Stratis IT-security blog abstract

Abstract of selected entries

• Domain Hijack and Control Protocol. DHCP is widely used in various network environments. Its design and the steps of the configuration protocol lack any kind of security considerations therefore DHCP can be a serious attack vector against not only hosts in the attacker's subnet but the network infrastructure itself. The post summarizes attacks against DHCP as well as security considerations and actions that can be taken in order to prevent DHCP abuse.
  
• iPhone forensics. The study summarizes the steps and methods to be performed in order to evaluate user activtiy history concerning an iPhone device. Topics of the study include hardware components, operating system, disk partitions of the device as well as places in the file system based on which user activity timeline can be constructed: sent and received SMS messages, call history, extensive browing history etc. can be used during the forensic analysis.
• Typical vulnerabilites of web applications (I-XI). Having performed several web application penetration tests for our clients, we found that there are certain fields of web application development, which are often problematic in a security point of view. In this series of multiple entries, we summarize the most common mistakes in configuration, design and implementation of complex, multi-layered web applications. The series covers the following topics:
  

1. Session handling
2. Authentication
   
3. Error and exception handling, error message engineering
4. Client-based input validation controls
5. SQL injection
6. Cross-site Scripting et al.
7. HTTP header injection
8. Vulnerabilites in the application logic
9. Server-side input validation controls
10. Compiled applications
11. Vulnerabilites in the "file upload" function implementation

• Forensic methods and tools(I-V). Many (network/penetration) security experts are surprisingly uninformed regarding forensic issues. In this series of multiple entries, we cover several topics of forensic examinations and show tools used during forensic examinations.

1. The Root of All Evil - Forensic analysis of the Windows Registry
2. Forensic analysis of USB data storage devices
3. Methods for data hiding in Windows and NTFS
   
4. Big Brother is Watching - Traces of user activity in Windows
5. Time stamps and file signatures

• Network Access Control solutions - more problems than solutions? This entry is about an assignment in which we have tested the Network Access Control solution deployed at the client's office building. Notably, the applied policy was so strict and the IPS system was so aggressive that the defense actions could be turned against the network itself, resulting serious risks of Denial of Service attacks carried out by the deployed firewall system.
  
• VLAN security. VLANs are widely used in extent networks and their main purpose is logical network segmentation. However, we have found that there are issues regarding VLAN implementation that can easily undermine the separation of different segments. In the entry, we summarize certain key points of misconfiguration and design flaws that can be often used to compromise the security and integrity of network traffic.
• DNS cache poisoning resulting in DoS. We had an assignment in which the client's main web application cluster was under a heavy DoS attack. As part of the incident response team, we have found that the reason of the attack was the DNS poisoning of a medium-sized Hungarian ISP. According to their main DNS server, the address of google.com was the same IP as of the client's main web server. Presumably, the main reason behind the bogus HTTP requests was a "bailiwicked" attack carried out against the ISP's DNS server. In the post, we describe the methods that were performed in order to mitigate the attack.
• WPA cracking. This entry summarizes the methods that can be used against WPA/WPA2 networks - the topic of wireless security has been again in the centre of interest since cowpatty4.5, which can crack the PSK key based on the first two message of the 802.1x 4-way handshake mechanism.
• Hacking printers. When talking about corporate IT security, network printers are often missing from the equation, and in network penetration frameworks and methodologies, not much effort is devoted to their vulnerability assessment. The entry summarizes tools and methods that can be used to gain information from HP/Xerox printers and gives a quick overview of the attacker's opportunities, having already pwned a printer.