Suggested Blog Reading – Tuesday August 14th, 2007

Vacation….over 🙂

I was able to get away from the office for an entire week. No phone, internet, computers, email…it was glorious! I highly recommend it as a way to recharge your batteries if you’re feeling a little worn out.

And now back to our regularly scheduled programming:

There were a bunch of SANS Information Security Reading Room papers posted while I was away including:

Two kickass Web security papers recently published – A couple of papers for you to check out.

The first out of the Stanford security lab, Protecting Browsers from DNS Rebinding Attacks by Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh.
The second paper is from Sensepost, It’s all about the timing…, by Haroon Meer and Marco Slaviero.

So Easy even I could do it – Find it hard to wrap your head around XSS attacks in a real world environment? Thanks to Martin McKeay for pointing this podcast out and to Dan Kuykendall for setting this up.

A friend of mine, Dan Kuykendall, recorded a podcast that will walk you through your own attempt at a SQL injection attack. He’s even got a server set up for you to hack, though it’s a bit deceiving in that he’s got a lot of security built into the back end to keep you from getting too evil on the site. Take an hour or so to walk through it and see how easy it is for yourself. And you’ll be wondering why this isn’t happening more often too.

Why virtual honeypots are sweet – Good interview. I’d really like the opportunity to review the Virtual Honeypots book 😉

In an interview with Network World Senior Editor Ellen Messmer, Provos (a senior staff engineer at Google who’s credited with developing the open-source honeypot Honeyd) and Holz (founder of the German Honeynet Project and graduate student at the University of Mannheim’s Laboratory for Dependable Distributed Systems) discuss the latest in tools for building virtual honeypots.

What is Server-side Polymorphism? – Very good post on polymorphism.

server-side polymorphism is a type of polymorphism where the polymorphic engine (the transformation function responsible for producing the malware’s many forms) doesn’t reside within the malware itself…
just as conventional polymorphism was constrained to housing the polymorphic engine within the virus its meant to operate on (because the code doing the copying has to have access to the transformation function), server-side polymorphism requires the polymorphic engine to be part of the system (generally a website) that serves (hands out) copies of the non-replicative malware it’s used on instead of being in the malware itself…

A Parser to Transform Vista Event Log Files into Plain Text – Hey that’s kind of cool. Good work!

I am pleased to announce the release of my parser framework for Vista event log files. It mainly consists of a set of Perl modules that implement the data structures which are known to me at this time. The archive also contains two sample programs that transform the native, binary event log file into textual XML. This release accompanies my talk at the DFRWS 2007 in Pittsburgh.

A few eye bleeders were released as well:

mssql-hax0r v0.9 – Multi-purpose MS-SQL injection script – Another tool to add to your belt.

mssql-hax0r v0.9 is a Multi-purpose MS-SQL injection attack tool for advanced Microsoft SQL Server exploitation. Three modes of operation are currently available: info (Information Gathering), dump (Record Dump), and brute (Brute Force).
You may need to tweak the code a bit to make it fit your needs (i.e. modifying the injection string and/or the language used by the RDBMS).

Free PCI Compliance Book Chapter: On Logging! – Look for my review of this book sometime this week. Very good chapter.

Wow! Syngress/Elsevier has released one chapter from our “PCI Compliance” book: and it is my chapter on logs in PCI! Enjoy!