W32.Coozie: Discovering Oracle CVE-2018-3253

October 17, 2018 | By:

NOTE: On October 17th, 2018 Oracle released a patch for this vulnerability as several others: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html There are times when finding a 0day in a major-branded product like Oracle takes months of research, and there are times when it just jumps off the screen and you think to yourself, ‘There’s no possible way that is…

DerbyCon 8.0 EVOLUTION TrustedSec Talks

October 08, 2018 | By:

TrustedSec 2018 Speaker Line-Up Watch the recordings of all our consultants’ talks here: Oddvar Moe Carlos Perez Jason Lang David Boyd Adam Compton Founder and CEO David Kennedy also moderated the Keynote and was on the Opening and Closing Ceremony panels here: Keynote Ceremonies   A proud Platinum sponsor of DerbyCon. Thank you for another amazing…

NIST Guidance for Small Business Forthcoming

September 27, 2018 | By:

The National Institute for Standards and Technology, usually referred to as NIST, has many valuable resources, including resources for computer security. The NIST Cybersecurity Framework (NIST CSF) and the NIST 800 series are familiar to most people in the information security industry. The NIST standards are commonly used not only by organizations that are bound…

How Can I Become A Pentester?

September 21, 2018 | By:

After I tell someone that I am a pentester or that I work in InfoSec, the most common question I get asked is if I can help them fix their computer. The second most common question I get is, “How can I become a pentester?” My answer is usually fairly concise and to the point,…

Linux: How’s My Memory

September 18, 2018 | By:

Windows in-memory injection is commonplace in current toolsets, there are quite a few methods to do it, and most of them are documented pretty well. Linux in-memory injection is essentially the same, however, not seen in toolsets quite as much. That is why, for this post, I am going to cover four different open-source methods…

Full Disclosure: Microsoft Lync for Mac 2011 susceptible to forced browsing / download attack

September 13, 2018 | By:

What is it? An attacker can force a user who is logged in with Microsoft Lync for Mac 2011 (< v14.4.3) to browse to a URL of their choice via a specially crafted instant message. This vulnerability exists due to poor input sanitation in the processing of message content submitted via PowerShell and the Lync…

Dumping Embedded Java Classes

September 06, 2018 | By:

A few months ago, I came across a piece of Java malware. This was a nice change of pace for me, since most of what I see is written in C/C++. The malware was heavily obfuscated using a common tool, Allatori v5.3. After working my way manually through decoding, I came to a point where…

Making the InfoSec Rounds

August 30, 2018 | By:

Special thanks to mumblingsages for giving me the idea for this blog. Let’s face it, we in the information security industry like conferences and talks. I’d wager it’s not because we like to hear ourselves speak, but because it’s a great way to set aside a short amount of time and learn something new. I find…

Tech Support Scams Are A Concern For All

August 20, 2018 | By:

Like many of you, I am the IT support for family and friends. As such, I get lots of calls concerning slow browsers, printers that won’t work, and questions that take me a few seconds to Google the answer to. However, in the last few weeks, I’ve gotten a few calls with a similar story….

Don’t Delay, Migrate Today (Away from SSL/Early TLS)

August 08, 2018 | By:

For those tempted to delay migration away from Secure Sockets Layer (SSL)/early Transport Layer Security (TLS)—don’t wait! This includes all versions of SSL and version 1.0 of TLS (TLS v1.1 and newer are fine). For Payment Card Industry Data Security Standard (PCI-DSS) compliance, you can’t simply migrate sometime before your next PCI audit. Rather, you…