Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label null. Show all posts
User Safety
Active Directory cyber attack Data Privacy malware null User Safety

Evil Colon Attacks: A Quick Guide

 

The high-tech era has made the emergence of new cyber attacks more common than social media trends. One such case of a rapidly evolving threat is the Evil-Colon attack, which shares similarities with Poison-NULL-byte attacks. Despite the fact that poison-NULL-Byte attacks are now non-functioning, it has been suggested that they could have led to new versions of hacking and malware on your systems in case of inappropriate handling. 

In one of his articles, Leon Juranic, a security researcher at Mend, detailed his encounter with the Evil-colon attack. He mentioned that during auditing a source code he discovered a case where an Evil-Colon could be used to evade the path sanitization process. By using novel strategies, the threat actors were able to exploit the vulnerabilities in applications running on Windows operating systems. The analysis concluded that as Evil-Colon is a specific issue in windows-based services, it is more likely to affect any Windows servers. 

When applications or servers use path-based operations, such as using user input when forming the file path, the information stored in that file can be modified by external code flows, which can cause severe security issues like arbitrary data injection, etc. Leon illustrated the working of Evil-Colon with the example of the Java application WriterFile.jsp source code. 

He stated that the working of Evil-Colon includes creating a file in the directory whereas, with sanitization, the new files will append .txt. After passing a colon character at the end of the user’s input, the file gets created as an Altered Data Stream with an arbitrary file extension. 

Later the file is again created in the directory, but as a colon character was added at the end of the filename and it stripped off the rest of the filename string into Alternate Data Stream, the file is recreated with the .jsp extension. 

He furthermore described how the possibility of altering the files that are created earlier in the applicating workflow can lead to serious security threats. When malicious actors can edit the existing files later in code, it will also allow them to modify the .jsp file content into anything they want. On further searching of the modified file in-depth, you will find a string named EVIL-CONTENT. 

Leon concluded his example by warning that, in real-world scenarios, JSP webshell scripts can allow threat actors to remotely execute codes on vulnerable servers or applications. 

To protect your files and data from the Evil-Colon attacks, it is important to remove colon characters from any possible path operations. The elimination of colon characters can be done by using filters, string check operations, etc.
Read more »
null
null

First Anniversary of Null Chennai Chapter


Hello EHN Readers, This month, Null Chennai Chapter completes one year.  So let us celebrate this month meeting.  We need maximum attended to celebrate it.


Null Chennai Monthly Meet is Scheduled on 25th August 2012.

Notice : Venue Changed


Topics :
1) NullCon HackIM – How we didn’t win By Ajith & Dev
2) Brup Suite By Sukesh Reddy
3) News Bytes – Punit Gupta

Date : 22nd September,2012
Time : 3.00pm to 5.00 pm

Venue :
ThoughtWorks Technologies (India) Pvt Ltd.
Ascendas International Tech Park
Zenith – 9th Floor
Tharamani Road
Tharamani
Chennai – 600 113, India
For any issues regarding Venue or Meet Contact :niteshbetala [ at ] gmail [ dot] com or Call @ 9941576747

Don't miss the fun..!
Read more »
null
Hackers Conference null

14th July 2012 null Bangalore Monthly Meetup

null meetup on Saturday 14th July 2012 starting at 09:30 AM. No registrations, no fees, just come with
an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly
talks and the Training on Reverse Engineering. The Reverse Engineering
training will start at 12:30 PM by the SecurityXploded/Garage4Hackers
team.

The schedule for this months meet is as outlined below:

  • 09:30 - 10:10: Hands on Web Application Security: Mutillidae -
  • Vulnerable Web App - Satish
  • 10:10 - 10:25: Introductions
  • 10:25 - 11:05: Burpsuite for Beginners - Saran
  • 11:05 - 11:20: Networking
  • 11:20 - 12:00: Basics of IDS/IPS - Pravin
  • 12:00 - 12:20: Feedback & Topic discussion for next monthly meet
  • 12:20 - 12:30: Break
  • 12:30 - 01:50: Advanced Malware Analysis - Monnappa

VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.
Map Location: http://g.co/maps/dahhv
Parking is available in the building. See you there.
Read more »
null
Hackers Meeting null

16th June 2012 null Bangalore Monthly meetup

Hi All,

We will have this month's null/OWASP/Garage4hackers/SecurityXploded
Bangalore meetup on Saturday 16th June 2012 starting at 10:00 AM. No
registrations, no fees, just come with an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly
talks and the Training on Reverse Engineering. The Reverse Engineering
training will start at 12:45 PM by the SecurityXploded/
Garage4Hackers team.

Also, as discussed in the last month's meet, we will have a basic 30
minute primer on SQL Injection by Satish at 9:30 AM, before the main
talks begin at 10:00 AM. All those who would be interested to learn,
understand the basics of SQL Injection and to watch some cool demos
are requested to be present at 9:30 AM.

TALKS
1. News Bytes - Sumeer
2. JavaScript Obfuscation - Prasanna
3. SSL VPNs - Rajesh

12:45 PM onwards:
4. Practical Reversing: Part3 - Memory Forensics - Monnappa


VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.

Map Location: http://g.co/maps/dahhv

Parking is available in the building. See you there.
Read more »
null
Hackers Meeting null

Null Chennai Chapter monthly meet on 19th May ,2012

Hey Guys ,

We have scheduled our null+g4h Chennai Chapter Monthly Meet on 19th May,2012.

Topics:
1) Exploits - Ahmed
2) IronWASP - Lava Kumar
3) News Byte & Symbolic Linking - Santhosh Kumar


Date :
19th May,2012 (Saturday).

Time :
4:00 - 7:00 p.m

Venue:
OrangeScape,
No.305, D-Block, North Wing,
Tidel Park, Dr.Rajiv Gandhi Salai,
Taramani, Chennai- 600113
044 3068 6500

For any issues regarding Venue or Meet Contact :niteshbetala [ at ] gmail [ dot] com or Call @ 9941576747
Read more »
null
Hackers Meeting null

Null Mumbai Chapter meet on 26th April,2012

Null, Open Security Team scheduled mumbai chapter on 26th April,2012.

The agenda for the meet would be as follows:

1) Rootkit Internals by Omkar Pardeshi

-Types of malware - Introduction to types of malwares. Basics of virus worm and Trojans.

-Tools used to analyze malwares

-Introduction to Rootkit - Where Rootkit stands in current scenario.

-Working of Rootkit-Details of how Rootkit work.

-Protection against Rootkit-Ways of protection available for Rootkit Attack

-Effectiveness of current Av software-How Av software can prevent attack of Rootkits

Omkar has about 1.4 years of experience working as a Malware Analyst and Driver Developer. He also maintains the following security blogs:

http://hackerslabrotary.blogspot.com

http://indiancybercell.blogspot.com

http://vxanalyst.blogspot.com

2) Leveraging OSINT in Penetration Testing by Ashish Mistry

As a Penetration Tester or Security Auditor it is necessary to identify as much attack surface as possible. We can obtain this result by leveraging publicly exposed information.OSINT helps a penetration tester identify larger attack surfaces. We shall also look into ways to fix this.We shall see demonstrations information gathering which an attacker may use against real world targets.

Ashish is an individual information security researcher and trainer. He is the founder and owner of www.Hcon.in infosec resources and tools portal and author of HconSTF - a open source penetration testing framework

Max. session duration:

45 mins.

Venue:

M/s Institute of Information Security,

201, Ecospace Building, Off Old Nagardas Road,

Mogra-Pada,

Near Andheri Subway/Station,

Andheri (East)

(Google Map Link: http://g.co/maps/e4jzr)

Time:

6:30 PM onwards

Contact No:
+91-9819643034 (Wasim Halani)



Read more »
null
Hackers Conference null

Null Bangalore Meet Scheduled on 21st April 2012


Hi All,

We will have this month's null/OWASP/Garage4hackers/SecurityXploded Bangalore meetup on Saturday 21st April 2012 starting at 10.00 AM. No registrations, no fees, just come with an open mind :)

The Bangalore meet, as usual, is divided into 2 parts, the monthly talks and Training on Reverse Engineering. The Reverse Engineering training will start at 12:45 PM by the SecurityXploded/ Garage4Hackers team. The RE training for this month is completely hands-on and everyone is required to get their laptops fully charged for the exercises.

Also, we have a guest speaker from the US, Mr. Arshad Noor, who is also a speaker at the ongoing OWASP AppSec AsiaPac 2012, Sydney - Australia, who will be talking about RC3 - Regulatory Compliant Cloud Computing.

TALKS
1. Believe it or not SSL Attacks - Akash Mahajan
2. News Bytes - Satyendra
3. RC3 - Regulatory Compliant Cloud Computing - Arshad Noor

4. Practical Reversing & Unpacking Part 1 - Harsimran & Nagershwar


VENUE DETAILS
Kieon, 3rd Floor, 302 Prestige Sigma,
3 Vittal Mallya Road,
Bangalore 560001
Opposite Bishop Cottons Girls School, Above Emirates Airlines office.

Map Location: http://g.co/maps/dahhv

Parking is available in the building.

NB: As discussed in the last month's meet, we will have a basic 30 minute primer on Cross Site Request Forgery by Satish at 9:30 AM, before the main talks begin at 10:00 AM. All those who would be interested to learn, understand the basics of CSRF and to watch some cool demos are requested to be present at 9:30 AM.

Regards,
karniv0re
Read more »
null
Hackers Meeting null

Null Pune meet scheduled on 21st April 2012



Null Team scheduled the next Pune monthly meet on 21st April,2012. As usual ,there is no registration .

Here is the Agenda for the meet :

  •  Explaining DDoS: by Rohit Verma
  •  Recovering PDF Encryption Key: by Akib Sayyed

Venue :
Room No. 704, 7th Floor,
Atur Center, SICSR,
Gokhale Cross Road, Model Colony,
Pune.


Timings :
1700 Hrs to 1900 Hrs

For any more queries or if anyone is interested in giving a talk drop us a mail at
ppush_at_null_dot_co_dot_in /// corrupt_at_null_dot_co_dot_in /// void_at_null_dot_co_dot_in

regards
push - Moderator, null Pune Chapter
Read more »
Subscribe to: Posts (Atom)