VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1406
Analysis: http://www.cylance.com/labs/advisories/02-08-2013-Advisory.shtml
PoC: https://rstforums.com/forum/66198-vmci-sys-ioctl-host-guest-privilege-elevation-cve-2013-1406-a.rst
blabla MS sur workstation: http://technet.microsoft.com/en-us/security/msvr/msvr13-003
http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-Dwivedi-update.pdf
http://www.ee.tamu.edu/~reddy/ee689_06/rega-price.pdf
https://en.wikipedia.org/wiki/ISCSI
http://www.open-iscsi.org/
http://www.linux-iscsi.org/wiki/Main_Page
exemple de config linux http://doc.ubuntu-fr.org/iscsi
iSNS RFC (security) https://tools.ietf.org/html/rfc4171#page-103
Network Appliance iSCSI Authentication Bypass http://www.securiteam.com/windowsntfocus/6P01200EAK.html
related NetApp advisory "iSCSI CHAP LOGIN authentication can be bypassed"
http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=169359 (auth required)
• SecurityFocus, Network Appliance iSCSI Authentication Bypass, http://www.securityfocus.com/archive/1/414558 (same as above)
• Linux-iSCSI Vulnerability, http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0849
https://discussions.nessus.org/servlet/JiveServlet/download/4615-1194/Nessus_Question.doc
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/Tenable_Web_App_Scanning_0.pdf
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/Using%20Nessus%20in%20Web%20Application%20Vulnerability%20Assessments.pdf
https://www.owasp.org/images/4/4f/Web_Application_Vul_Testing_with_Nessus_2012.02.01.pdf
Playgrounds For Your Web App Assessments
• Virtual Machines
– DVL (Damn Vulnerable Linux) • http://www.damnvulnerablelinux.org/
– Moth • http://www.bonsai-sec.com/en/research/moth.php
- metasploitable http://sourceforge.net/projects/metasploitable/ https://community.rapid7.com/docs/DOC-1875
- OWASP BWA https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
- LAMPsecurity http://sourceforge.net/projects/lampsecurity/ - http://www.madirish.net/
• Stand-alone Applications
– Stanford SecuriBench • http://suif.stanford.edu/~livshits/securibench/
– WebGoat • http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
– Mutillidae • http://www.irongeek.com/i.php?page=security/mutillidae-deliberatelyvulnerable-php-owasp-top-10&mode=print
• Remote Sites
– Acunetix: • http://testphp.acunetix.com/ - Vulnhub: https://www.vulnhub.com/ donkeydocker et plein de VM et autres ressources
• Scanning Multiple Apache VirtualHosts With Nessus – http://blog.tenablesecurity.com/2009/05/scanning-multiple-virtual-hosts-withnessus.html
• Tips For Using Nessus In Web Application Testing – http://blog.tenablesecurity.com/2009/04/tips-for-using-nessus-in-web-applicationtesting.html
• Auditing PHP Settings to OWASP Recommendations with Nessus
– http://blog.tenablesecurity.com/2009/03/auditing-php-settings-to-owasprecommendations-with-nessus.html
• Detecting Base64 Encoded Authentication Requests
– http://blog.tenablesecurity.com/2009/03/detecting-base64-encoded-authenticationrequests.html
http://lab.lonerunners.net/blog/virtual-host-and-dns-names-enumeration-techniques et hostmap réécrit en ruby https://github.com/jekil/hostmap
une capture réseau ...
AES
example utilisation pycrypto https://codeghar.wordpress.com/2011/09/01/aes-encryption-with-python/
wrappers openssl: python-m2crypto, ncrypt (https://pypi.python.org/pypi/ncrypt)
implémentations en python: https://github.com/caller9/pythonaes/tree/master/aespython , https://code.google.com/p/slowaes/source/browse/trunk/python/aes.py
fun http://www.formaestudio.com/rijndaelinspector/
pense-bête scapy et python
http://wiki.spiritofhack.net/index.php/Scapy-usage
http://www.tutorialspoint.com/python/python_basic_operators.htm