Rooted Your {0x2E} Com

Have you ever had to perform a C&A for a system that uses RHEL? Well Redhat has made available a webpage to easily search for CVE's without any additional effort:

https://access.redhat.com/security/cve

Byoungyoung Lee provides a PoC with additional information based on the interpretation of this bug by the Microsoft Security Research Center (MSRC)

MS12-013: Vulnerability in C Run-Time Library could allow remote code execution

For those of you that like use Nessus for vulnerability management:

Nessus 5.0 Released!

The new version of Nessus incorporates the following key features and updates:

You would think being in there for almost 10 years they might have made changes to make the network better for their access.

Nortel Networks Hackers Had Access to Everything For Years

I noticed the following story today:

Offensive security research community helping bad guys

Starting with this quote from Adobe Security Chief Brad Arkin:
"We are involved in a cat-and-mouse game on [the software] engineering side. Every time we come up with something new and build new defenses, it creates incentive for the bad guy to look beyond that."

In the course of presenting any form of analysis or research, the details of how you come to your conclusions must be indisputable. The scrutiny faced by your peers should be enough to validate your claims as being reasonable before presenting them in any forum.

But this is not always the case in the lives of professionals, as notoriety can blind the path of virtue. How many of us would trade an honest position, to present an idea that is based on falsehoods, or is an evasion of the truth, to make more money, or gain the spotlight?

Here enters, global warming.

After much waiting and anticipating, we are excited to announce that we will be releasing a client for those that wish to participate in the TIP project.

The initial release will have the option to obfuscate the IP addresses and potentially the payload, though we don't think that this really is in the spirit of things and does not afford the world the intelligence that could be derived were this data not obfuscated.

Having said all of this in a variety of grammatically incorrect ways, please keep posted for the download and additional details to follow.

For your viewing pleasure: http://snorby.rootedyour.com

l: guest
p: guest

enhanced

A new and updated version of pulledpork is out, this version adds functionality and also addresses a number of previously reported bugs, a few simple examples:

- Improved and cleaned up code for efficiency and speed
- Do not overwrite local.rules on run
- Do not attempt to copy . and .. as rules files
- Much more...

To combat the recent influx of "where is the Snort SID documentation" on the Snort mailing lists, I have created the following URL that you can use to update your BASE or whatever it is that you are using to view your Snort events.

Simply use the following url in your reference config:
http://rootedyour.com/snortsid?sid=xxxxx (where xxxx is the SID number itself)
i.e. http://rootedyour.com/snortsid?sid=234

Thank you for your time,
please drive fast and take chances

E