Monday, 24 March 2014

Booby-trapped documents in Rich Text Format are being used for targeted attacks


There are booby-trapped documents being circulated in the Rich Text Format (RTF) that exploit a vulnerability in the 2010 version of Microsoft Word [CVE-2014-1761]. 

Microsoft Advisory published on Monday 24/Mar/2014 (2953095) [2] warns about the Vulnerability in Microsoft Word which could allow Remote Code Execution. A Temporary fix is available by Microsoft [3].

[1] ​http://arstechnica.com/security/2014/03/zero-day-vulnerability-in-microsoft-word-under-active-attack/

[2] http://technet.microsoft.com/en-us/security/advisory/2953095

[3] https://support.microsoft.com/kb/2953095

Sunday, 23 March 2014

SANS Investigate Forensic Toolkit (SIFT) Workstation Version 3.0

SANS SIFT 3.0 Virtual Machine Released [1]

Developed and continually updated by an international team of forensic experts, the SIFT is a group of free open-source forensic tools designed to perform detailed digital forensic examinations in a variety of settings. With over 100,000 downloads to date, the SIFT continues to be the most popular open-source forensic offering next to commercial source solutions.

[1] http://digital-forensics.sans.org/blog/2014/03/23/sans-sift-3-0-virtual-machine-released

Friday, 28 February 2014

Guest Speaker for Derby University (Digital Forensic Investigation Course)

I had the pleasure to be invited as a guest speaker to Derby University in order to give a talk about Penetration Testing in the real world and more specifically for the Digital Forensic Investigation course.

The talk included an introduction to the Payment Card Industry (PCI),  Payment Card Industry Data Security Standard (PCI DSS) and the Payment Card Industry Security Standards Council (PCI SSC). The participant had an opportunity to understand what is an Approved Scanning Vendor (ASV), a Qualified Security Assessor (QSA) and last but not least a PCI Forensics Investigator (PFI).

The students were introduced to penetration testing types, practices, methodologies, real stories from the industry, tools, and techniques. Black Box testing versus White Box testing was explained, the significance of white-listing was discussed and comparison of ASV, Vulnerability Assessment and Penetration Testing was given.

The second part of the talk focused on malware and included a more practical approach with a hands-on session. The talk focused on how easy could it be to create malware that is capable of evading AntiVirus detection (including reputation based detection). The students were given an executable file and a hex editor which allowed them to modify the given binary. Social engineering and spear phishing were also discussed. The purpose was to raise their awareness and allow them to understand with examples why we say there is no 100% security.

I had a wonderful day at the University, the students were very excited and I do hope they learned a lot. All the best with their course. The industry needs these knowledgeable future professionals. 

Saturday, 22 February 2014

Apple's SSL/TLS Bug


Yesterday, Apple pushed a rather spooky security update [1] for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details​. 

A very quick test site for testing if you are vulnerable to this bug (use Safari browser) can be found here: https://www.imperialviolet.org:1266 

Note the port number (which is the CVE number), the normal site is running on port 443 and that is expected to work. On port 1266 the server is sending the same certificates but signing with a completely different key. If you can load an HTTPS site on port 1266 then you have this bug.

[1] http://support.apple.com/kb/HT6147

Friday, 14 February 2014

Kali Linux Virtual Box Resolution

There are several ways people are suggesting for adjusting Kali Linux [1] resolution in Virtual Box. First of all, make sure you have the latest Virtual Box [2] along with the latest Extension Pack. 


Lets assume that you downloaded a VM image of Kali Linux from the aforementioned URL. I suggest you make sure your Kali Linux is up-to-date. To update your system, bring up the terminal and run the following command in order to fetch all the new updates: 
apt-get update

Then, run this command to upgrade your system: 
apt-get upgrade


It is not necessary to restart  your system at this state, but for those of you who might want to do this, just type in the terminal: reboot