sábado, 27 de enero de 2024

OWASP ZAP RELEASES V2.8.0 WITH THE HEADS UP DISPLAY

OWASP ZAP RELEASES V2.8.0 WITH THE HEADS UP DISPLAY
Heads Up Display simplifies and improves vulnerability testing for developers

London, England, 20 June 2019. OWASP™ ZAP (Open Web Application Security Project™  Zed Attack Proxy) has released a new version of its leading ZAP Project which now includes an innovative Heads Up Display (HUD) bringing security information and functionality right into the browser. Now software developers can interactively test the reliability and security of their applications in real time while controlling a wide variety of features designed to test the quality of their software.

ZAP is a free, easy to use integrated penetration testing tool. With the addition of the Heads Up Display, ZAP can be used by security professionals and developers of all skill levels to quickly and more easily find security vulnerabilities in their applications. Given the unique and integrated design of the Heads Up Display, developers and functional testers who might be new to security testing will find ZAP an indispensable tool to build secure software.

The latest version of ZAP can be downloaded from https://www.owasp.org/index.php/ZAP  The full release notes are available at https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_8_0.

In addition to being the most popular free and open source security tools available, ZAP is also one of the most active with hundreds of volunteers around the globe continually improving and enhancing its features. ZAP provides automated scanners as well as a set of tools that allows new users and security professionals to manually identify security vulnerabilities. ZAP has also been translated into over 25 languages including French, Italian, Dutch, Turkish and Chinese. 

Simon Bennetts, OWASP ZAP Project Leader commented: "This is a really important release for the project team and developers who want to build great and secure applications. The HUD is a completely new interface for ZAP and one that is unique in the industry. It shows that open source projects continue to create high-quality, new and exciting tools that deliver real value to the market - and at no cost to users." 

"ZAP is the Foundation's most popular software tool," said Mike McCamon interim executive director of the OWASP Foundation. McCamon continued, "For nearly two decades OWASP continues to be a great destination for innovators to host, develop, and release software that will secure the web. Simon and the entire ZAP community deserves great recognition for their continued devotion to open source excellence."

For further information please contact:
Simon Bennetts, OWASP ZAP Project Leader: simon.bennetts@owasp.org  or Mike McCamon, Interim Executive Director, mike.mccamon@owasp.comRelated news
Publicado por en No hay comentarios:

C++ Std::Condition_Variable Null Pointer Derreference


This story is about a bug generated by g++ and clang compilers (at least)
The condition_variables is a feature on the standard library of c++ (libstdc++), when its compiled statically a weird asm code is generated.


Any example on the link below will crash if its compiled statically:
 https://en.cppreference.com/w/cpp/thread/condition_variable



In this case the condition_variable.wait() crashed, but this happens with other methods, a simple way to trigger it:




If this program is compiled dynamically the crash doesn't occur:

Looking the dissasembly there is a surprise created by the compiler:


Compilers:
    g++  9.2.1+20200130-2
    clang++ v9

Both compilers are generating the "call 0x00"

If we check this call in a dynamic compiled:




The implementation of condition_variable in github:
https://github.com/gcc-mirror/gcc/blob/b7c9bd36eaacac42631b882dc67a6f0db94de21c/libstdc%2B%2B-v3/include/std/condition_variable


The compilers can't copile well this code in static,  and same happens on  other condition_variable methods.
I would say the _lock is being assembled improperly in static, is not exacly a null pointer derreference but the effects are the same, executing code at address 0x00 which on linux is a crash on most of cases.

Related news
  1. Hack Tools
  2. Hacker Tools List
  3. Blackhat Hacker Tools
  4. Hack Tools For Ubuntu
  5. Pentest Recon Tools
  6. Beginner Hacker Tools
  7. Hak5 Tools
  8. Hacker Tools List
  9. Hacking Tools Download
  10. Hacks And Tools
  11. Hacker Techniques Tools And Incident Handling
  12. Hacker Tools
  13. Github Hacking Tools
  14. Pentest Tools Free
  15. Hacker Tools For Windows
  16. Hacker Tools For Ios
  17. Pentest Tools Kali Linux
  18. Best Pentesting Tools 2018
  19. Nsa Hacker Tools
  20. Tools 4 Hack
  21. Free Pentest Tools For Windows
  22. Pentest Tools For Mac
  23. Pentest Tools
  24. Hack Tools Online
  25. Hacking Tools Windows
  26. Hack Tool Apk No Root
  27. Pentest Tools Free
  28. Pentest Tools Github
  29. Hack Tools
  30. Pentest Tools For Mac
  31. Pentest Tools Alternative
  32. Pentest Tools For Mac
  33. How To Install Pentest Tools In Ubuntu
  34. Hacker Tools
  35. Hacker Tools Apk Download
  36. Hack Tools For Games
  37. Hack Apps
  38. Hack Tools 2019
  39. Pentest Tools For Android
  40. Best Hacking Tools 2019
  41. Hacking Tools Name
  42. Hack Tools For Pc
  43. How To Make Hacking Tools
  44. Pentest Tools For Windows
  45. Hack Tools Download
  46. Hacking Tools Hardware
  47. Hacking Apps
  48. Kik Hack Tools
  49. Hacking Tools For Windows 7
  50. Hacker Tools 2020
  51. Hak5 Tools
  52. Pentest Automation Tools
  53. New Hack Tools
  54. Best Hacking Tools 2020
  55. Hacker Tools Mac
  56. Pentest Tools List
  57. Pentest Tools Website Vulnerability
  58. Hacker Tools Free
  59. New Hacker Tools
  60. Hacking Tools For Windows Free Download
  61. Hack Tools Download
  62. Hacker Tools List
  63. Hack Apps
  64. Hacking Tools Download
  65. Pentest Tools Bluekeep
  66. Hacker Tools Windows
  67. Tools For Hacker
  68. Hack Tools For Ubuntu
  69. Hack Tools Mac
  70. Pentest Tools
  71. Hacking Tools Hardware
  72. Hacker Tools Apk
  73. Hacking Tools Windows
  74. Hack Tools 2019
  75. Hacker
  76. Hacker Techniques Tools And Incident Handling
  77. Hack Tools For Windows
  78. Game Hacking
  79. Hack Tools Mac
  80. Hack Tools 2019
  81. Hacker Tools For Pc
  82. Game Hacking
  83. Install Pentest Tools Ubuntu
  84. Tools For Hacker
  85. Pentest Tools Review
  86. Pentest Tools Website
  87. Pentest Tools Bluekeep
  88. Hack Tools Download
  89. Best Hacking Tools 2020
  90. Hack Tools For Windows
  91. Termux Hacking Tools 2019
  92. Hacker Tools Software
  93. World No 1 Hacker Software
  94. Hacking Tools Name
  95. Hacker Tools For Mac
  96. Hacker Tools 2020
  97. Hacker Tools Apk
  98. Hack Tools 2019
  99. How To Hack
  100. How To Install Pentest Tools In Ubuntu
Publicado por en No hay comentarios:

viernes, 26 de enero de 2024

Linux Command Line Hackery Series - Part 5



Welcome back to the Linux Command Line Hackery series, this is Part-V of the series. Today we are going to learn how to monitor and control processes on our Linux box, so wrap your sleeves up and let's get started.

 Command:    ps
Syntax:           ps [options]
Description:  ps displays information about the currently running processes. Some of the common flags of ps are described briefly below
Flags: 
  -A or -e -> select all processes
  -a -> select all processes except both session leaders and processes not associated with a terminal.
  T -> select all processes associated with current terminal
  -u <username or id> -> select all processes of a given user or userlist

 Open up a terminal and type ps:

 ps

 what you'll see is a list of processes currently running in your terminal. One important thing to notice in the output is what's called as PID which stands for process ID. It is the number that uniquely identifies a process. Just keep that PID concept in mind we'll use it soon.

 OK I know that's not really what you want to see rather you want to see all the processes that are currently running on your box. Don't worry we have flags to rescue, in order to see all the processes you can use the -e flag like this:

 ps -e

 Boom! you get a long list of processes currently running on your machine (don't stare at me like that, you asked and I gave you that). If you want to see processes of a particular user you can type the following command in your terminal:

 ps -u bob

 here "bob" is a username. This command will list all processes of the user with effective user name of bob.

 You can do a full-format listing of the processes using the -f flag like this:

 ps -fu bob

 But the output of the ps command is a snapshot not really a live preview of what is going on in your box. I know your next question is going to be something like this, Isn't there a command in Linux that gives me a live updating information of the processes? Yes, there is a command called top that we'll learn about next.

 Command:    top
Syntax:           top [options]
Description:  top gives a dynamic real-time view of a running system. That is, it gives the up-to-date information about all the processes running on your Linux box (sounds fun!). Besides giving information about current processes and threads top also provides a brief system summary.

 To start top just type this command:

 top

 and you'll get a nice and cute looking ugly display :). Well what the heck is going on here you might ask, right? What you get is information about what is going on with your computer. To see what more can you do with top just type <h> within the program window and you'll be given list of options that you can play with.

 OK looking at what processes are going on in your box is cool but what if you want to terminate (or close) a process, is there a command line utility for that? Yes, there is and that's what we are going to look at next.

 Command:   kill
Syntax:          kill [options] <pid> [...]
Description:  kill is used to send a signal to process which by default is a TERM signal meaning kill by default sends a signal of termination to process (Cruel guy). To list the available signals we can use the -l or -L flag of the kill command.
To simply terminate a process we provide kill command a PID (process ID) and it will send the TERM signal to the process. So to kill a process first we'll list the running processes and then we'll keep the PID of the process in mind that we want to terminate. After that we'll issue the kill command with the PID that we just found.

 ps -ax
kill 1153

 the above command will send a TERM signal to the process whose PID is 1153, as simple as that.

 We can also use our already learned skills to refine the output of ps command. Say we have a xterm terminal running on our box and we want to terminate it. By using ps command all alone we'll get a long listing of all processes running on our box. But we can limit the output of ps command to just those processes that we're interested in by piping ps command with the grep command like this:

 ps -ax | grep xterm

 wow! that's amazing, we're able to pull out only those results from the ps command that contained xterm in them. Isn't that a cool trick? But what is that vertical bar ( ) doing in the middle, you may be thinking, right? Remember we learned about the input and output re-directors previously, the vertical bar (pipe in geeky terms) is another re-director whose task is to redirect the output of one command as input to another command. Here the pipe redirects the output of ps -ax command as input to grep command and of-course from the previous article you know that grep is used to search for a PATTERN in the given input. That means the above command searches for the xterm word in the output of ps -ax command and then displays just those lines of ps -ax command which contain xterm. Now get that PID and kill that process.

 That's it for today, try these commands up on your own box and remember practice is gonna make you master the Linux command line. :)

Read more
Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)