March’s Patch Tuesday

Today is patch Tuesday for March 2010, and Microsoft has released two security bulletins for this round of updates, neither of which are deemed critical. The second bulletin addresses seven different vulnerabilities across various versions of Microsoft Office Excel.

Press F1 for Help, pwned.

Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 [...]

First Patch Tuesday of 2010

We begin a new year and arrive at the first patch Tuesday of the decade. The news and spread of malware related to Adobe Reader continues to gain momentum and the information security community believes that this year will produce more exploits using Reader. I will include both the Microsoft and Adobe updates in these [...]

Regular or Decaf? Tool launched to combat COFEE

About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily capturing volatile data from personal computers during evidence collection. A tool to counter COFEE, aptly [...]

Six Bulletins in Last Patch Tuesday of 2009

Today marks the last Microsoft patch Tuesday of 2009, and Microsoft has released patches to six bulletins:

MS09-071 – Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) MS09-074 – Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) MS09-072 – Cumulative Security Update for Internet Explorer (976325) MS09-069 – Vulnerability in Local [...]

Disabling Javascript on Adobe Acrobat

For many users, PDF’s are simply a mechanism for providing documents to read. Given the spate of vulnerabilities identified in Acrobat and Reader in 2009, and the likely promise of more in 2010, we are releasing by request this general instruction for disabling Javascript in Adobe Acrobat. An advisable approach, depending on your usage of these products, may be to disable Javascript and only re-enable when performing an activity with a PDF that requires Javascript be enabled, such as with an eForm.

From Promiscuous to Port Scanning with Powershell

It’s been a while since my last post regarding Powershell which showed how to scan hosts for network interfaces in promiscuous mode. This time around, we’ll scan for some well known ports in our Active Directory to see who has a local IIS or SQL Express running on their machine. I know what you’re thinking. [...]

OSSEC: Agentless scripts

In my last OSSEC post “OSSEC: Agentless to save the day” I went over how to setup agentless monitoring using the built in scripts. With this post I am going to get into the details of how to modify the OSSEC supplied scripts to do your bidding.

OSSEC: Agentless to save the day

OSSEC is a Host Intrusion detection system (HIDS) in name, but in reality it is far more. It’s able to look for rootkits, monitor logs (LIDS), and even actively respond to defined events. While all these features are great the unsung hero is agentless monitoring.

Replace watch.swf with warp.swf on YouTube

If you replace watch.swf with warp.swf in a url on youtube, a new application shows up that dynamically opens up new nodes of related videos. Its both interesting and bizarre, anda good way to burn five minutes: Youtube Warp.