Articles in security

  1. Hydra Brute Force Utility - Hydra is a powerful, multi-protocol brute force attack tool. Brute force attacks involve guessing authentication credentials in an attempt to gain access to a system. Brute force is, over time, the most successful way to break simple authentication.
  2. Monitoring Drupal with OSSEC - It is possible to monitor your Drupal site using OSSEC, the open source host based intrusion detection system, by implementing a custom decoder and a few simple rules.
  3. About Me -
  4. Drupal Panels 6.x-3.3 Module XSS - Drupal Panels module 6.x-3.3 cross site scripting vulnerability.
  5. Auditing Drupal Modules for XSRF Vulnerabilities - Cross site request forgery (CSRF (pronounced sea-surf) or XSRF) is a trust exploitation that shares many similarities with cross site scripting (XSS).
  6. Using Drupal XML-RPC to Bypass Authentication Failure Detection - Drupal provides robust, and largely ignored, XML remote procedure call (RPC) functionality. This functionality is available through the xmlrpc.php file that is available at the Drupal root in any installation. Any module can provide a hook into the XMLR
  7. Auditing Drupal Modules for XSS Vulnerabilities - Finding cross site scripting vulnerabilities in Drupal modules.
  8. Drupal 6 Profile (core) Module XSS Vulnerability - Drupal 6 contains a cross site scripting (XSS) vulnerability in the Profile module.
  9. Securing Drupal User Accounts - Securing a default Drupal installation takes some work and forethought. Drupal's native functionality creates a number of vulnerabilities that can only be mitigated through careful configuration.
  10. Thinking Security - Given that all software contains bugs, and that we cannot certify software as safe with any measure of certainty, what is the information security community to do?
  11. Brute Forcing Drupal - Brute forcing account credentials for Drupal 5 and 6 sites including a sample script.
  12. Monitoring Drupal for Insecure Settings - The Drupal content management system (CMS) is a wonderful for maintaining multiple, user driven and owned websites. From a security context, however, Drupal can present a challenge.
  13. Writing OSSEC Custom Rules and Decoders - By default OSSEC monitors many of the programs commonly installed on a machine, but it's real power comes from the ability of system administrators to customize OSSEC.
  14. Security Researchers in the Open Source Ecosystem - Although it may be a hassle for developers to deal with researchers it is critical to the success of open source projects.
  15. Google Safe Browsing API - Google has put together a really cool API that allows developers to query their database of suspected malware and phishing sites.
  16. Using the Google Safe Browsing API from PHP - Google's new Safe Browsing API is a neat service that allows you to poll the MD5 hashes of known malware and phishing sites.
  17. Software Security and Testing - In fact, the field of security could learn quite a bit from software testing methods and philosophy.
  18. Bypassing PHP PathInfo - In many cases developers will use this information as authoritative, relying in pathinfo() to report accurately. Pathinfo's parsing can be easily bypassed by using the age old trick of appending extra dots and extensions to the filename.
  19. Using SQLMap for Automated Vulnerability Assessment - Vulnerability assessors and code auditors are often faced with situations where a large volume of code needs to be audited quickly to enable a deployment.
  20. User Insecurity and Open Source Projects - Who should be responsible for protecting users from themselves? Should the Drupal core code base prevent such situations from even being possible? It's arguable that they should.
  21. LAMP Security Through Virtualization - Splitting up the various layers of the LAMP stack to provide more insulation and defense in depth.
  22. Drupal Content Access Module XSS Fun - Asking me about computer security and privacy is probably a lot like asking a law enforcement agent about home security - you're going to get an answer colored by experience.
  23. Using and Extending Kojoney SSH Honeypot - Kojoney (http://kojoney.sourceforge.net/) is a wonderful low interaction SSH honeypot written in Python.
  24. Defending Web Applications with PHPIDS - PHPIDS is a very intriguing project that mimics the functionality of much more involved intrusion detection systems.
  25. SEI Advanced Incident Handling - Day 5 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
  26. SEI Advanced Incident Handling - Day 4 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
  27. SEI Advanced Incident Handling - Day 3 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
  28. Full Disclosure Policy - It has occurred to me, though my latest spate with the Drupal security team, that I need to clearly define my beliefs in full-disclosure so that there can be no misunderstanding as to my motivations.
  29. SEI Advanced Incident Handling - Day 2 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
  30. SEI Advanced Incident Handling - Day 1 - The Software Engineering Institute, part of Carnegie Mellon University, and the organization that comprises CERT, offers an Advanced Incident Handling (AIH) course that I am currently attending.
  31. Dangers of Drupal Cron - The Drupal default installation and configuration presents several security challenges and potential vulnerabilities with scheduling cron.
  32. Drupal 6 CCK Module Allows Arbitrary PHP Injection - Attacking and defending the Drupal 6 PHP input type through CCK.
  33. Envisioning Perspective - In order to properly assess the security posture of any organization it is essential to first make sure you can accurately gauge the landscape.
  34. Educause Security 2009 - It's interesting to see a security conference so heavily focused on privacy, but identity theft is the intersection of privacy and security.
  35. Review of Chained Exploits by Whitaker, Evans and Voth - Academic fields are severely limited by the vocabulary available to discuss issues and the "chained exploit" is sure to become a mainstay in the discourse of information security.
  36. Hardening PHP from php.ini - PHP's default configuration file, php.ini contains a host of functionality that can be used to help secure your web applications.
  37. Writing Safer Database Queries from PHP - Both PHP and MySQL include many features that developers can use to create safer web applications.
  38. OSSEC Version 2.0 Released - OSSEC is a wonderful open source host based intrusion detection tool that can greatly enhance your server security.
  39. Drupal Security Team Ignores Multiple XSS Vulnerabilities - The Drupal security team's rather disappointing advice to rectify this situation was not to fix the vulnerabilities in the module code in question, but rather to limit the scope of users granted 'administer content types' privileges.
  40. Post Compromise Shell Shoveling - Shoveling a shell is a process whereby an attacker can gain interactive access to a compromised host.
  41. Building an MD5 Rainbow Table - A short perl program that creates a MySQL database of MD5 values, or a rainbow table.
  42. Hardening PHP with Suhosin - Suhosin is an extremely valuable addition to any PHP installation, allowing robust security and easy configuration.
  43. Interrogating DNS - DNS (Domain Name System) is an important component of any reconnaissance or discovery phase of an attack on internet systems.
  44. GPG Key - justin@madirish.net GPG key
  45. Protecting Your LAMP Site with a Robots.txt Honeypot - Knowing that malicious attackers might look into your robots.txt file and explore the listings there allows you to employ a few defensive techniques.
  46. Creating a Robots.txt Honeypot - Creating a robots.txt to detect and trap web site attackers.
  47. Web Application Security - In the latest Silver Bullet podcast Gary McGraw makes mention of the fact that he feels that web application security is attracting too much attention these days
  48. Developing Security with Metrics - It is a professional hazard in security to become stuck in a reactive stance, always running to put out the latest fire.
  49. Pen Tests are Bullshit - Recently I've spotted an increasingly tractable argument against pen testing emerging in the computer security industry.
  50. InfoSec Institute Ethical Hacking Day 4 & 5 - I've just finished InfoSec Institute's Ethical Hacking class (http://www.infosecinstitute.com/courses/ethical_hacking_training.html). The last two days were so hectic that I didn't even get a chance to blog about them as I would have liked.
  51. InfoSec Institute Ethical Hacking Day 3 - Day three of ethical hacking didn't end until about 7 PM and with the CPT exam scheduled for the end of day four I didn't get a chance to blog.
  52. InfoSec Institute Ethical Hacking Day 2 - I've just finished the second day of InfoSec Institute's Ethical Hacking class (http://www.infosecinstitute.com/courses/ethical_hacking_training.html)
  53. InfoSec Institute Ethical Hacking Day 1 - I've just finished the first day of InfoSec Institute's Ethical Hacking class (http://www.infosecinstitute.com/courses/ethical_hacking_training.html).
  54. Responsible Disclosure? - To insist that security professionals always follow doesn't help anyone, it rewards vendor bad behavior and hurts other customers.
  55. The Economy and Information Security - The internet security blog Security Aegis has just published an article, distilled out of interviews with some industry professionals, concerning the state of information security and the economy.
  56. PHP Malware C99 Shell - The c99 shell is a somewhat notorious piece of PHP malware.
  57. Brute Forcing PHP MD5 Hashed Passwords - Recovering the plain text of an MD5 can be accomplished with a brute force attack with surprising ease.
  58. Exploring JPEG Metadata -
  59. Using Paros for Web Application Auditing and Debugging - Paros is a wonderful free Java based tool that is invaluable for web application auditing, testing, and debugging.
  60. Full Disclosure - There has been a lot of debate over the years about full disclosure.
  61. Undeniable Deniable Filesystems - In a new paper published on Bruce Schneier's website (http://www.schneier.com/paper-truecrypt-dfs.pdf), researchers examine deniable file systems (DFS).
  62. Samurai Web Testing Framework - he Samurai Web Testing Framework is a bootable Linux CD that contains numerous tools specifically designed for web application penetration testing and vulnerability assessment.
  63. OSSEC HIDS 1.6 Released - On September 1, OSSEC announced the release of the latest version of the OSSEC-HIDS tool (version 1.6).
  64. Captcha Cracking - Network Security Research (http://network-security-research.blogspot.com/) has published a new paper that details some of the ways CAPTCHA can be defeated
  65. Is Security Certification Worth it? - At some point in every security professionals career they look at certification and begin to weigh their value.
  66. OWASP Releases DirBuster 0.11.1 - Two days ago OWASP announced the release of a new version of their DirBuster tool. DirBuster is a Java based web application scanner.
  67. German CERT Warns of New Phalanx Linux Rootkit - The CERT for Germany`s National Research and Education Network (DFN-CERT – Deutsches Forschungsnetz) is warning of a new spate of attacks.
  68. Writing Windows Buffer Overflows - Writing a buffer overflow attack against a Windows program present several challenges.
  69. The IACRB and CEPT Certification -
  70. Password Protection - Single factor authentication (passwords) is the most common authentication method in use for computer access.
  71. Tips for Securing Drupal - Some tips for securing your Drupal installation.
  72. Installing Nikto on Windows - Nikto is a fast, extensible, free open source web scanner written in Perl.
  73. MrNeti Tries to Enter the House - Code for a remote file inclusion vulnerability I found on a third party site host.
  74. CEPT Practical - The Certified Ethical Penetration Tester (CEPT) certification is sponsored by the IACRB (Information Assurance Certification Review Board).
  75. DNS Debacle - Most people are probably blissfully unaware, but security researcher Dan Kaminsky discovered a very serious flaw in DNS.
  76. Security Researcher Toolkit - When you start working in computer security, as with many computer related fields, you'll find that there are a lot of expensive tools out there to assist in your work.
  77. The New School of Information Security - The New School of Information Security is one of the most timely and radical books on computer and information security that I've ever read.
  78. Developing Drupal Module Exploits - While the Drupal security team does a great job of making sure the core modules distributed with Drupal are secure, there are a host of third party contributed modules that often contain security problems.
  79. About Identity Theft - Identity theft is a common topic in the media and in reality these days.
  80. Question: When would you use 'sign' over 'encrypt'? - Encrypting a message provides confidentiality, signing provides assurance.
  81. Get with the New School - The most important book on computer security in the market today, The New School of Information Security by Adam Shostack and Andrew Stewart.
  82. What is Fast Flux Hosting? - Fast flux hosting, commonly utilized amongst malware bot herds and spammers, is a method used to hide servers.
  83. MediaDefender DDOS of Revision3 - There's a very interesting write up of the recent denial of service attack against Revision3 on the company's blog.
  84. 4 Simple Tips for Securing OpenSSH - Securing an SSH server is a simple process that many administrators overlook.
  85. Lets Go Phishing - PhishTank (http://www.phishtank.com/) is a service that allows you to submit suspected phishing sites and tracks their status. With an open API, PhishTank even lets you write tools to query their data.
  86. OSSEC Intrustion Detection System - OSSEC is an open source host based intrusion detection system (IDS). An IDS is one of the most important tools available to a security administrator.
  87. USB Malware - Remember the good old days when you traded C-64 games with your friends by carrying your floppy drive over to his or her house to copy disks? Back in those days very few people had the two drives you needed to copy a disk so the entire process was a bit
  88. The New Threats in Computer Security - One of the trends that seemed to come up over and over again was the changing landscape of computer security. There seems to have been two major sea changes in information security over the last couple of years.
  89. Here's a Vexing Question - There have been many studies on why phishing attacks are such a problem.
  90. Introduction to Incident Response - The purpose of this tutorial is to provide a basic introduction to incident response.
  91. Web Hacking Lesson 6 - Arbitrary Code Execution Vulnerabilities - Arbitrary code execution vulnerabilities are the most damaging sorts of vulnerabilities to find in web applications.
  92. Web Hacking Lesson 5 - File Upload Vulnerabilities - File upload vulnerabilities (and local file disclosure vulnerabilities) are some of the most devastating vulnerabilities in PHP applications.
  93. Web Hacking Lesson 4 - File Include Vulnerabilities - PHP file include vulnerabilities are some of the most destructive that an attacker can exploit.
  94. Web Hacking Lesson 2 - SQL Injection - SQL injection attacks bear many of the same fundamental hallmarks as XSS attacks.
  95. Web Hacking Lesson 1 - This is the first in a series of training articles that goes hand in hand with a test site that should be downloaded and installed by the reader.
  96. Web Hacking Lesson 3 - Brute Force - Brute forcing a web application is a method to bypass traditional authentication checks.
  97. Now is the Time to Update Your Firmware - It's time to update your home router. How do I know this? Because the nature of such devices is that most users plug them in and forget them.
  98. Social Engineering via Social Networking - y providing details to a networking site you could be making a social engineering attack much easier to pull off.
  99. Setting Up Public Key Access using PuTTY - Because the public key means there is no password challenge response, scripts can log in and out of remote hosts without human interaction.
  100. GPG for Encryption and Digital Signing - GPG, the GNU version of PGP, is available for pretty much any platform.
  101. Using Netcat to Transfer Files (and Other Mischief) - Netcat is an oft maligned program that can easily be used for many interesting and useful purposes.
  102. SSHatter SSH Brute Forcer - SSHatter is a simple SSH brute forcer written in Perl.
  103. On Multiple Single Factor Authentication - Two factor authentication is fast becoming an industry standard for high value applications.
  104. botHunter Released - botHunter looks for patterns in dialogues between computers in search of well known sequences that indicate bot activity.
  105. Investigating Rogue Ports - Discovering what processes are bound to open ports.
  106. botHunter Released -
  107. Asshole Hackers - In any case, these assholes are basically trying to break into my server by exploiting a vulnerability I'm responsible for fixing.
  108. Latest Virus Making the Rounds - In case "You've received an ecard from a family member" recently you should be aware that this is a fairly insidious piece of virus/malware now making the rounds.
  109. MadIrish Webmail PHP Remote File Inclusion Vulnerability - My oldest open source project, MadIrish Webmail (also at http://webmail.madirish.net), suffered from a PHP remote file inclusion vulnerability.
  110. Generating a key pair for automatic SSH Public Key Authentication -
  111. Cross Site Request Forgery - A short discussion of cross site request forgery (XSRF) attacks and some simple preventative measures.
  112. TCP/IP, Ports and Network Connections* - Understanding the TCP/IP handshake, including sequencing negotiation, how to view and discover available ports on local and remote machines and how to monitor local TCP/IP connections.
  113. Firewalls, Filters and NAT - In the arsenal of defensive tools available for network administrators, firewalls probably occupy the most prominent, and vital position.
  114. Writing Buffer Overflows - A brief tutorial on buffer overflow vulnerabilities and developing exploits.
  115. Wireless Hacking with Kismet - The proliferation of wireless networks is sometimes scary when you consider how insecure most wireless configurations are.
  116. Open Source USB Key Encryption Techniques - A sort guide to using open source encryption technolgoy to secure removable media.
  117. Hack by Numbers - An examination of the how-to steps taken by many system crackers.
  118. Happy Hacking via Wireless - Abusing unsecured wireless connections for fun and profit, including advice for protecting your own wireless connections.
  119. Effective File Removal - Removing a file from your computer is not as simple as just moving it to the 'Recycle Bin', read up on why and how to actually delete material from your hard drive.
  120. Connecting To a Remote MySQL Server Securely Using SSH Port Forwarding - Brief instructions on how to set up local port forwarding to allow for a secure MySQL connection.
  121. Hardening Your Windows 2000 Server - A list of simple steps you can take to significantly increase the level of security on a default installation of Windows 2000.
  122. Computer Security Class - Notes 2 - The notes from the second session of the 'Computer Security' class I taught
  123. Computer Security Class - Notes 1 - The notes from the first session of the 'Computer Security' class I taught.
  124. Glossary of Computer Security Terminology - A list of computer security terminology to get you started.
  125. Suggested Material for Computer Security Class - These are my suggestions for reading for Computer Security class students.
  126. Holy Klez Batman! - A short advisory and examination of the Klez virus including links to cleaning tools and futher information.
  127. Typical Computer Users Security Guide - Simple guide to security for home users. Covers easy steps you can take to protect your home system.
  128. Cold Fusion Server Security - Cold Fusion server security. Includes a discussion of accessing the CFIDE administrator function on Cold Fusion servers and RDS security.
  129. Editorial Response to Microsoft Proposed Non-Disclosure of Vulnerabilities - A brief editorial about the downfalls of ending vulnerability disclosure as outlined by Microsoft.
  130. Madirish Tutorial 02 - A quick look at TCP/IP, ports, and what goes on across the internet.
  131. Madirish Tutorial 08 - Finding a target and seeing what is available on target systems (target enumeration).
  132. Madirish Tutorial 09 - Finding and exploring Windows shares by hand.
  133. Madirish Tutorial 01 - Getting started as a hacker, what system to choose and why.
  134. Madirish Tutorial 10 - Automating hacking tools, making a program to do what we did by hand in Tutorial 9. Includes the code for madirish.bat.
  135. Proliferation of the Internet -
  136. Target Ennumeration on a *nix - Finding open ports on a remote Unix or Linux machine.
  137. Overview of Computer Security Part I - A rather long white paper on all sorts of aspects of computer security. Developed for a training program on computer security.
  138. Overview of Computer Security Part II - Part two of a rather long overview of computer security.
  139. IIS Unicode Directory Traversal Exploit Explained - The Code Red worm exploit demystified, includes screen shots and instructions.
  140. Madirish Tutorial 11 (Brute Forcing) - Breaking in - using a brute forcer to find a username and password for the target system
  141. Anatomy of Web Bugs - This article covers how web bugs work and how to use them.
  142. Hacking Windows shares from Linux with Samba - Instructions on accessing unprotected Netbios shares on a Windows machine from Linux.

Top Articles

  1. Installing Nikto on Windows
  2. SSHatter SSH Brute Forcer
  3. PHP Arbitrary File Include
  4. Hardening PHP from php.ini
  5. Web Hacking Lesson 4 - File Include Vulnerabilities
  6. Madirish Tutorial 11 (Brute Forcing)
  7. Using the Google Safe Browsing API from PHP
  8. Beginners Guide to PHP
  9. JavaScript Single/Double Quote Killer
  10. Using Soundex with MySQL

Tags

advisory, apache, authentication, brute force, c, certification, cms, computers, database, development, disclosure, drupal, editorial, email, encryption, exploit, feature, firewall, hardening, hardware, honeypot, how-to, incident response, intrusion detection, java, javascript, linux, malware, microsoft, mysql, networking, open source, oracle, ossec, perl, phishing, php, privacy, review, rootkits, security, social engineering, sql injection, ssh, tools, virtualization, virus, vulnerability, website, wireless, xml, xsrf, xss

Blog Articles

Advisories