Events: Submitted by Wade on 06-Nov-07 at 09:42am
Josh Abraham has added BeEF to BackTrack3. He has also created a tutorial with some of the basic functionality.
Inter-protocol Exploitation and Communication papers
Security: Submitted by Wade on 19-Apr-07 at 02:04pm
Two papers are now available that demonstrate inter-protocol security issues - Inter-protocol Communication and Inter-protocol Exploitation. Among other things they show the practicality of encapsulating exploit code in one protocol to compromise a program which uses a different protocol.
An example is provided that shows how a web browser can launch a MetaSploit type exploit to own an Asterisk server. Of course, this raises concerns over the (in)effectiveness of firewalls against this attack.
Events: Submitted by Wade on 19-Mar-07 at 10:16am
The new version of BeEF has been released. BeEF 0.3.1.6 has new modules employing cutting edge exploitation techiques. It is the first framework/tool that can perform Inter-Protocol Communication and Inter-Protocol Exploitation. It can reach behind hardened firewalls and IDSs to launch ported exploits at arbitrary servers.
Advanced Cross-site Scipting Virus Paper
Security: Submitted by Wade on 30-Jan-07 at 11:34am
This paper explores the real potential of the web being infected with a cross-site scripting virus that autonomously searches for, and employs, new vulnerabilities for propagation.