Filtered by Topic: Vulnerability Analysis

Comments on BIS Wassenaar Proposed Rule
Allen Householder - 07/22/15
Art Manion and I recently submitted comments to the Department of Commerce Bureau of Industry and Security on their proposed rule regarding Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items. While our detailed comments are lengthy, we summarize...
Like Nailing Jelly to the Wall: Difficulties in Defining
Allen Householder - 07/07/15
During the Watergate hearings, Senator Howard Baker asked John Dean a now-famous question: "My primary thesis is still: What did the president know, and when did he know it?" If you understand why that question was important, you have some...
The Risks of SSL Inspection
Will Dormann - 03/13/15
Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications with my trusty CERT Tapioca VM at hand, I've come to realize a...
What's Different About Vulnerability Analysis and Discovery in Emerging Networked Systems?
Allen Householder - 01/06/15
Hi folks, Allen Householder here. In my previous post, I introduced our recent work in surveying vulnerability discovery for emerging networked systems (ENS). In this post, I continue with our findings from this effort and look at the differences between...
Vulnerability Coordination and Concurrency Modeling
Allen Householder - 12/15/14
Hi, it's Allen. In addition to building fuzzers to find vulnerabilities (and thinking about adding some concurrency features to BFF in the process), I've been doing some work in the area of cybersecurity information sharing and the ways it can...
Vulnerability Discovery for Emerging Networked Systems
Allen Householder - 11/20/14
Hi folks, Allen Householder here. I want to introduce some recent work we're undertaking to look at vulnerability discovery for emerging networked systems (including cyberphysical systems like home automation, networked cars, industrial control systems and the like). In this post...
Differences Between ASLR on Windows and Linux
Will Dormann - 02/10/14
Will Dormann explains how ASLR works on Linux and how it differs from ASLR on Windows.
Feeling Insecure? Blame Your Parent!
Will Dormann - 02/03/14
Will Dormann describes how parent properties can cause security problems for a child process.
Hacking the CERT FOE
Will Dormann - 11/26/13
Will Dormann describes a modification to FOE code to make it work better with another application and encourages others to modify the code themselves.
Prioritizing Malware Analysis
Jose Morales - 11/14/13
Jose Morales describes research to prioritize malware samples in an analyst's queue based on the file's execution behavior.
Analyzing Routing Tables
Timur Snoke - 10/24/13
Timur Snoke describes maps he developed that use Border Gateway Protocol routing tables to show the evolution of public-facing autonomous system numbers.
BFF 2.7 on OS X Mavericks
Will Dormann - 10/23/13
Will Dormann describes how to get BFF 2.7 to run on OS X Mavericks.
Vulnerabilities and Attack Vectors
Will Dormann - 10/01/13
Will Dormann provides examples that illustrate why vulnerability analysts use attack vectors when they're examining software bugs and vulnerabilities.
Attaching the Rocket to the Chainsaw - Behind the Scenes of BFF and FOE's Crash Recycler
Allen Householder - 09/30/13
Allen Householder discusses the crash recycling feature of the recently released fuzzing tools BFF v2.7 and FOE v2.1.
Signed Java Applet Security Improvements
Will Dormann - 09/24/13
Will Dormann points out potential pitfalls when using Java 7u25 features designed to prevent a Java applet from being repurposed.
One Weird Trick for Finding More Crashes
Will Dormann - 09/23/13
Will Dormann announces updates to CERT fuzzing tools, FOE and BFF, and describes the changes in the new versions.
Practical Math for Your Security Operations - Part 2 of 3
Vijay Sarvepalli - 09/13/13
Vijay Sarvepalli describes how to use statistical modeling using standard deviation to analyze your network security data.
Domains That Are Typos of Other Domains
Jonathan Spring - 08/15/13
Jonathan Spring discusses the usage of domains that are typos of other domains.
Mining Ubuntu for Interesting Fuzz Targets
Jonathan Foote - 08/15/13
We explain how to use information from databases in stock Ubuntu systems to gather parameters for performing corpus distillation and fuzzing.
Tempering the Vulnerability Hype Cycle with CVSS
Todd Lewellen - 08/08/13
Todd Lewellen explains how CVSS can help develop a more accurate understanding of a vulnerability's severity.
Practical Math for Your Security Operations - Part 1 of 3
Vijay Sarvepalli - 08/06/13
Vijay Sarvepalli explores some practical uses of math in your Security Operations Center.
Forensics Software and Oracle Outside In
Will Dormann - 07/08/13
Will Dormann discusses the risks, and their mitigations, of using forensics software to process untrusted data.
The Risks of Microsoft Exchange Features that Use Oracle Outside In
Will Dormann - 06/04/13
Will Dormann describes the risks of using Microsoft Exchange features that use Oracle Outside In and what you can do about it.
Keep Calm and Deploy EMET
Jared Allar - 05/08/13
Jared Allar provides information about an effective approach to blocking exploits of CVE-2013-1347.
Don't Sign that Applet!
Will Dormann - 04/30/13
Will Dormann describes how Oracle's new guidance for Java applets may cause more harm than good.
Watching Domains That Change DNS Servers Frequently
Timur Snoke - 03/11/13
Leigh Metcalf describes the results of our three-month study of domains that change their name servers frequently.
Java in Web Browser: Disable Now!
Art Manion - 01/10/13
In light of a recent Java vulnerability, Will Dormann and Art Manion discuss why you should disable Java.
Forking and Joining Python Coroutines to Collect Coverage Data
Jonathan Foote - 12/05/12
Jonathan Foote explains how to expand Beazley's cobroadcast pattern by adding a join capability.
A Look Inside CERT Fuzzing Tools
Allen Householder - 11/05/12
Allen Householder introduces recent reports that describe some heuristics and algorithms implemented in CERT fuzzing tools.
Updates to CERT Fuzzing Tools (BFF 2.6 & FOE 2.0.1)
Allen Householder - 10/25/12
Allen Householder announces the release of updates of CERT fuzzing tools: BFF version 2.6 and FOE version 2.0.1.
Java 7 Attack Vectors, Oh My!
Art Manion - 09/05/12
Art Manion discusses how and why to disable Java support in web browsers.
Java Security Manager Bypass Vulnerability
Art Manion - 08/29/12
Art Manion discusses the need to disable the Java 7 plug-in for web browsers to avoid phishing and drive-by browsing attacks.
CERT Failure Observation Engine 2.0 Released
Allen Householder - 07/23/12
FOE 2.0 applies what we learned from creating BFF version 2.5 for Linux and OS X to improve our fuzzing capabilities on Windows.
Vulnerability Data Archive
Art Manion - 07/11/12
Art Manion discusses the 2012 publication of most of the non-sensitive vulnerability information from our vulnerability reports database.
AMD Video Drivers Prevent the Use of the Most Secure Setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)
Will Dormann - 06/06/12
Will Dormann discusses EMET, an effective way of preventing vulnerabilities from being exploited.
CERT Basic Fuzzing Framework 2.5 Released
Allen Householder - 04/30/12
Allen Householder describes features available in BFF 2.5.
CERT Linux Triage Tools 1.0 Released
Jonathan Foote - 04/25/12
Jonathan Foote describes a GNU Debugger extension that classifies Linux applications by severity.
CERT Failure Observation Engine 1.0 Released
David Warren - 04/23/12
David Warren describes features available in FOE 1.0.
Vulnerability Severity Using CVSS
Art Manion - 04/12/12
Art Manion announces that CVSS metrics are now available in US-CERT Vulnerability Notes.
CNAME flux
Jonathan Spring - 01/05/12
Jonathan Spring and Leigh Metcalf discuss their work in DNS and an unconventional use of CNAME records.
Signed Java and Cisco AnyConnect
Will Dormann - 06/09/11
Will Dormann discusses how Cisco addressed the vulnerabilities in its AnyConnect ActiveX and Java clients.
Effectiveness of Microsoft Office File Validation
Will Dormann - 05/19/11
Will Dormann tests the effectiveness of Office File Validation in protecting against attacks using malformed files.
A Security Comparison: Microsoft Office vs. Oracle Openoffice
Will Dormann - 04/13/11
Will Dormann discusses the results of a test that compares the fuzzing resiliency of Office and Oracle OpenOffice.
Announcing the CERT Basic Fuzzing Framework 2.0
Allen Householder - 02/28/11
Allen Householder announces the release of BFF 2.0 and describes improvements and new features.
Markus De Shon - 02/14/11
Matthew Heckathorn publishes a report that discusses network monitoring and identifying and preventing attacks at the network level.
Blog Reorganization
Chad Dougherty - 02/11/11
The Vulnerability Analysis blog is renamed CERT/CC and includes content from other technical teams at CERT.
CERT Basic Fuzzing Framework Update
Will Dormann - 09/22/10
Will Dormann describes new functionality and performances improvements available in BFF 1.1.
Study of Malicious Domain Names: TLD Distribution
Chad Dougherty - 08/31/10
Aaron Shelmire describes research into the characteristics of malicious network touchpoints.
CERT Basic Fuzzing Framework
Will Dormann - 05/26/10
Will Dormann discusses how to use BFF to discover vulnerabilities through mutational dumb fuzzing.
Top-10 Top Level and Second Level Domains Found in Malicious Software
Chad Dougherty - 03/05/10
Ed Stoner and Aaron Shelmire discuss statistics published on botnet Command & Control channels.
Plain Text Email in Outlook Express
Will Dormann - 11/13/09
Will Dormann recommends avoiding configuring Outlook Express and similar products to read all messages in plain text.
Managing IPv6 - Part 2
Ryan Giobbi - 10/06/09
Ryan Giobbi describes ways that administrators can secure their networks and test securing and disabling IPv6.
Managing IPv6 - Part 1
Ryan Giobbi - 08/19/09
Ryan Giobbi discusses how to securely configure the IPv6 protocol on selected operating systems.
Internet Explorer Kill-Bits
Will Dormann - 07/31/09
Will Dormann discusses killbit, a MS Windows registry value that prevents an ActiveX control from being used by Internet Explorer.
Mitigating Slowloris
Ryan Giobbi - 07/01/09
Ryan Giobbi discusses Slowloris, a denial-of-service tool that targets web servers.
Vulnerabilities and Attack Surface
Will Dormann - 06/25/09
Will Dormann discusses vulnerabilities in Adobe Reader and Foxit Reader PDF-viewing applications.
Release of Dranzer ActiveX Fuzzing Tool
Will Dormann - 04/16/09
Will Dormann announces the release of Dranzer, a CERT tool developed to test ActiveX controls.
Bypassing Firewalls with IPv6 Tunnels
Ryan Giobbi - 04/02/09
Ryan Giobbi discusses how functional IPv6 tunneling protocols can be used to bypass IPv4-only firewalls and ACLs.
Conficker.C:  How Many Are There?
Sidney Faber - 03/31/09
Sid Faber discusses the Conficker worm and provides updated statistics on the Conficker.C variant.
Windows Installer Application Resiliency
Will Dormann - 03/13/09
Will Dormann discusses how the application resilience feature of Windows Installer can undo steps taken to mitigate a vulnerability.
Internet Explorer Vulnerability Attack Vectors
Will Dormann - 02/19/09
Will Dormann discusses attacks on Internet Explorer 7 vulnerability and less-obvious security impacts of the techniques used.
Reference Implementations for Securing Your Web Browser Guidelines
Will Dormann - 01/09/09
Will Dormann describes reference implementations of the "Securing Your Web Browser" guidelines for IE and Firefox.
Recommendations to Vendors for Communicating Product Security Information
Chad Dougherty - 11/20/08
Chad Dougherty offers advice to vendors about communicating product security issues.
Filtering ICMPv6 Using Host-Based Firewalls
Ryan Giobbi - 11/07/08
Ryan Giobbi provides recommendations for filtering ICMPv6 types using Linux ip6tables and Microsoft Vista's advfirewall.
Reported Vulnerability in CERT Secure Coding Standards Website
Will Dormann - 10/29/08
Will Dormann debunks a previously reported vulnerability in the CERT Secure Coding Standards website.
Ping Sweeping in IPv6
Ryan Giobbi - 09/12/08
Ryan Giobbi discusses how ping sweeping on the local network is easier in IPv6 than in IPv4.
Carpet Bombing and Directory Poisoning
Will Dormann - 09/04/08
Will Dorman discusses how carpet bombing affects all web browsers, not just Google Chrome.
Safely Using Package Managers
Ryan Giobbi - 07/10/08
Ryan Giobbi discusses safety practices when using package managers to automate the process of installing and removing software packages.
ActiveX Vulnerability Discovery at the CERT/CC
Will Dormann - 07/03/08
Will Dormann describes how his team often discovers vulnerabilities while they test ActiveX controls.
Signed Java Applet Security: Worse than ActiveX?
Will Dormann - 06/03/08
Will Dormann discusses the security implications of using Java applets.
Is Your Adobe Flash Player Updated?
Will Dormann - 05/29/08
Will Dormann discusses the importance of ensuring that you are using the latest version of Flash Player.
Who Has My Cookies?
Ryan Giobbi - 05/15/08
Ryan Giobbi discusses how technology can be exploited to expand the impact of a cross-site scripting attack.
The Dangers of Windows AutoRun
Will Dormann - 04/24/08
Will Dormann discusses how malicious code was being executed in infected digital picture frames and investigated the Microsoft AutoRun and AutoPlay features.
Vulnerability Analysis at the CERT/CC
Art Manion - 04/17/08
Art Manion discusses his team's intentions and goals to use the CERT/CC blog to help reduce software vulnerabilities.