Software Vulnerabilities and Business Risk

August 24, 2021September 13, 2021 spen440

For developers working with systems exposed to the internet, it’s difficult to avoid the influence that information security has on day to day work. Perhaps a recent penetration test by a third party has highlighted vulnerabilities that need addressing, or maybe the system has already suffered a security breach. There might be a requirement to demonstrate that the system is compliant with a particular security standard. Its also possible that the development team belongs to an enlightened organisation that understands why their software products need to be secure, and have measures in place within their development process to prevent and detect security vulnerabilities.

Conversely, if a system is designed to sit in apparent safety behind a firewall, or on a separate internal network segment, or has no direct access to sensitive data, it’s not straightforward from a developer’s point of view to see how – or why – a system might be attacked.

Cloud Hosted Honeypots: Harvesting Attack Packet Captures

August 23, 2017December 3, 2019 spen440

Introduction

Packet and protocol analysis are skills which fall squarely into the “use it or lose it” category, and can easily atrophy through lack of practice. As Stephen Northcutt – President of the SANS Technology Institute – says in the foreword to Brian Caswell, Jay Beale and Andrew Baker’s book Snort Intrusion Detection and Prevention Toolkit: “…understanding the network traffic entering, leaving and within your network…” is one of the “…basic skills a professional must have to avoid being impotent as a security practitioner“.

There are plenty of publicly available sources of sample packet captures on the internet, but Read more “Cloud Hosted Honeypots: Harvesting Attack Packet Captures”

Snort IDS Custom Dynamic Preprocessor, Part 1

August 8, 2017December 3, 2019 spen440

Introduction

This post describes process of building a custom dynamic preprocessor plugin for the Snort Network Intrusion Detection / Prevention System (IDS / IPS).

Snort is rules-based IDS. Although Snort rules have a simple structure, the number and variety of options within the Snort rule syntax allows reasonably complex analysis of packets under inspection to be performed. This is fine for situations where the symptoms of the threat being defended against can be Read more “Snort IDS Custom Dynamic Preprocessor, Part 1”

Throwing Star LAN Tap

August 2, 2017December 3, 2019 spen440

Just recently I decided to add a passive LAN tap to my toolkit, partly because I needed a quick, easy and non-intrusive way of being able to monitor network traffic, and partly to justify buying a new soldering iron.

Windows SEH Buffer Overflow Exploit

June 22, 2017August 24, 2021 spen440

Introduction

This post describes the process of developing an exploit for a stack-based buffer overflow vulnerability within a Windows application, with the aim of gaining remote access to the underlying host. The exploit will employ a technique which abuses the native Windows Structured Exception Handling (SEH) mechanism to gain control over process execution.

Spencer Drayton

Information Security, Software Engineering

Software Vulnerabilities and Business Risk

Cloud Hosted Honeypots: Harvesting Attack Packet Captures

Introduction

Snort IDS Custom Dynamic Preprocessor, Part 1

Introduction

Throwing Star LAN Tap

Windows SEH Buffer Overflow Exploit

Introduction