UnicornScan

Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.

BENEFITS
Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:

• Asynchronous stateless TCP scanning with all variations of TCP Flags.
• Asynchronous stateless TCP banner grabbing.
• Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
• Active and Passive remote OS, application, and component identification by analyzing responses.
• PCAP file logging and filtering.
• Relational database output.
• Custom module support.
• Customized data-set views.

Get it from http://www.unicornscan.org/

Zero-day Flaw in HP Laptop

From http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

Advisory:

Multiple Hewlett-Packard notebook series are prone to a remote code execution attack. The manufacturer's preinstalled software contains a critical flaw within the software built to support one-touch button quick feature access.

Overview:

Software called "HP Info Center" is shipped with almost every HP laptop model for few years. It is designed to support user with quick system information and hardware configuration using single button touch. One of its ActiveX controls deployed by default by the vendor has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution and remote registry manipulation based attacks.

Impact:

• Remote code execution
• Remote system registry read/write access
• Remote shell command execution

Open Source Alternative

Recently I discovered this web site called Open Source Alternative.

Open Vs. Closed

Find open source alternatives to your favourite commercial products. Browse through our software categories and compare pros and cons of both commercial products as well as open source software.

Why open source

By choosing an open source product, the user obtains a number of advantages compared to commercial products. Besides the fact that open source is always available for free, it is a transparent application, in that you are invited exclusively behind the scenes to view all source code and thereby to suggest improvements to the product. Furthermore, every product is covered by a large dedicated network, or community, who is more than willing to answer any questions, you may have.

Colors in Security

This is what I collected from the http://taosecurity.blogspot.com/2007/09/security-jersey-colors.html:

• Red Team: A Red Team is an adversary simulation team. The Red Team attacks the asset to meet an objective. This activity is called penetration testing in the commercial world.


• Blue Team: A Blue Team is a security posture assessment and evaluation team. The Blue Team determines the vulnerabilities and exposures of an enterprise. This activity is called vulnerability assessment in the commercial world.


• White Team: A White Team (or usually a "White Cell") controls the environment during an exercise. The White Cell provides the framework in which the Red Team attacks friendly forces. (Note that in some situations the friendly forces are called the "Blue Team." This is not the same Blue Team that conducts vulnerability assessments and evaluations. Blue in this case is simply used to differentiate from Red.)


• Green Team: The Green Team is usually a training group that helps the asset owners. Alternatively, the Green Team helps with long-term vulnerability and exposure remediation, as identified by the Blue Team. These descriptions are open for discussion because I haven't seen too many green team activities.

In addition, I would also like to add in a couple more teams.

• Black Team: The Black Team is supposedly for forensics and investigation. I choose this color because it matches with "Black Box" found in all aeroplanes.
  


• Brown Team: The Brown Team is dedicated to Incident Response Team. They in-charge of everything during emergency and act/react to bring the situation under control.
  

P/S: How come it seems similar to 6-Hat Thinking?

Intrusion Detection In-Depth

SEC503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine network traffic for signs of an intrusion.

The hands-on training (Aug. 05 - Aug. 10 2007) in SEC503 is intended to be both approachable and challenging for beginners and seasoned veterans. There are two different approaches for each exercise. The first contains guidance and hints for those with less experience, and the second contains no guidance and is directed toward those with more experience. In addition, an optional extra credit question is available for each exercise for advanced students who want a particularly challenging brain teaser. A sampling of hands-on exercises includes the following:

• Day 1: Hands-On: Introduction to Wireshark
• Day 2: Hands-On: Writing tcpdump filters
• Day 3: Hands-On: IDS/IPS evasion theory
• Day 4: Hands-On: Snort rules
• Day 5: Hands-On: Analysis of three separate incident scenarios
• Day 6: Hands-On: The entire day is spent engaged in the NetWars: IDS Version challenge

Link: Network Intrusion Detection | SANS SEC503 | Intrusion Detection Training