David Kierznowski

dkza

David Kierznowski is a senior security consultant based in the UK (South East). He has a great passion for both defensive security architecture and offensive penetration testing techniques. more

Content Injection: Hack the Hacker

Traditional IDS/IPS systems occur at the network level, usually plugged into a spanning port on a switch. I love this concept and think it should be part of any defense in depth strategy. The two primary weaknesses in these devices are, (1) they cannot process encrypted streams and (2) they can often be circumvented with a little creativity. In this post I want to discuss using Client-Side IDS (C-IDS) for more advanced attack detection. [...]

more | comments | comments rss | posted by

Reviewing Practical PHP Exploitation Techniques

The OWASP London Chapter last night (03/Apr/08) was excellent. Thanks to everyone involved for a top night!

For those who didn’t attend, Rodrigo Marcos discussed his research on hacking PHP sockets for fun and profit. I found the concept very interesting. He discussed hacking PHP sockets; however, the techniques he discusses could be used as an application reverse proxy, although, scalability and stability could be a problem. [...]

more | comments | comments rss | posted by

Automated Web Foo or Fud!

Jeremiah is the most outspoken that I have seen regarding the effectives of automated web application tools. His recent post, Are web application scanners ***ing useless?, almost sounds frustrated. While developing the initial version of the Technika Security Framework, I have really had a chance to think about this, which I haven’t done since an OWASP presentation I attended 2-3 years ago, anyone have the link for this? [...]

more | comments | comments rss | posted by

Introducing Technika Security Framework

Technika is a Firefox plugin that myself and pdp was toying with some months back. The original idea behind this project was to provide independent self-contained security tools based on JavaScript which can be loaded and executed from the browser. TS Framework v1.0 is almost ready for release.

The advantages here over traditional security tools is that we utilize the existing browser functionality instead of re-inventing the wheel. [...]

more | comments | comments rss | posted by

Full Disclosure?

As the GNUCITIZEN group grows, the team continue to find vulnerabilities in software products and applications, and there has been no real set policy around our members disclosure of these vulnerabilities. I think most of us have leaned towards the full-disclosure route. Occasionally, the vulnerability has been fairly critical and we have felt that releasing it early would be irresponsible, especially if the vendor had provided us with an acceptable timescale of when a fix would be available. [...]

more | comments | comments rss | posted by

Security Tool Controversy

Last year I discussed some of the hacking and security laws in the UK on michaeldaw.org; pdp also discussed this on GNUCITIZEN a few months back. Governments are looking at clamping down on security tool development and distribution to mitigate hacking risks. It looks like Germany are now following:

The main question in my mind when trying to remain objective about this, is whether IT security can be classified within the same category as Locksmiths. [...]

more | comments | comments rss | posted by

Ad-Jacking – XSSing for Fun and Profit

How to XSS is often the topic of conversation among security professionals; however, the reason or motivation for why an attacker might want to exploit an XSS vulnerability is often limited to stealing cookies or hijacking credentials. This post takes an almost sensationalist point of you as we take you on a journey to a possible web 2.0 XSS worm armed with an Ad-Jacking payload; an attack I introduced a short time ago. [...]

more | comments | comments rss | posted by

XSS Worms and Mitigation Controls

NTPolicy is some of ntp’s ideas around mitigating XSS worm potential. He reflected these ideas as a response to our post, "The Generic XSS Worm" where we reached out to the community to brainstorm ideas to solve the XSS crisis. I have summaried his thoughts below in a bullet-list with my comments beneath.

For clarity, we obviously mean implementing this a layer above the current same-origin-policy or else XSS or future attacks may be used to circumvent these controls. [...]

more | comments | comments rss | posted by

The Generic XSS Worm

When we think of computer worms, we generally think about operating-system based worms such as the famous Code Red, which replicated itself 250,000 times in approximately nine hours on July 19, 2001. Its replication was made possible by a vulnerability within MS Windows platform. Firewalls and defense in depth help mitigate the spread of worms by providing layers of protection between public and private networks; however, a new age worm is upon us, the XSS Worm aka the Web 2.0 worm. [...]

more | comments | comments rss | posted by