Skip navigation

NATO to extend Article 5 protection to include cyber attacks

NATO’s Article 5 has traditionally been a provision that allows for any member state to invoke a collective military response to any land, air or sea military attack against their nation.  Effectively, an attack on one is an attack on all, and this rule played a large role in keeping the peace during the Cold War, with the USSR having its own version within the Warsaw Pact.

In June of this year, NATO stated that cyber attacks are now included under Article 5, allowing for a cyber attack on any member state to receive a collective kinetic military response. Hillary Clinton has made similar statements on the campaign trail, indicating that cyber attacks should be treated like any other attack.

What remains to be seen are any sort of solid guidelines for determining what qualifies as an attack and what qualifies simply as traditional espionage.  The differentiation between Computer Network Attack (CNA) and Computer Network Exploitation (CNE) are used within the US Government, but many aspects of each overlap.

The rules are in-place, but a precedent must be set before any type of true deterrence can come into play.

Shellcode Database

http://shell-storm.org/shellcode/ is a large library of ready-made shellcode for different situations.

PHP Backdoors Collection

Need some nice webshells?  Your target is using PHP?  Try out this collection of PHP Backdoors!

How Not to do Responsible Disclosure

A security researcher in Florida has been arrested after exposing SQLi vulnerabilities in an election-related webapp, but apparently, he didn’t have any sort of permission to do so.

 

OOPS!

The Panama Papers Database Now Downloadable

https://cloudfront-files-1.publicintegrity.org/offshoreleaks/csv.zip

Check it out, folks.

FBI can’t decide if Ransomware should be paid off or not

Last October, the FBI Special Agent in charge of Cyber and Counterintelligence stated that the FBI typically advises people to “pay the ransom“, but now the FBI is advising people to NOT pay the ransom.

 

Which is it, lads?

ASUS Memory Management Exploit Dropped

http://rol.im/asux/

 

Introduction to Cross-Site Scripting

Google offers an application security education page about XSS.  If you’re new to it, or just want to get more in-depth and determine how to mitigate it, give it a read.

https://www.google.com/about/appsecurity/learning/xss/

BSides Charlotte CTF

BSides Charlotte was a great time and the people were fantastic. The CTF was awesome, because we (Mother Russia) won and had a blast with the Network King of the Hill-style competition.

Mother Russia of Great Victorious

Great #1 Victory

Technical Details

So, I feel a little bit ashamed, but I spent the first hour and a half thinking that I was in netsec hell and was hitting a firewall or something, because NMAP was running extremely slowly (57 minutes for a /24), but it turned out that I was scanning an entirely wrong network.

After getting some good targets, I saw a lot of port 80.  Most only had to default Apache pages, but one had a Drupal instance installed.  The scoring mechanism required for teams to deface the front page of the web servers with <team>TeamName</team> tags, so this looked promising.  My teammate pointed out that a Metasploit module existed for that version of Drupal (Drupalgeddon).  In our case, it created an admin user and popped a meterpreter session with low privilege.

After logging in to the Drupal instance, it became clear that there was a lot of competition for the front page, but we used a secret weapon to swing the competition in our favor.  Many teams were outright banning and blocking the other teams’ admin users, which I found to be a silly idea, because they would just create a new user and it would be a game of whack-a-mole.  Instead of blocking or banning users, I simply removed their admin privileges, posted our flag and babysat the users page to remove new users’ permissions.  After a while, even the facilitator of the CTF was asking how we were blocking access and assumed that we had rooted the box and were using IP Tables.  Because it allowed for users to still browse all of the pages, many assumed that it was simply a network glitch when their posts didn’t work. As a result, they didn’t create new users and moved on the other targets, giving us a WIDE lead.  The network was a target-rich environment, with quite a few open ports, but MS08-067 actually saved the day on quite a few of them.  There were many boxes, but the Drupal incident was really my highlight of it all.

It was a fun CTF and a wonderful conference, so I want to give greetz to @th3mojo@c0ncealed, and everyone who helped run @BsidesCLT.

XSS-as-a-Service?

XSS Hunter looks like a promising project.  By allowing for users to own a custom subdomain dedicated to hosting XSS callbacks, it offers a clean, user-friendly interface for probing pages with XSS.  It allows for easy fingerprinting of targets and organizes all of the information, to help keep track of which pages are vulnerable and what types of info they yield.  I’m very excited to see where this goes.

https://xsshunter.com/features