Skip to main content

Posts

Showing posts from September, 2010

.NET Security Issues - Crypto Attack PoC

There has been some news regarding the latest .NET attack, which exposes some of the oracle padding issues related to some of the tokens used by .NET applications.  Some people have been downplaying the issues saying that these are only theoretical attacks, now researchers have posted a very practical demonstration of the attack on dotnetnuke.  Enjoy!

Adobe 0-day Weaponization

So, it used to take at least some time before published 0-day vulnerabilities were weaponized into malicious trojans and other exploit code.  Now it appears that they time to develop exploit modules is extremely limited, and possibly in some cases prepared before public release. As referenced in the slashdot story an Adobe spokesman described that the situation could change with the availability of the public samples and exploit code.  I think these types of advisories should be changed to "..the situation has changed, exploit code certainly already exists and has been used privately for some time.."

Network Analysis - Threat Detection Service

As part of a partnership locally with Metafore  we are pleased to be able to provide a new threat detection service.  This service samples your egress network traffic looking for patterns which may indicate that malicious software is operating and abusing your computing environment. Our team provides the deployed equipment with minimal requirements from you (span port on egress network switch/tap), and two weeks later we will provide you with a report summarizing what was found and our recommendations regarding controls needed to effectively manage these types of real threats.   We have yet to put this tool in an environment which it was not able to find some form of malicious traffic, really!  Here is a sample of the executive report that is produced.  If you are interested in this service please just drop me an email.