Insinuator.net – Page 32 – Bold Statements

October 17, 2016 by Timo Schmid

Linq Injection – From Attacking Filters to Code Execution

Some of you (especially the .Net guys) might have heard of the query language Linq (Language Integrated Query) used by Microsoft .Net applications and web sites. It’s used to access data from various sources like databases, files and internal lists. It can internally transform the accessed data in application objects and provides filter mechanisms similar to SQL. As it is used directly inside the application source code, it will be processed at compile time and not interpreted at runtime. While this provides a great type safety and almost no attack surface for injection attacks (except from possible handling problems in the different backends), it is extremely difficult to implement a dynamic filter system (e.g. for datatables which should allow users to select the column to filter on). That’s probably the reason why Scott Guthrie (Executive Vice President of the Cloud and Enterprise group in Microsoft, also one of the founders of the .Net project) presented the System.Linq.Dynamic package as part of the VS-2008 samples in 2008. This library allows to build Linq queries at runtime and therefore simplify dynamic filters. But as you may know, dynamic interpretation of languages based on user input is most of the time not the best option….

Continue reading “Linq Injection – From Attacking Filters to Code Execution”

Misc

October 14, 2016 by Michael Schaefer

Welcome to Insinuator.net 2.0

It’s almost exactly seven years since Enno published the very first blog post on Insinuator.net. Meanwhile, quite a few things changed. It’s not only the ERNW Universe which grew significantly, but also Insinuator’s place within this universe was slightly adjusted. What started as an almost independent IT-Security blog became more and more the major publication medium of ERNW.

Continue reading “Welcome to Insinuator.net 2.0”

Events

October 6, 2016 by Pascal Turbing

Black Hat 2016 Summary Part 2.1

A few months ago I had the opportunity to visit this year’s Black Hat in Las Vegas. Due to a few weeks of vacation following the conference here are my delayed 2 cents (part 1)

Abusing Bleeding Edge Web Standards For AppSec Glory – Bryant Zadegan & Ryan Lester (Slides)

Bryant and Ryan talked about new web standards which are already implemented in parts of the current browser jungle. Namely these standard were:

Continue reading “Black Hat 2016 Summary Part 2.1”

Breaking

October 5, 2016 by Prof. Dr.-Ing. Andreas Dewald

DameWare Vulnerability

In course of a recent research project, I had a look at SolarWinds DameWare, which is a commercial Remote Access Software product running on Windows Server. I identified a remote file download vulnerability in the download function for the client software that can be exploited remotely and unauthenticated and that allows to download arbitrary files from the server that is running the software.

Continue reading “DameWare Vulnerability”

Breaking

October 1, 2016 by Brian Butterly

How to Become Part of an IoT Botnet

I suppose there are many people out there who want to achieve a greater good, fight evil corp and “show those guys”. So why not set a statement and become part of a botnet? #Irony!!! Of course I suppose (hope) that none of you actually want to be part of something like an IoT botnet, but joining could in theory be dead easy. So quite a while back I bought a dead cheap WiFi camera for use at home. It was kind of just as insecure as I had expected, so it got it’s own VLAN and stuff and here is why….

Continue reading “How to Become Part of an IoT Botnet”

Building

September 26, 2016 by Timo Schmid

Diving into EMET

Last week, we decided to take a look onto the EMET library provided by Microsoft. This library is intended to introduce several security features to applications which are not explicitly compiled to use them.

It also adds an additional layer to protect against typical exploiting techniques by filtering library calls, preventing usage of dangerous functions/components and inserting mitigation technologies.

As EMET is already a target for many researchers, we currently only started to get an overview of it’s structure and how the different components are interacting with each other. Today we would like to share some of our results with you.

Continue reading “Diving into EMET”

Breaking, Events

September 20, 2016 by Hendrik Schmidt

Attacking BaseStations @Defcon24

Hello Guys,
back from my vacation I’d like to give you some impressions about Defcon 24 and our talk “Attacking BaseStations”. Defcon itself had a couple of great talks but was a very crowded location. Anyhow, we had a couple of great discussions with the people before and after our talk.

Continue reading “Attacking BaseStations @Defcon24”

Misc

September 20, 2016 by Matthias Luft

Introducing the Kernel Space Invaders

Today it is my pleasure to shortly introduce ERNW’s Capture the Flag team, the Kernel Space Invaders. As a long-time CTF enthusiast, I’m really amazed how many of us make the time to tackle IT security challenges also on the weekends or evenings. Even if we cannot participate in all CTFs out there (which would be challenging anyways given the large number of CTF events happening nowadays), we started to compile a repository of some of our write-ups — I hope some of you will enjoy!

Cheers,

KSI

Events

September 19, 2016 by Stefan Kiese

BSides LV 2016: Recap

Hey everyone,

Just a short recap from my side regarding this year’s BSide in Las Vegas, NV. It was my first time there and I pretty much enjoyed it. After entering the venue on the first con day (Tuesday) I was a little bit shocked, as the staff sent me to the “end of the line just around the corner” – the end being many corners and many floors away 😉 Speaking to some guys while standing in line, time quickly passed by and before finally hitting the registration desk, there were already some people from the staff giving away the conference badges to the waiting folks. The waiting time was no comparison to last year’s DEF CON, where I (and obviously all the other “humans”, how attendees at DEF CON are called) had to wait nearly _four_ hours to get a badge to enter the con. DEF CON staff already calls this the annual “Line Con”. Enough bashing, back to topic 😉

The opening keynote was held by Lorrie Cranor, who spoke first and Michael Kaiser, who did the second part. I enjoyed Lorrie’s part which was about frequent password changes in environments like companies or universities. She talked about studies that revealed, many people who have to change passwords frequently use patterns by changing their passwords, like shifting letters or iterating numbers. This behavior mostly provides only a little security benefit or could otherwise also decrease security, she said.

Continue reading “BSides LV 2016: Recap”

Building

September 18, 2016 by Matthias Luft

Files Your Webserver Shouldn’t Deliver

During penetration tests, we often find interesting files on web servers. Almost as often, those files enable us to carry out further attacks with much higher impact. Inspired by Chris Gate’s great series From Low to Pwned, we decided to share the following small piece.

Continue reading “Files Your Webserver Shouldn’t Deliver”