goorecon.rb small problems

While doing a research I utilized goorecon.rb in BackTrack 4. Unfortunately I encountered several problems while using it to enumerate email address.

Let’s produce the problem again here. I want to enumerate all of the email addresses of domain using goorecon.rb :

./goorecon.rb -e

Can you see where the problems are ?

Continue reading

OSSIM : Lessons Learned from Tuning Snort IDS

Recently I’ve been busy with tuning Snort IDS (Intrusion Detection System) included with OSSIM. Compare to the installation process, the tuning process is much more involved and time-consuming.

You may wonder why should you do the tuning for you IDS ? Because if you don’t tune the IDS to suit your network environment (servers, network devices, security devices) you will get a lot of events. And I really mean A LOT OF. I received more than 100,000 events each day during the days before I did the tunnng.  It’s a sure thing that if you received this number of events, you will not analyze them, you may not even read them anymore. The good thing is they are all false-positive, so you can ignore them. And of course you don’t want to store those false-positive events to disk. After the tuning process, I received less than ten events per day. :D

Continue reading

Suricata RC1 Has Been Released

Suricata RC1 has been released. The latest version include the following new features :

  • Support for the http_headers keyword was added
  • libhtp was updated to version 0.2.3
  • Privilege dropping using libcap-ng is now supported
  • Proper support for “pass” rules was added
  • Inline mode for Windows was added

I have also updated the openSUSE RPM specfile for the latest Suricata release.

OWASP Top 10 2010

OWASP just released the latest Top 10 Web Application Security Risks for 2010. And here is the list :

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards