http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2013-04-07 03:09:29 - Kioptrix : Hi everyone, I know you re normally used to see loneferret publish on this side of the website but I thought I could add a post or two once in a while and hopefully translate each french one I do too So here s my first entry RDinelle http://www.secuobs.com/revue/news/438015.shtmlhttp://www.secuobs.com/revue/news/438015.shtml Secuobs.com : 2012-08-14 14:06:53 - Kioptrix - Win Free Copies of new book on Advanced Penetration Testing Readers would be pleased to know that I have teamed up with Packt Publishing to organize a Giveaway of the Advanced Penetration Testing for Highly-Secured Environments The Ultimate Security Guide book And three lucky winners stand a chance to win copies of their new book http://www.secuobs.com/revue/news/393445.shtmlhttp://www.secuobs.com/revue/news/393445.shtml Secuobs.com : 2012-07-16 12:53:47 - Kioptrix - When connecting to port 995 e-mail SSL accepted server using a raw TCP connection, nothing will happen since it s expecting SSL commands So we could type anything we want after the connection is made, and nothing will happen What we need to do is, encapsulate our traffic in SSL This can be done using stunnel http://www.secuobs.com/revue/news/387448.shtmlhttp://www.secuobs.com/revue/news/387448.shtml Secuobs.com : 2012-02-08 17:24:19 - Kioptrix - Again a long delay between VMs, but that cannot be helped Work, family must come first Blogs and hobbies are pushed down the list These things aren t as easy to make as one may think Time and some planning must be put into these challenges, to make sure that 1 It s possible to get root http://www.secuobs.com/revue/news/356702.shtmlhttp://www.secuobs.com/revue/news/356702.shtml Secuobs.com : 2011-12-10 12:17:30 - Kioptrix - After seeing a Tweet about dumping password hashes from a live Windows 2008 Domain Controller, I was intrigued Reading a post from Tim Tomes LaNMaSteR53 , I figured I d give it a shot and if successful show my findings with pictures It s an ingenious method of getting the hash values This attack falls into the post-exploitation http://www.secuobs.com/revue/news/346451.shtmlhttp://www.secuobs.com/revue/news/346451.shtml Secuobs.com : 2011-11-08 01:16:26 - Kioptrix - Well Hackfest third edition, Quebec s largest and best Information Security Conference, has come to past Like years previous this one was amazing The talks were full of life and content that kept you glued to your seat The CTF games at the end of each day were simply works of networking art trying to get http://www.secuobs.com/revue/news/339372.shtmlhttp://www.secuobs.com/revue/news/339372.shtml Secuobs.com : 2011-11-06 19:45:41 - Kioptrix - Something that is often over looked in web applications is cross site scripting vulnerabilities or XSS It seems these little critters may not have as much wow-factor as remote code execution, but they can still lead to variant degrees of system network compromise A good example is this blog post by MaXe from Intern0t http wwwexploit-dbcom vbseo-from-xss-to-reverse-php-shell This http://www.secuobs.com/revue/news/339123.shtmlhttp://www.secuobs.com/revue/news/339123.shtml Secuobs.com : 2011-10-30 14:38:15 - Kioptrix - Although I m quite aware this subject has probably been blogged to death, this entry serves two purposes For one my memory is shot and I need to write this somewhere to help me not forget The second is the simple fact that this site is, after all, for the beginner Imagine yourself the following scenario http://www.secuobs.com/revue/news/337701.shtmlhttp://www.secuobs.com/revue/news/337701.shtml Secuobs.com : 2011-09-24 14:56:24 - Kioptrix - Hackfestca Quebec s finest and largest Information Security conference and according to statistics one of the bigger ones in Canada is set for November 4th 5th This year promises to be as exciting as the years previous Great sponsors, good roster of speakers in both English and French and some good prizes up for crabs http://www.secuobs.com/revue/news/330877.shtmlhttp://www.secuobs.com/revue/news/330877.shtml Secuobs.com : 2011-09-01 14:39:17 - Kioptrix - A few weeks ago, I ordered the MSF pentest guide mostly authored by the Offsec crew wwwoffseccom Hailed as the best MSF guide, and highly praised by the project s founder HD Moore this guide does live up to the hype I rarely find an IT book that can be read cover-to-cover, especially one that is http://www.secuobs.com/revue/news/326484.shtmlhttp://www.secuobs.com/revue/news/326484.shtml Secuobs.com : 2011-08-26 15:53:39 - Kioptrix - Been awhile, unfortunately life throws a few curve balls once in a while So this post isn t security related but still can be useful for some In any letter campaign, a few keys to success are to have a good letter, proper English and staying polite This last point is difficult at times when one http://www.secuobs.com/revue/news/325397.shtmlhttp://www.secuobs.com/revue/news/325397.shtml Secuobs.com : 2011-05-29 17:08:36 - Kioptrix - This morning wasn t a great one for us here When I logged on to our site to see this as our main page Egg on our faces I guess We are still investigating the cause of the hack No real damaged was done besides our egos Nothing was deleted besides a few php files here http://www.secuobs.com/revue/news/307845.shtmlhttp://www.secuobs.com/revue/news/307845.shtml Secuobs.com : 2011-04-19 03:04:53 - Kioptrix - It s been a while since the last Kioptrix VM challenge Life keeps getting the way of these things you know After the seeing the number of downloads for the last two, and the numerous videos showing ways to beat these challenges I felt that 12 or just level 3 needed to come out Thank you http://www.secuobs.com/revue/news/299273.shtmlhttp://www.secuobs.com/revue/news/299273.shtml Secuobs.com : 2011-02-20 15:25:08 - Kioptrix - For a while now, I ve had some fun with simple buffer overflows under Microsoft s Windows environment Using either Ollydbg or Immunity debugger this was quite easy well the learning curve wasn t so bad I ve written a few posts and made a few simple videos showing the process Nothing exciting but if it helped someone getting http://www.secuobs.com/revue/news/286489.shtmlhttp://www.secuobs.com/revue/news/286489.shtml Secuobs.com : 2011-02-04 04:56:29 - Kioptrix - When Batman brought down the gauntlet of justice on the Joker, or a low life street thug, he did to protect the innocent To protect the ones that justice had forgotten, the ones that are incapable of defending themselves In the rare occasions innocent by standers were hurt, Bruce Wayne would try and do good http://www.secuobs.com/revue/news/282919.shtmlhttp://www.secuobs.com/revue/news/282919.shtml Secuobs.com : 2011-01-29 17:52:18 - Kioptrix - Well a group called TeaMp0isoN has release a e-zine with some interesting information on a few sites they ve recently hacked You can have a read here Interesting read Although I don t condone such actions, it is good to point out that everyone is at risk You don t need to be a fortune 500 http://www.secuobs.com/revue/news/281647.shtmlhttp://www.secuobs.com/revue/news/281647.shtml Secuobs.com : 2011-01-14 14:28:39 - Kioptrix - Well, it s that time of year again for the Hackus crew Last year s CTF event was a great success, so they are repeating for 2011 Like it s predecessor, this event will be 48 hours non stop spread over 3 days Scheduled for April s 1st-2nd and 3rd of 2011 Early bird registration is open, see Hackus http://www.secuobs.com/revue/news/278235.shtmlhttp://www.secuobs.com/revue/news/278235.shtml Secuobs.com : 2010-12-25 20:05:41 - Kioptrix - Well, for the past few hours the news has been spreading like wild fire EDB, Ij3ct0r and a few others have been had by the skilled ninjas from owned and exposed team Being a member of exploit-db myself, I have to admit it came as a shock At the same time I was curious and http://www.secuobs.com/revue/news/274191.shtmlhttp://www.secuobs.com/revue/news/274191.shtml Secuobs.com : 2010-12-12 17:13:09 - Kioptrix - Well, I got an e-mail not too long ago asking me how to use Sulley as a file fuzzer almost My reply was, use peach fuzz or MiniFuzz Seeing Sulley is more of a remote service fuzzer but not limited too So Pepelux whipped up a nice python script, using existing libraries, to do just http://www.secuobs.com/revue/news/271150.shtmlhttp://www.secuobs.com/revue/news/271150.shtml Secuobs.com : 2010-09-29 00:41:03 - Kioptrix - Administration Will Seek Changes in Wiretap Rules to Cover New Technologies September 27, 2010 The Obama administration plans to submit a bill to legislators next year that would require all communications services to have technology in place so they will be able to comply with wiretap orders Targets include services like BlackBerry, Facebook and Skype http://www.secuobs.com/revue/news/252596.shtmlhttp://www.secuobs.com/revue/news/252596.shtml Secuobs.com : 2010-09-22 13:53:08 - Kioptrix - TOP OF THE NEWS Microsoft Says Millions of ASPnet-Based Web Sites Vulnerable To Major Attack September 20, 201, 2010 Microsoft confirmed that a vulnerability disclosed at a Buenos Aires hacker conference is present in millions of web sites that rely on the ASPNet framework The researchers showed how attackers can exploit an error in ASPNet s http://www.secuobs.com/revue/news/250625.shtmlhttp://www.secuobs.com/revue/news/250625.shtml Secuobs.com : 2010-09-17 01:38:59 - Kioptrix - August 5, 2010 Apple will fix a security flaw in the newest iPhone software that can be exploited to access information stored on the device The exploit could work by tricking users into visiting a website that contains a specially crafted PDF file The vulnerability gained wide attention when it was used to jailbreak the http://www.secuobs.com/revue/news/247518.shtmlhttp://www.secuobs.com/revue/news/247518.shtml Secuobs.com : 2010-09-17 01:38:59 - Kioptrix - RIM Stands Firm in Face of Governments Demands for Monitoring Capabilities August 3, 4 5, 2010 Saudi Arabia has ordered mobile service providers in that country to stop service to Blackberry devices as of August 5 because the practices of Blackberry s parent company, Research in Motion RIM , do not comply with Saudi Arabia s regulations http://www.secuobs.com/revue/news/247517.shtmlhttp://www.secuobs.com/revue/news/247517.shtml Secuobs.com : 2010-07-17 13:46:32 - Kioptrix - I ve been away from this blog for a while now, with good reason Been hammering at Offensive-Security s CTP course for the last month and a bit Although my official results aren t in, the experience was incredible The PWB course showed just how broken the Internet is, CTP only solidified that reality for me CTP is http://www.secuobs.com/revue/news/241350.shtmlhttp://www.secuobs.com/revue/news/241350.shtml Secuobs.com : 2010-06-16 15:17:18 - Kioptrix - Offensive Security s How String Is Your Fu hacking event is now open for registration A 48 hour hacking event with all proceeds going for Hacker For Charity It s for a good cause, and if you are not aware of this charity I strongly suggest you visit the above link and check it out It s on 49 USD and http://www.secuobs.com/revue/news/232087.shtmlhttp://www.secuobs.com/revue/news/232087.shtml Secuobs.com : 2010-05-29 05:01:29 - Kioptrix - Well, I wrote this nice little article about taking an exploit and re-writing it as a MSF module Unfortunately, it s really hard to import Word 2010 files to Wordpress So easier for everyone if I just make it into a PDF file and made available for download It s a very basic look at the process Hope http://www.secuobs.com/revue/news/226870.shtmlhttp://www.secuobs.com/revue/news/226870.shtml Secuobs.com : 2010-05-23 14:39:50 - Kioptrix - Well, it s been over a month since I haven t posted anything here Family life, work and studies have taken up most of my time Once my daily chores completed I know longer have the energy to stay in front of the computer Recently I ve been studying the MCTS for Exchange 2007 Taking the exam in http://www.secuobs.com/revue/news/224840.shtmlhttp://www.secuobs.com/revue/news/224840.shtml Secuobs.com : 2010-04-05 20:37:19 - Kioptrix - This past weekend s CTF event hosted at the Sherbrooke University, and organized by the crew of HackUSorg was a complete success in my opinion From the warm and unexpected welcome, right down to the ambiance and food provided This being my first ever participation in this type of event, must say I wasn t disappointed at http://www.secuobs.com/revue/news/208996.shtmlhttp://www.secuobs.com/revue/news/208996.shtml Secuobs.com : 2010-04-02 15:28:39 - Kioptrix - Odds are this topic has been blogged to death already, but sometimes I need to write things down so not to forget them Also, there are times when the command line is the only option Then again, in my opinion, one should start using the command line and then move on to GUI applications Ettercap is http://www.secuobs.com/revue/news/208418.shtmlhttp://www.secuobs.com/revue/news/208418.shtml Secuobs.com : 2010-03-13 16:32:46 - Kioptrix - Well, it s almost time for Sherbrooke University s CTF You can get all the information at the HackUSorg siteEveryone from Kioptrixcom will be participating yes all 2 of us This 3 day event will be my first CTF experience Should be interesting to see how my new-ish skills stack up to more seasoned and experienced computer geeks Although http://www.secuobs.com/revue/news/201369.shtmlhttp://www.secuobs.com/revue/news/201369.shtml Secuobs.com : 2010-03-10 04:39:45 - Kioptrix - It s been sometime since I ve posted something, and I apologize Changed jobs, then the training and getting used to the new people and work environment which is still on going has prevented me from investing time into learning new security related stuff Well today I took the time to try out airdrop-ng The new de-authentication tool developed http://www.secuobs.com/revue/news/200104.shtmlhttp://www.secuobs.com/revue/news/200104.shtml Secuobs.com : 2010-01-31 14:03:51 - Kioptrix - A few days ago, I saw this small video posted by John Strand from PSW about the V option in msfpayload and the EXE2VBS tool As always, his videos are extremely interesting although he does talk pretty fast in this one Pauldotcom Ep 161 So basically this a client side attack, and in my opinion at http://www.secuobs.com/revue/news/187053.shtmlhttp://www.secuobs.com/revue/news/187053.shtml Secuobs.com : 2010-01-31 14:03:51 - Kioptrix - Well, my experience with Offsec 101 or PWB is complete Finished the course material and the lab time I took 60 days total, not knowing what I was exactly getting myself into Also this is not a course where one can just pop in for a few hours here and there Complete concentration for several http://www.secuobs.com/revue/news/187052.shtmlhttp://www.secuobs.com/revue/news/187052.shtml Secuobs.com : 2010-01-31 14:03:51 - Kioptrix - Don t want to sound preachy, but system administrators and network administrators are not always to blame for insecure systems Sometimes often the blame falls on the heads of management Keeping a system up to date, fully patched and properly configured after words will usually keep any system relatively secure until the next exploit comes out http://www.secuobs.com/revue/news/187051.shtmlhttp://www.secuobs.com/revue/news/187051.shtml Secuobs.com : 2010-01-31 14:03:51 - Kioptrix - As reported from Black Security blog not too long ago, Milw0rn s founder passed away from heart complicationsHe leaves a wife and 4 children My thoughts and prayers go out to his wife and children, and the rest of his family I never knew str0ke 1 email doesn t count as knowing someone , but as a fellow human http://www.secuobs.com/revue/news/187050.shtmlhttp://www.secuobs.com/revue/news/187050.shtml Secuobs.com : 2010-01-31 14:03:51 - Kioptrix - Well, the new or replacement milw0rm has gone online As you may, or may not know, the crew of Offensive-Security have taken over Str0ke was very close to closing the site down After the initial announcement, Offsec stepped in and offered to relieve him of some of the administrative duties updates mostly So, is the new http://www.secuobs.com/revue/news/187049.shtmlhttp://www.secuobs.com/revue/news/187049.shtml Secuobs.com : 2010-01-31 14:03:51 - Kioptrix - My blog will have a new permanent home soon A friend and I have setup a small website, and I ll be moving this blog there Going to be fun, I ll be able to post screen-shots and better serve the public with my small IT tutorials and everyday sysadmin rants At the moment the site is not http://www.secuobs.com/revue/news/187048.shtmlhttp://www.secuobs.com/revue/news/187048.shtml Secuobs.com : 2010-01-31 14:03:51 - Kioptrix - Buffer overflows can be a daunting part of exploitation, almost esoteric in nature if you don t have an idea of what s going on in the back ground A little while ago I posted an exercise for Easy Chat Server with a proof of concept If you successfully accomplished the task, you may like this little http://www.secuobs.com/revue/news/187047.shtmlhttp://www.secuobs.com/revue/news/187047.shtml