SubSeven is back after hiatus
According to an entry on July 31, 2009 on www.subseven.org, the infamous backdoor SubSeven is back. "Work with the crew on a new version of 2.2 has begun. For now we will call it 2.3", said mobman, who is known for having written the first version of the program in 1999
Rule release for today - August 18 2009
As a result of ongoing research, the Sourcefire VRT has added multiple rules to the web-client, web-misc and sql rule sets to provide coverage for emerging threats from these technologies. Snort link here: http://www.snort.org/vrt/advisories/2009/08/18/vrt-rules-2009-08-18.html
Vulnerability Report August 2009
This month's report covers three of the Microsoft Tuesday advisories, Snort 2.8.5 RC, Byakugan, DHCLIENT and BIND 9.
New Byakugan functionality - !jutsu searchVtptr
With heap metadata exploits going out of favor (hzon's fine work not withstanding), I've recently gone after a number of vtable overwrites. This can be no fun at all to do by hand, so I've added some helpful code to byakugan to let you search for the pointers to point
Microsoft Tuesday Coverage for August 2009
Well, first Microsoft Tuesday after DefCon and as punishment, there are 9 advisories to note with 8 of them being suitable for detection by an IPS/IDS. Microsoft Security Advisory (MS09-036): Microsoft Internet Information Server (IIS) contains a programming error that may allow
Syntax Checking your Snort Rules
Our friend over in blighty has been at it again. This time, Leon has come up with dumbpig, a tool written in Perl that will check your Snort rules and tell you what, if anything, is wrong with them and what you should do about it. Here's a sample of dumbpig output: torchwoo
DoJoSec meeting - August 6th
This month's DoJoSec meeting features three speakers: Sean Morrissey - "Apple’s File Vault – How Secure is it?" Dale Beauchamp - "The First 120" Matt Fisher - "The Big Picture: Web Risks and Assessments Beyond Scanning" Details are available he
Freakshow Sumo
Patrick Mullen (phoo) and Ryan Pentney (kappa) take each other on in a Sumo match at the IOActive Freakshow party at Defcon 17. Watch closely, the loser of each bout gets tea bagged.
Freakshow
We'll be attending the Freakshow on Saturday, come along and say hello. You can also find us at the Microsoft Security Appreciation Reception tonight at Treasure Island. You can't get in without an invite though, so if you have one and you're going, come find us and