Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Samurai WTF 0.8

Published: 2010-03-08
Last Updated: 2010-03-09 16:33:21 UTC
by Raul Siles (Version: 2)
3 comment(s)

A new version of the Samurai WTF (Web Testing Framework) distribution, version 0.8,  has been released this weekend. As a member of the main development team, I'm proud to see that Samurai WTF is becoming the preferred environment for web application security testing.

This new version includes multiple new features, apart from being the first Live DVD version (1.7GB), versus previous Live CD versions (<700MB in size), plus:
- The Samurai WTF Firefox add-ons collection: https://addons.mozilla.org/en-US/firefox/collection/samurai.
- An extensive layout clean-up.
- New SVN capabilities to update the most actively developed web testing tools.
- Metasploit (what allows its integration with other tools, like sqlmap or sqlninja).
- The addition of two well known vulnerable web apps for training and testing purposes, DVWA and Mutillidae.
- Plus new tools and tools updates (see the Changelog within the Live DVD).

Definitely, I recommend you to try it and get the most of this open-source project when evaluating the security of your web applications and sites.

You can gather more details about the Samurai WTF from its main web page, http://samurai.inguardians.com, an OWASP presentation I did on December (available at http://www.radajo.com/2009/12/assessing-and-exploiting-web.html), and download the new version from Sourceforge: http://sourceforge.net/projects/samurai/.

Please, if you are a common user or want to try it, share your comments and improvements through the project mailing list (http://sourceforge.net/mail/?group_id=235785).

UPDATE: In order to get an overview of the list of tools available on Samurai WTF, check the RaDaJo presentation referred above, and the distro changelog file.

BTW, I will be teaching the SANS SEC542 class, "Web App Penetration Testing and Ethical Hacking" on Dubai, April 17-22, 2010.
--
Raul Siles (www.raulsiles.com)
Taddong is comming soon...


3 comment(s)

SEO poisoning on TV show

Published: 2010-03-08
Last Updated: 2010-03-08 17:08:18 UTC
by Raul Siles (Version: 2)
1 comment(s)

An ISC reader, thanks Paul, notified us about a new SEO (Search Engine Optimization) poisoning attack doing the rounds in the last 6-8 hours. We have talked about this kind of attacks in the past, although they were mainly focused on other hot technological topics, major tragedies, or events. This time, the topic to get on top of the search engines result page is a TV reality show. Specifically, there is a TV show premiere in the US tonight called "Billy the Exterminator". The "wiki billy the exterminator" search term in Google (USE WITH CAUTION: http://www.google.com/search?q=wiki+billy+the+exterminator) shows the poisoning attack.

The compromised sites present the following URL format: /FILE.php?PARAM=billy%20the%20exterminator%20wiki, where FILE is most commonly a three letter file name, and PARAM is an input parameter (one or multiple characters). The affected sites are using a drive by attack, providing victims a fake AV warning message that drives them to download a piece of malware: "Warning! Your computer is vulnerable to malware attacks. We recommend you to check your system immediately. Press OK to start the process now.".

If you manage, or know someone that manages any of the affected sites, we would like to get details about the compromise in order to confirm the vulnerability exploited to get into . Please, send details through our contact page.(PHP related)

UPDATE: A reader, thanks Jack, pointed us to a new SEO poisoning report from Sophos regarding last night's Oscar film awards: http://www.sophos.com/pressoffice/news/articles/2010/03/hackers-exploit-oscars.html.

--
Raul Siles (www.raulsiles.com)
Taddong is comming soon...

Keywords: SEO
1 comment(s)
Microsoft announced two important bulletins (fixing multiple vulns. affecting Windows and Office) for tomorrow: http://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx
Diary Archives