DEFCON 19: Three Generations of DoS Attacks (with Audience Participation, as Victims)

Sep 23 2013

Disable mod_security with htaccess

If you too have searched online for a way to disable ModSecurity using htaccess you know the pain. Every blog/forum post is either old and not applicable anymore or unintentionally deceiving. So, to save you some time, here is the simplest way to disable ModSecurity using htaccess.

Let’s assume that you have a specific virtual host that you want to exclude from the WAF. What you have to input inside the configuration file is the following directive:

<VirtualHost *:8080>
    SecRuleEngine Off

Restart your web server and you are good to go.

Update - July 2014: ModSecurity now has “restricted” htaccess support:

Sep 14 2013

Honeypot Workshop @ BruCON 2013

It’s that time of the year again, when security enthusiasts gather to Belgium to participate in one of the most successful security conferences in Europe: BruCON 2013.

This year, and after some fellow honeypot enthusiasts suggested to me that I should, I submitted an application to present a honeypots workshop. And I have some good news for you, since it got accepted!

So… heads up for every honeypot enthusiast or curious researcher coming to BruCON 2013: I will be presenting the “Analyzing Internet Attacks with Honeypots” workshop.

The workshop lasts 4 hours and it will take place on Thursday, 26 September, during two consecutive 2-hour slots: 2.00pm-4.00pm and 4.30pm-6.30pm. The workshop’s location is at La Trappe.

Here is the workshop’s description:

In the field of computer security, honeypots are systems aimed at deceiving malicious users or software that launch attacks against the servers and network infrastructure of various organizations. They can be deployed as protection mechanisms for an organization’s real systems, or as research units to study and analyze the methods employed by human hackers or malware. In this workshop we will outline the operation of a two research honeypots, by manual deployment and testing in real time. A honeypot system will undertake the role of a web trap for attackers who target the SSH service in order to gain illegal server access. Another one will undertake the role of a malware collector, usually deployed by malware analysts and anti-virus companies to gather and securely store malicious binary samples. We will also talk about post-capturing activities and further analysis techniques. Furthermore, two visualization tools will be presented for the aforementioned systems, plus a honeypot bundle Linux distribution that contains pre-configured versions of the above tools and much more related utilities, which can make the deployment of honeypots in small or large networks an easy task.

Participants are encouraged to bring a laptop with VirtualBox installed!

See this year’s BruCON full schedule here:

Sep 02 2013

Kippo-Graph 0.8 released - BruCON edition

Dear honeypot enthusiasts, this is yet another release of Kippo-Graph, reaching version 0.8.

In this version, I have converted the functional code into object-oriented, in an effort to slowly move towards a complete rewrite of Kippo-Graph using an MVC framework or something similar, (hopefully) in the near future. Also, four additional IP reputation services were added in Kippo-Geo and some CSS fixes took care of various annoying bugs mostly concerning the tables in Kippo-Input.

As a side note, this is deemed as the “BruCON edition” of Kippo-Graph. For those of you that haven’t heard the news, I will be presenting an introductory workshop on honeypots at BruCON 2013 in Belgium near the end of this month. A post on this subject will be published today or tomorrow. So, I thought it would be a good reason to update Kippo-Graph as well :)

You can download the new version from here: kippo-graph-0.8, or clone/pull from Kippo-Graph’s git repository hosted on GitHub:

Please take a look at the new config.php file as you will most likely need to make some adjustments.

As always, here are the checksums for the tar file:

MD5 Checksum: 494AE481E49E7493712FD89B6D748CBF
SHA-1 Checksum: 56ED56B73B26CF099CDC392DE2A0A3F829C2B064


Version 0.8:
+ Changed code to OOP style.
+ Added FortiGuard, AlientVault, WatchGuard and McAfee IP scanning services (Kippo-Geo).
+ Various CSS-related fixes for tables and cross-browser compatibility.

For comments, suggestions, fixes, please use the Kippo-Graph page:


Ian Amit - SexyDefense: the red team tore you a new one. Now what?

Aug 06 2013

How to resize an EC2 root partition

Apparently, MongoDB needs at least ~3GB of free space to initialize and start. This required resizing the root partition of a couple of Amazon EC2 instances. Fortunately, this is an easy procedure! Here are the steps followed:

1. Go to the Instances management interface and stop the instance in question. Take note of the availability zone it currently resides in, as you will need that information later.

2. Go to the Volumes management interface, find the one being used by the instance (see the “attached to” column, it will have the instance’s name) and select the Take Snapshot option.

3. Go to the Snapshots management interface and find the newly created snapshot. Choose it and select the Create Volume option. Then, you must enter the new (increased) size and select the same availability zone as the EC2 instance (from step 1).

4. Go to the Volumes management interface, find the OLD volume, choose it and select the Detach Volume from instance option. Then, find the NEW volume, choose it and select the Attach Volume to instance option. Here you select the instance you want to have the increased partition and CHANGE THE DEVICE MOUNT POINT TO: “/dev/sda1″ (no quotes).

5. After the new volume is attached, you go back to the Instances management interface and start the EC2 instance again. Wait for it to come back online and connect to it through SSH.

6. Login as root (sudo, etc) and run the “df -h” (no quotes) command to get a list of the mounted partitions. Here you will see the new one, more likely mounted at “/dev/xvda1″. Notice that the system doesn’t report the correct (increased) size yet. To fix that you will have to extend the partition in order for it to cover the rest of the free space of the volume. To do so, simply run the command: “resize2fs /dev/xvda1″ (no quotes).

All done!



Page 9 of 29« First...7891011...20...Last »