Potentially very useful – check this.
Windows Firewall Script To Block IP Addresses And Country Network Ranges
January 30th, 2012OpenVPN Modified for Dutch Government Use
January 2nd, 2012OpenVPN-NL is a specially crafted version of OpenVPN for use by the Dutch government. OpenVPN is Open Source software that allows computers or networks to be connected in a secure way. OpenVPN-NL was built according to the guidelines set by the Dutch government’s national communications security agency (NBV, also known as the NLNCSA).
Very interesting that a governmental organisation chooses to build a VPN solution using several open source projects (for a lot of good reasons including removing old code and making OpenVPN more foolproof):
Fox-IT chose version 2.1.4 of OpenVPN as its basis. Components were removed which could influence the security level negatively. Where necessary other components were modified, improved and documented. This modified version of OpenVPN is called OpenVPN-NL. PolarSSL was chosen as the encryption package given its modest size and modular construction. This also made it easier to evaluate.
And, in best open source style, they have given back their improvements:
Things work both ways. The modifications made by Fox-IT and the documentation have been given back to the Open-VPN community. This enables everyone to benefit from a more secure product. This is in line with the GNU General Public License (GPL) of OpenVPN. The project involved 4,000 lines of documentation and adding 8,000 lines to the source code.
The current release of OpenVPN-NL is based on:
- OpenVPN 2.1.4
- PolarSSL 0.14.3
- PKCS11-helper 1.09
- LibLZO v2.05
So there you have it: a real open source success story. Take what you can use, modify the source code to fit your needs and give back.
You can read more about the project here.
Useful free third-party Java libraries
December 28th, 2011Testing egress firewall rules
December 27th, 2011When validating or testing egress firewall rules it would sometimes be handy to have a server on the “other” side of the firewall listening on all ports. Doing this by simply spawning nc is not going to work.
So I was looking into implementing this using Honeyd – but realized there had to be a simpler way of doing this. So I started looking at IPtables.
And voila:
# iptables -A INPUT -i eth1 -d 1.2.3.4 -p tcp --dport 0:65535 -j ACCEPT # iptables -A FORWARD -i eth1 -d 1.2.3.4 -p tcp --dport 0:65535 -j ACCEPT # iptables -A PREROUTING -t nat -p udp -d 1.2.3.4 --dport 0:65535 -j REDIRECT --to-port 4444
Update: This technique has also be suggested elsewhere.
Practice pentesting in a controlled environment
December 27th, 2011Luckily there are some OK ways to practice pentesting in a controlled environment most of them using virtual machines:
- https://community.rapid7.com/community/infosec/blog/2011/12/23/where-can-i-find-vulnerable-machines-for-my-penetration-testing-lab
- http://lwn.net/Articles/437221/
I have, however, experienced performance issues when running some of the systems as virtual machines (most notable the De-ICE systems).
Update 1: Also, if you’re looking for old versions of opensource software, take a look at the archives on http://ftp.heanet.ie/mirrors/ — it’s a treasure trove of out-of-date software, all ready to be exploited for fun and practice.
Update 2: This guy also links to a number of other vulnerable web apps; see here.
Google Code University
April 12th, 2010Google has put a lot of good stuff up here. In particular they seem to have some nice introductory materials about e.g. web security and Python.
Testing Flash applications
April 8th, 2010With the increasing use of (advanced) Flash applications comes, of course, an increasing number of security issues related to Adobe’s Flash technology. One challenge facing the tester is: how do I test these applications, and, in particular, the binary client-server protocol AMF.
The last time I looked (almost 2 years ago) there were no good testing tools – so I had to write one myself. The good news is that there now seems to be many interesting testing tools. Some are free (basic versions) and some are not. The following tools are the most interesting I found and they also cover a wide range of different purposes and options (ranging from stress testing to pentesting).
Client side (SWF) testing:
Server side (AMF Remoting) testing:
Happy testing.
New tools on the block
March 18th, 2010Recently a number of new or updated goodies have been released:
- xtractr for doing network forensics.
- Nmap v5.21 with better and faster service detection and more.
- sqlmap v0.8 with support to enumerate and dump all databases’ tables and lots of other stuff.
flint is firewall checkup
March 18th, 2010Matasano just launched a new and free firewall audit tool called “flint”. Give it a try.
First Prosecution Based on Memory Forensics
March 10th, 2010Very interesting, it would seem the industry is maturing:
In 2003 Mr. Rajib K. Mitra was arrested on charges of interfering with police radio transmissions in Madison, Wisconsin. His computers were seized and examined. Unfortunately much of the data could not be read as it was encrypted. The forensic examiner in the case, Detective Cindy Murphy, was able to view file names on the system, but not the content. The drive was sent to the FBI for assistance, but the tools and techniques available at the time were insufficient. While the file names were indicative of child pornography, without the content there was no basis for a child pornography charge.
…
Meanwhile, in the summer of 2009, Detective Murphy attended the Wisconsin Association of Computer Crime Investigators Conference and saw a presentation on volatile memory forensics by Detective Rick McQuowen of the Milwaukee Police Department. Working with Detective McQuowen, they found Mitra’s encryption keys and decrypted Mitra’s hard drive.
Read the rest here http://jessekornblum.livejournal.com/259124.html.