Tuesday, November 30, 2010

Amazing Things with HTML5

Just read the article at MakeUseOf, 15 sites that do amazing things with HTML5.


15 Sites That Do Amazing Things With HTML5

by Dave Drager on Nov. 29th, 2010





what is html5The forthcoming HTML5 update to the 20 year old HyperText Markup Language promises to bring the "web" experience to a whole new level, allowing the browser to do more from both a visual and data perspective. Even though HTML5 is still a good distance away from being fully deployed, that hasn't stopped many developers from pushing it to the limits.
Check out these amazing websites which really give you a good idea as to the capabilities of HTML5 as a programming language, doing things in your web browser that were once only possible in an external program or plugin. I've tested them in Chrome and they should all work in an HTML5 compliant browser such as Chrome, Firefox 4, Safari or IE9. They are demos and HTML5 is still a work in progress, so if you have problems viewing them you might want to try in another browser. Enjoy!

Arcade Fire – The Wilderness Downtown

what is html5
This is a great demo done by Arcade Fire and Google which feature different HTML5 Canvas tricks. I don't want to spoil the surprise for you – enter your childhood address and enjoy the video and technical wizardry.

WebVenture

dive into html5
WebVenture is an HTML5 and Javascript implementation of the MacVenture gaming platform. You can now play Deja Vu 1 & 2, Shadowgate and Uninvited right in your browser! Other game implementations such as Wolfenstein 3D are being worked on, bringing gaming into your browser.

20 Things I Learned About Browsers And The Web

dive into html5
This site from Google demos a "book" styled approach to a description about how web browsers work and how many of the underlying technologies work. Impressive from a technical standpoint, it also is a good primer for readers who would like to know more about how the web works.

Collaborative Drawing

dive into html5
This demo uses the HTML5 websockets feature to allow viewers to collaboratively – at the same time – draw on the canvas.

SketchPad

html5 tutorial
SketchPad is a "paint" program for the web. It supports rudimentary drawing instruments and is done only in HTML5 and JavaScript.

Galactic Plunder

html5 tutorial
Galactic Plunder is a 2D Space Shooter implemented in HTML5. Not quite as feature filled as a normal side scrolling shooter, it is done entirely in HTML5 which is impressive in itself.

Video Effects

html5 tutorial
HTML5 allows you to to much with video on the web. In addition to letting you play it without your web browser, with no plugin, it allows you to manipulate that video. This demo shows how you can "Blow up" the pixels of a video while playing.

Multiple Window Ball

This demonstrates and effect also seen in the Arcade Fire video. HTML5 allows you to open multiple windows and have objects move between them.

HTML5Rocks (Google)

HTML5 Rocks is a slideshow which demonstrates many of the special features of the HTML5 language. If you are a developer it gives you sample code and lets you see the possibilities of HTML5.

8-bit Color Cycling (Like Old School Games)

If you were a gamer in the early 90s you will remember this effect fondly. Since computational power was limited, graphic designers used 'tricks' to emulate video in a static image. This canvas effect will show you how it was done and also includes many examples which are beautiful as well.

HTML5 Experiments from Hakim.se

This site lists many demos of games and other neat little gadgets to show off what you can do with HTML5. Good for inspiration and maybe a little time diversion.

Harmony

Harmony is a neat little drawing program that lets you use cool brushes to paint a picture. You can create things such as "fur" and "web" which are just cool to see in creation.

Twitter/Music Mashup

This neat mashup from @9elements pits music and rotating dots with twitter posts about HTML5. Hard to describe in practice, must be seen to understand!

Radiohead/HTML5 Mashup

Another neat mashup which pits Radiohead's Idioteque with a drawing of Thom Yorke which is drawn as the song progresses. Another "seen to be believed" effect.

Want More?

HTML5Demos / CanvasDemos

what is html5
These two websites are set up to give views a wide variety of demos of HTML5 and the HTML5 Canvas effects. Ranging from the mundane to the "cool", if you are thirsty for more these are the places to go.
There are many demos of HTML5 out there on the internet now – and it is well on its way to becoming the new standard of the web. Do you have awesome demos you would like to share? Please post in the comments below!

Saturday, November 20, 2010

DllHijackAuditor – Free Audit Tool For DLL Hijack Vulnerability

DllHijackAuditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to completely take over the system.

DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system. With its simple GUI interface, DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.

New version v2 brings out following features,

  • New & Smart Debugger based ‘Interception Engine’ for consistent and efficient performance.
  • Support for specifying as well as auditing of application with custom & multiple Extensions.
  • Timeout Configuration to alter the waiting time for each Application.

DllHijackAuditor is a standalone portable application which support from Windows XP to Windows 7.

Reference:

Friday, November 19, 2010

Exploiting DLL Hijacking Flaws

In the month of August/September time frame, there has been a lot of attacks on DLL Hijacking. More than 200 Windows applications are having this flaw and vulnerable to this attack.

DLL Hijacking is a vulnerability that triggered when a vulnerable file type is opened from within a directory controlled by the attacker.


HD Moore (Metasploit) explains the problem and adds a *scanner* into the metasploit framework. Please read his blog entry here (tool for scanning the local machine)

Wednesday, November 17, 2010

Memory Analysis with Mandiant Memoryze

There is a great article posted by ctilbury on Digital Forensics How-To: Memory Analysis with Mandiant Memoryze.

It introduces 2 tools, Memoryze and Audit Viewer. Both are available free at Mandiant. The article shows:

  • How to install Memoryze on USB as incident response kit.
  • Work through the steps to acquire a memory image.
  • Outline the potential issue/solution with memory acquisition.
  • Performing live memory analysis.

Monday, November 15, 2010

Mandiant: Forensic and Incident Response Tools

Below is the list of tools that I used to perform forensic and incident response. All are available at Mandiant free software.
  1. MANDIANT IOCe is a free editor for Indicators of Compromise (IOCs). 
  2. Memoryze - A free memory forensics software designed to help incident responders find evil within live memory.
  3. MIR Lite-CDT - A command line utility based on technology from MANDIANT's Intelligent Response enterprise product.
  4. Audit Viewer - An open source tool that allows users to examine the results of Memoryze's analysis.
  5. Highlighter - Designed to help network analysts rapidly review log and other structured text files.
  6. Red Curtain - A software for incident responders that helps find and analyze unknown malware.
  7. Web Historian - Assists users in reviewing websites that are stored in the history files of the most commonly used browsers.

Sunday, November 14, 2010

Create a Fake Virus

This is documented at eicar.org antivirus test page. Simply copy-and-paste the following into a text file.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Wednesday, November 10, 2010

Sagan – Real-time System & Event Log (syslog) Monitoring System

Screenshot of Sagan
Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time!


Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting “bad things” happening on your network and/or computer systems. If Sagan detects a “bad thing” happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system. Sagan is meant to be used in a ‘centralized’ logging environment, but will work fine as part of a standalone Host IDS system for workstations.

Sagan is fast: Sagan is written in C and is a multi-threaded application. Sagan is threaded to prevent blocking Input/Output (I/O). For example, data processing doesn’t stop when an SQL query is needed. It is also meant to be as efficient as possible in terms of memory and CPU usage.

Sagan uses a “Snort” like rule set: If you’re a user of “Snort” and understand Snort rule sets, then you already understand Sagan rule sets. Essentially, Sagan is compatible with Snort rule management utilities, like “oinkmaster” for example.

Sagan can log to Snort databases: Sagan will operate as a separate “sensor” ID to a Snort database. This means that your IDS/IPS events from Snort will remain separate from your Sagan (syslog/event log) events. Since Sagan can utilize Snort databases, using Snort front-ends like BASE and Snorby will not only work with your IDS/IPS event, but also with your syslog events as well!

Sagan output formats: You don’t have to be a Snort user to use Sagan. Sagan supports multiple output formats, such as a standard output file log format (similar to Snort), e-mailing of alerts (via libesmtp), Logzilla support and externally based programs that you can develop using the language you prefer (Perl/Python/C/etc).

Sagan is actively developed: Softwink, Inc. actively develops and maintains the Sagan source code and rule sets. Softwink, Inc. uses Sagan to monitor security related log events on a 24/7 basis.

Features:

  • Sagan is meant to be easy to install. The traditional, “./configure && make && make install” works for many installations depending on the functionality needed and configuration.
  • Thresholding of alerts. Uses the same format as Snort in the Sagan rule set.
  • Attempts to pull TCP/IP addresses, port information, and protocol of rule set that was triggered. This leads to better correlation.
  • Can be used to monitor just about any type of device or system (Routers, firewalls, managed switches, IDS/IPS systems, Unix/Linux systems, Windows event logs, wireless access points & much more).
  • Works ‘out of the box’ with Snort front ends like BASE, Snorby, proprietary consoles, various Snort based reporting systems.
  • Sagan is ‘open source’ and released under the GNU/GPL version 2 license.

Reference:

Tuesday, November 09, 2010

Good Paper about Advanced Web Security Testing

There is a great article available about advanced web security testing, especially if a certain web-form requires other forms that have to be filled out correctly in advance – workflow issues – and how to test such applications where traditional web scanners fail because they can’t follow the flow of an application.


== Leveraging User Interactions for In-Depth Testing of Web Applications ==
Authors: Sean McAllister1, Engin Kirda2, and Christopher Kruegel3

Over the last years, the complexity of web applications has grown significantly, challenging desktop programs in terms of functionality and design. Along with the rising popularity of web applications, the number of exploitable bugs has also increased significantly. Web application flaws, such as cross-site scripting or SQL injection bugs, now account for more than two thirds of the reported security vulnerabilities. 
Black-box testing techniques are a common approach to improve software quality and detect bugs before deployment. There exist a number of vulnerability scanners, or fuzzers, that expose web applications to a barrage of malformed inputs in the hope to identify input validation errors. Unfortunately, these scanners often fail to test a substantial fraction of a web application?s logic, especially when this logic is invoked from pages that can only be reached after filling out complex forms that aggressively check the correctness of the provided values. 
In this paper, we present an automated testing tool that can find reflected and stored cross-ite scripting (XSS) vulnerabilities in web applications. The core of our system is a black-box vulnerability scanner. This scanner is enhanced by techniques that allow one to generate more comprehensive test cases and explore a larger fraction of the application. Our experiments demonstrate that our approach is able to test more thoroughly
these programs and identify more bugs than a number of open-source and commercial web vulnerability scanners.

Original URL:

Saturday, November 06, 2010

THC-IPv6 – Toolkit Attacking the IPV6 Protocol

A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project.

The tools:

  • parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
  • alive6: an effective alive scanng, which will detect all systems listening to this address
  • dnsdict6: parallized dns ipv6 dictionary bruteforcer
  • fake_router6: announce yourself as a router on the network, with the highest priority
  • redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
  • toobig6: mtu decreaser with the same intelligence as redir6
  • detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
  • dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
  • trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
  • flood_router6: flood a target with random router advertisements
  • flood_advertise6: flood a target with random neighbor advertisements
  • fuzz_ip6: fuzzer for ipv6
  • implementation6: performs various implementation checks on ipv6
  • implementation6d: listen daemon for implementation6 to check behind a FW
  • fake_mld6: announce yourself in a multicast group of your choice on the net
  • fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
  • fake_advertiser6: announce yourself on the network
  • smurf6: local smurfer
  • rsmurf6: remote smurfer, known to work only against linux at the moment
  • sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff  to keep the CPU busy. nice.

Limitations:

  • Only support Linux 2.6.x (because of /proc usage)
  • 32 Bit
  • Ethernet and Raw are supported


Reference:

Friday, November 05, 2010

Andiparos - Web Application Security Assessments Tool

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.

The author did ask for the original authors of Paros Proxy to integrate his changes but was rejected, hence the fork.

The advantage of Andiparos is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers…

Features:

  • Smart card support
  • History Filter (URLs)
  • Tag requests in history

Reference:

Thursday, November 04, 2010

Arachni – Web Application Vulnerability Scanning Framework

Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while traveling through each path of a web application’s cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.

The project aims to:
Provide a stable and efficient framework
Developers should be allowed to easily and quickly create and deploy modules with the minimum amount of restrictions imposed upon them, while provided with the necessary infrastructure to accomplish their goals. Module writers should be able to take full advantage of the Ruby language under a unified framework that will increase their productivity without stifling them or complicating their tasks. Basically, give them the right tools for the job and get the hell out of their way.
Be simple
Well, not simple in general. Some parts of the framework are fairly complex. However, the module and report APIs are very similar and very simple.
Be developer and user friendly
Users should be able to make the most out of Arachni without being confused or overwhelmed. Developers unfamiliar with the framework should be able to write working modules and reports immediately after a small glance at an existing one.

Reference:

Wednesday, November 03, 2010

Google Suggest Venn Diagram


A venn diagram generated from http://antimatter15.github.com/venn-google/venn-google.html#why+are+christians+so#why+are+muslims+so#why+are+buddhists+so#why+are+jews+so via Google Suggest.

sessionthief – HTTP Session Cloning & Cookie Stealing Tool

sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, and should also work with interfaces in monitor mode. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. In this way, in contrast to tools like the middler, it doesn’t require any additional configuration, and makes it easy to simultaneously own multiple logins to the same site.

For example, if multiple clients on the open or WEP-encrypted wireless network you are on are on Facebook (or yahoo mail or just about any site you log into), you can:

  1. Start the program
  2. Select your interface
  3. Hit watch
  4. Select a request from each of them to Facebook, and click the session button.

The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once. It compiles and runs on linux and windows depending on the pcap and wxwidgets libraries.

Reference:

Tuesday, November 02, 2010

wifite - Mass WEP/WPA Cracker

wifite is created to to attack multiple WEP and WPA encrypted networks at the same time. This tool is customizable to be automated with only a few arguments and can be trusted to run without supervision. wifite is available in BackTrack4.

Features:

  • sorts targets by power (in dB); cracks closest access points first
  • automatically deauths clients of hidden networks to decloak SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
  • all WPA handshakes are backed up to wifite.py’s current directory
  • smart WPA deauthentication — cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C — options: continue, move onto next target, skip to cracking, or exit
  • switching WEP attack methods does not reset IVs
  • intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
  • SKA support (untested)
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to log.txt
  • built-in updater: ./wifite.py -upgrade
References:

Monday, November 01, 2010

Zed Attack Proxy - Web Application Penetration Testing

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Features

  • Intercepting proxy
  • Automated scanner
  • Passive scanner
  • Spider
  • Port Scanner


The release of OWASP ZAP is actually a fork from Paros Proxy.

References: