Showing posts with the label Tools

Attacking The Network's Security Core - Hunting For Vulnerabilities In A Network Security Tool

A network can only be as secure as the tools used to secure it Overview This is Part 1 in a 4 part series about my process hunting for vulnerabilities in a network auditing tool (used to protect networks by detecting and fixing security holes) and fully exploiting one of the vulnerabilities I found. I recommend reading the series in ascending numeric order. Links to parts 2, 3, and 4 at the end of this post. Target 🎯 I decided to look for (and successfully found) vulnerabilities in network security tool, as a vulnerability in such a tool could allow attackers to hide themselves in an otherwise secure network, or even be exploited for lateral movement. One such network security tool that came to mind is Nipper-ng , a firewall security auditing tool and firewall configuration parser. In addition to being a security product itself, Nipper-ng is used behind the scenes in other security products such as ManageEngine's OpManager and Firewall Analyzer . The tool is also inclu

Vulnerability Research Tools

In this post I compiled all the popular vulnerability research tools. In each category I first listed the tool(s) I personally use, and then followed with alternatives. I do not encourage pirating but all of the payed programs can be found on pirate websites. Disassemblers and Reverse Engineering Tools Disassemblers decode machine instructions in binary into their readable assembly representation. The following programs have evolved beyond simple disassembly to become full platforms for reverse engineering with features such as custom symbol naming, graphically viewing code flow, and listing references in the assembly to functions and data. The more advanced tools also support decompilation which is the process of converting the assembly into higher level code such as C or C++. IDA Pro Costs around $2000 for a license with multiple decompilers (free trial available)  A limited feature freeware version is available here . Supports decompiling ~170 community sourced plug