/release.do?id=842518Essa iniciativa com certeza tende a ajudar MUITO o mercado de AV, IPS,IDS e content filtering =)!! Happy Hacking! Rodrigo Montoro (Sp0oKeR) Estavando procurando algumas ferramentas de auditoria de MySQL e deparei com esse projeto opensource que parece ser bem interessante! =)!! Não cheguei a testar, mas com certeza é algo que agrega bastante a segurança. What is GreenSQL? GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works in a proxy mode and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license. How it works? The GreenSQL database firewall provides database protection using a number of methods: - Blocking administrative and sensitive SQL commands.
- Calculating risk of each query and blocking queries with high risk.
Site: http://www.greensql.net/Happy Hacking! Rodrigo Montoro (Sp0oKeR) No próximo dia 23 de abril (quarta-feira) o capítulo Brasil da ISSA realiza mais um ISSA Day, desta vez com patrocínio da Nokia e da Westcon. Contaremos com apresentação de Gabriel Lourenço sobre o conceito e dimensionamento de SOCs. Data: 23/04 das 19h às 22h Local: Intercontinental - Alameda Santos, 1123 19:00 - 19:15 - Welcome Coffee 19:15 - 19:30 - Abertura ISSA 19:30 - 20:00 - Palestra Westcon/Nokia 20:00 - 21:30 - Palestra "SOC - Conceito e Dimensionamento", Gabriel Lourenço 21:30 - 22:00 - Coquetel de confraternização Inscrições em: http://www.issabrasil.org/index.php?option=com_mosforms&Itemid=91 Palestra: "SOC - Conceito e Dimensionamento" Utilizando melhores praticas de mercado nesta palestra sao explorados os conceitos de Security Operations Center, Arquitetura Corporativa e Metricas de Seguranca demonstrando de que forma a implementacao de um SOC pode ser usada como valor agregado em qualquer empresa. Atraves de um Framework, todas as fases de operacao de um SOC sao mapeadas e servem como um guia de referencia para tracar o paralelo entre os resultados com foco no negocio da companhia e a tecnologia utilizada para manter sua estrutura de seguranca. Sobre o palestrante Gabriel Lourenço CCSA/NCSA/MCP/NCMA Trabalha há mais de 8 anos na área de TI como Consultor de Segurança.Dedicou parte de sua carreira especializando-se em Security Operation Centers desenvolvendo ambientes com ferramentas OpenSource, SOC Reference Model e metodologia de implementação baseada em melhores práticas de mercado.Já atuou em projetos de grande porte em instituições financeiras e atualmente é responsável pelo desenvolvimento de um Framework de SOC com aplicação voltada a Negócios e Métricas de Segurança pela empresa Y3 Tecnologia. Essa palestra eu com certeza não perco por nada! =) Lembrando que o ISSA Day é entrada Free, basta se cadastrar no site e aproveitar o repasse de conhecimento. Happy Hacking! Rodrigo Montoro(Sp0oKeR) Vi no blog taosecurity.blogspot.com um post sobre o openpacket.org e achei o mesmo BEM interessante. "Welcome to the new website. OpenPacket.org is a Web site whose mission is to provide a centralized repository of network traffic traces for researchers, analysts, and other members of the digital security community." Vale a pena a visita, baixar alguns pcap e se divertir =)) Site: http://www.openpacket.orgHappy Hacking! Rodrigo Montoro (Sp0oKeR) Não, não estou ficando louco, mas talvez comecaremos um projeto interessante sobre regras do snort na comunidade snort-br ( http://www.snort.org.br ) e preciso de todos os links possíveis para malwares para alguns testes e verificar possibilidades disso realmente acontecer. O que preciso: - .exe - .com - .scr - .cmd Com certeza outras extensões , especialmente e-mails (de phishing) do itaú , bradesco, receita , IRPF ,entre algumas dezenas de phishing (especialmente os nacionais) que rolam diariamente por ai. E todos phishing que receberem e puderem me encaminhar! Mande para spooker@gmail.com . Happy Hacking! Rodrigo Montoro (Sp0oKeR) Retirei esse post do blog meu amigo Andrew ( http://www.andrewhay.ca ) da q1labs ( http://www.q1labs.com ) o qual o Daniel Cid ( http://www.ossec.net) também trabalha e participa do "The Academy". The Academy ( http://www.theacademy.ca) officially launches its web site today providing instructional videos for the information security community. For the first time ever, the average user to the most seasoned industry expert will be able to watch instructional videos on how to install popular products, address common configuration issues, and troubleshoot difficult problems. The Academy is a user driven community and videos are created at the request of its members. Vendors can also leverage the site to showcase the features and capabilities of their products. The Academy is an ideal place to find and share knowledge with others practicing or interested in the information security field. Yours truly will be contributing as many log related videos as possible so that people understand how to properly make those crazy blinking boxes they have in their racks send logs. A idéia parece ser bem interessante, acessem e confiram =)! Happy Hacking! Rodrigo Montoro (Sp0oKeR)  | Deixe seu recado / Leave your message | |
| |
