Tempesta FW, a handfull firewall against DDoS attacks

Date: 21/09/2015

Open source tools for protection against DDoS (IPS), such as, Snort, are based on DPI, that is, they analyze the entire protocol stack. However, they cannot control the opening and closing of TCP connections, since they are too high in the network stack of Linux and represent neither server nor client side. This allows to bypass IPS data. Proxy servers are also involved in establishing the connection, but they cannot protect against major DDoS attacks, because they are relatively slow, as they work based on the same principle as the server. For them, it is desirable to use the equipment which, despite being not as good as the one for the back end, can withstand heavy loads.

Read full article →


Using synctool for server configuration management

Date: 24/08/2015

*nix systems are by default provided with remote management tools, while the method of storing and format of configuration files allows you to rapidly distribute the updated version of settings by simply copying them to the node. This scheme will be good enough for up to a certain number of systems. However, when there are several dozens of servers, they cannot be handled without a special tool. This is when it becomes interesting to have a look at configuration management systems that allow a programmable rather than manual configuration of servers. As a result, the systems can be configured quickly and with fewer errors while the administrator will get the comprehensive report. Also, a CM system knows how to keep track of all changes in the server while supporting the desired configuration.

Read full article →


How to find vulnerabilities in routers and what to do with it

Date: 18/08/2015

Often, the manufacturers of routers do not particularly care about the quality of their code. As a result, the vulnerabilities are not uncommon. Today, the routers are a priority target of network attacks that allows to steal money and data while bypassing local protection systems. How can you personally check the quality of firmware and adequacy of settings? You can do this by using free utilities, online test services and this article.

Read full article →


Hackbook #197. Set up Cisco as server, SOP bypass for Flash and others

Date: 04/08/2015

Task: Set up Cisco as server

Today we are going to cover the topic of Cisco-device (routers, switches) hacking, so to say, carrying on with the once started. Here I would like to amend the information which was presented in the previous issue. First, these devices have not two but three variants of user isolation: by password only, by login and password, or in “AAA” model (also by login and password). There seems to be no practical difference for a pen tester, but we’d still better rely on valid information.

Read full article →


Oracle DB vulnerabilities: the missing pentester handbook

Date: 29/07/2015

Outer Perimeter: The Listener is under Attack

Those who ever came across this database know that Oracle DB interacts with its external environment by using a listener, which is a kind of balancer. The listener listens to port 1521 and resolves incoming connections depending on the requested database. One listener allows you to serve different databases. Also, in some cases, it allows to launch DoS and RCE attacks against the server. The audit of an Oracle database usually begins with attacks against the listener service. A priority task that you need to resolve in order to connect to the listener is to get SID, a kind of unique database identifier. Without it, the listener will not communicate with you. Sh2kerr once wrote an excellent research paper on this subject (Different ways to guess Oracle database SID).

Read full article →


Dive into exceptions: caution, this may be hard

Date: 15/07/2015

__try

Suppose that you are facing a practical task that requires a full implementation of exception handling in a code embedded in someone else’s process, or you are creating your next PE packer/cryptor to ensure the functionality of exceptions in an unpacked image. In any case, it all comes down to the fact that the code using the exceptions is executed outside the image projected by the system boot loader, which will be the main cause of your problems.

Read full article →


Full kit of a Security Officer for $100

Date: 09/06/2015

Our goal is to collect a kind of carry-on criminalistic handbag that would be available to general public as long as be compact, obtainable and legal.

So, all the gadgets in out kit are supposed to correspond to further parameters:

  • Legality
    Which means an absolute legitimacy in terms of purchase, transportation, and storage of gadgets. The usage stands slightly isolated, because, for example, we can use certain devices absolutely legally anywhere, while the usage of some other ones in terms of special institutions, or against certain individuals, and moreover, for personal purposes could end up with administrative or criminal responsibility.
  • Cheapness
    Quite important parameter. As a rule, we can get anything, it is always just the matter of price. Well, the devices that we are going to review in the article have quite moderate price range available for most people.
  • Accessibility
    Anyone could find all the components with little effort, which is to say except those that are designed for certain certified organisations, legal persons, furthermore, except those gadgets and devices that could be distributed only on designated area.
  • Easy handling
    In my opinion, this is one of the most important parameters. That means that anyone could use a gadgets after briefing.
  • Portability
    Here, everything is obvious: small size, light weight in order to ergonomic placement in our criminalistic handbag or organizer, as long as workability.
  • Portability
    That means the gadget could work off-line or urges for minimum requirements and little dependence on other devices. For example it could work on different software, in case if it is supposed to be connected to a computer or smartphone.

Read full article →