I’ve been digging through some PHP files that are trying very hard to hide what they are doing. Basically, the PHP code is base64 encoded and then compressed. The blob of random text is then stuffed into a PHP file which calls to decode it and execute it on the web server. While it obscures [...]
Tags: incident response, malicious php, obscured malicious code
Metasploit has successfully broken into Skynet thanks to Comodo, RSA, MySQL and Stuxnet! Here is the output from msfconsole after updating today. Rock on guys. Technorati Tags: april 1st, Metasploit, skynet
Tags: april 1st, Metasploit, skynet
A friend of mine asked a question on Facebook that went something like this. Who owns your company’s data? The politically correct answer is that the business owns the data and IT manages it for them. That’s nice in theory, but is it really true? Does your company have a data governance group (run by [...]
Tags: data governance, data security, information securit
I spent some time today and fixed some seriously messed up regular expressions in Reconnoiter. Basically, Google made a bunch of changes to their search results and added AJAX all over the place. To deal with this, I changed the submitted user agent to Lynx and then updated the regex accordingly. Changes with regex were [...]
Tags: recon, Reconnoiter, username generation, web penetration testing, web security
Things have been really busy lately. First off, my Mentor session for SANS Security 504 started on September 21st. We are at the halfway point right now and leading this has been incredible. It seems whenever I need to present or teach something I learn more than anyone else. Plus teaching is just fun! Particularly [...]
Tags: JW Network Consulting, Linux Basix Podcast, Metasploit, PFIC 2010, Utah Technology Events, UTOSC
