Archive | August, 2010

Serious Vulnerability In Adobe ColdFusion Application Server

Outsmart Malicious Hackers


We haven’t often reported anything relating to ColdFusion, the application server from Adobe, most likely because it’s not a very prevalent hosting platform. It was quite popular earlier in the decade before PHP became so popular, the choices back then were early versions of ASP, JSP and CFM.

We’ve only posted one tool related to ColdFusion too which was – Wfuzz – A Tool for Bruteforcing/Fuzzing Web Applications.

Adobe seems to have tried to hide this one away and downgrade the severity of the exploit by classifying it as ‘important’ but not ‘critical’. Stating it could only lead to information disclosure via directory traversal. It seems however publicly released exploit code can utilise this vulnerability to take full control of any server running the unpatched version of ColdFusion.

A recently patched vulnerability in Adobe’s ColdFusion application server may be more serious than previously thought following the public release of exploit code and blog posts claiming it can be used to take full control of systems running the software.

In a bulletin published last week, Adobe rated the directory traversal vulnerability “important,” the third-highest classification on its four-tier severity scale. “This directory traversal vulnerability could lead to information disclosure,” the company warned. The flaw affects version 9.0.1 and earlier of ColdFusion for machines running Windows, Mac OS X, and Unix operating systems.

But at least two researchers have said the security bug should have been rated critical because it allows attackers to seize control of servers. What’s more, they said attackers can employ simple web searches to find administrators who have carelessly exposed ColdFusion files that make the attacks much easier to carry out.

“This attack can lead to a full system compromise, so let’s make sure we’re clear,” HP researcher Rafal Los wrote here. “It’s not just that you can poke around the system files of the machine you’ve attacked (which is highly likely a MS Windows server); it’s also the ability to upload scripts that can compromise the system or even poke around the database natively if the security is really that bad.”

From what has been written about the flaw by researchers that have tested it out, it really should have been rated as critical. Plus the fact you can use some old school Google Hacking to find vulnerable servers means this could lead to some widespread mass defacements.

Well perhaps I shouldn’t really say mass defacements as there just aren’t that many servers running ColdFusion, and yes most of which are indeed running on Windows machines and most likely poorly maintained and not particularly secure Windows machines.

The bottom line, if you have any ColdFusion servers in your organization or within your realm of responsibility, get them patched ASAP.

One reason the vulnerability may have been rated critical is that attacks generally work only when ColdFusion administrative components are accessible over the public internet, something that’s not considered a best practice. Los pointed to Google searchers here , here, here and here, which over the weekend generated “a lot of results.”

Around the same time, a hacker who goes by the name Carnal0wnage posted attack code that reliably exploits the vulnerability.

Also over the weekend, hacker and penetration tester Adrian Pastor warned that attackers could exploit the vulnerability to login as a ColdFusion admin without needing to crack the cryptographic hash.

Adobe on Monday issued the following statement:

“The ColdFusion hotfix and security bulletin released on August 10, 2010 address a directory traversal vulnerability (CVE-2010-2861) that could lead to information disclosure (http://www.adobe.com/support/security/bulletins/apsb10-18.html). The vulnerability on its own has been rated as ”important” in accordance with the severity criteria available on the Adobe website at http://www.adobe.com/devnet/security/security_zone/severity_ratings.html. Because it is possible for a vulnerability to be exploited in combination with other factors that may impact the overall severity of an attack, Adobe always recommends users update their product installations in line with security best practices.”

To take complete control however the server admin would have had to ignore the ‘best-practice’ guidelines and allowed public access to administrative components of the ColdFusion server.

If you are interested you can find reliable exploit code here:

Adobe ColdFusion Directory Traversal Vulnerability

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


RSMangler – Keyword Based Wordlist Generator For Bruteforcing

Outsmart Malicious Hackers


RSMangler will take a word list and perform various manipulations on it similar to those done by John the Ripper with a few extras. It goes along well with our previous post on Password Cracking Wordlists and Tools for Brute Forcing.

There are other options too like Wyd – Automated Password Profiling Tool, which is a little more advanced – or The Associative Word List Generator (AWLG).

The main new feature is permutations mode which takes each word in the list and combines it with the others to produce all possible permutations (not combinations, order matters). For example the words freds, fresh, fish will produce the following list:

Each of these new words is then subject to the other mangles, because of this we strongly recommend with permutations mode enabled (default) you use a very small wordlist, 3 start words create a final list containing 4245 words and 5 start words creates a list containing 91975. As a test we tried it with a few hundred words and gave up when the output file got to 3G. If you try to use a file with more than 5 words you will get a warning and the option to abort. Other mangles include adding the numbers 1 to 123 to the start and end, 01 to 09 to the start and end, various case manipulations, leet speak, word reversal, ed and ing on the end and doubling words up.

The initial wordlist can either be specified as a file or can be piped in through STDIN.

Installation

RSMangler is written in Ruby and therefore needs Ruby to be installed and working. The script needs to be made executable and it doesn’t rely on any gems or anything external.

You can download RSMangler here:

rsmangler_1.0.tar.bz2

Or read more here.

Posted in: Hacking Tools, Password Cracking

Topic: Hacking Tools, Password Cracking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Dangerous iPhone iOS JailBreak Exploit Goes Public

Outsmart Malicious Hackers


Apple just released a patch for iOS that fixes the vulnerability that was being used by JailbreakMe website to exploit a weakness in PDF handling to Jailbreak the device.

Shortly after that the developer of the JailbreakMe exploit released the code to the public via GitHub. The code is available in full here:

http://github.com/comex/star

But is not well documented, that won’t stop the more advanced coders using it with malicious intents in mind.

Minutes after Apple issued a security update Wednesday, the maker of a 10-day-old jailbreak exploit released code that others could put to use hijacking iPhones, iPod Touches and iPads.

“Comex,” the developer of JailbreakMe 2.0, posted source code for the hacks that leveraged two vulnerabilities in iOS and allowed iPhone owners to install unauthorized apps. Apple patched the bugs earlier Wednesday.

The exploits that comex used to jailbreak the iOS could be used for other purposes, including delivering malicious payloads to grab control of iPhones, iPads, and iPod Touches. All that would be necessary is for hackers to dupe users into visiting a malicious Web site or persuading them to click on a link in an e-mail or text message. “Impressive. And dangerous,” said Mikko Hypponen , chief research officer at antivirus company F-Secure, on Twitter early today of the exploit code.

It may not be long before comex’s work is turned into a weapon for attacks that gain “root” access, or complete control, of iPhones and iPads.

This could be pretty dangerous, even though Apple has released a patch to address the issue – honestly how many people will apply the patch? And will they do it in a timely fashion? There’s always that window between the release and the majority of devices being secure that leaves things wide open to exploitation.

I’d be on the lookout for some serious malware to come out within the next week or so leveraging this method of exploitation. Could a large scale iPhone worm be the next big thing? I certainly think it’ll be more malicious that the previous rickrolling SSH bug. That was of course also followed up with a malicious iphone worm based on the same weakeness.

Noted Mac vulnerability researcher Dino Dai Zovi, co-author of The Mac Hackers Handbook , chimed in with a warning of his own. “Now that @comex released his jailbreak source, any bets on how long before it is ported to Metasploit?” Dai Zovi tweeted Wednesday.

Metasploit is the open-source penetration testing framework that some use as a hacking toolkit.

Apple did not patch 2007’s first-generation iPhone or iPod Touch yesterday, delivering the update only to the iPhone 3G or later running the iOS 2.0 or later, and to the second-generation iPod Touch or later running iOS 2.1 or later. Lacking patches, those early models may be vulnerable to attack.

Also possibly at risk: Mac OS X. Like iOS, Apple’s desktop operating system includes the FreeType font engine, which may be vulnerable to the same or a similar exploit.

And users who have used comex’s code to jailbreak their iPhones have a decision to make. If they accept Wednesday’s update, they lose the ability to install and run software not approved by Apple. But by ignoring the update, they may be victimized by future attacks based on the public code.

By making the code public comex has introduced a lot of interesting factors, does this exploit work on Mac OSX? Are older iOS devices vulnerable (because Apple has not released a patch for them)? What is going to come from this?

No-one can fault comex for his actions, he was offering a free solution for users to Jailbreak their devices and when Apple had patched the flaw he released the code.

Source: Network World

Posted in: Apple, Exploits/Vulnerabilities, Hacking Tools

Topic: Apple, Exploits/Vulnerabilities, Hacking Tools


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


BitBlaze – Binary Analysis Platform For Computer Security

Outsmart Malicious Hackers


Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. However, binary analysis is challenging due to the lack of higher-level semantics. Many higher level techniques are often inadequate for analyzing even benign binaries, let alone potentially malicious binaries. Thus, we need to develop tools and techniques which work at the binary level, can be used for analyzing COTS software, as well as malicious binaries.

The BitBlaze project aims to design and develop a powerful binary analysis platform and employ the platform in order to (1) analyze and develop novel COTS protection and diagnostic mechanisms and (2) analyze, understand, and develop defenses against malicious code. The BitBlaze project also strives to open new application areas of binary analysis, which provides sound and effective solutions to applications beyond software security and malicious code defense, such as protocol reverse engineering and fingerprint generation.

The BitBlaze project consists of two central research directions: (1) the design and development of the underlying BitBlaze Binary Analysis Platform, and (2) applying the BitBlaze Binary Analysis Platform to real security problems. The two research focii drive each other: as new security problems arise, we develop new analysis techniques. Similarly, we develop new analysis techniques in order to better or more efficiently solve known problems.

The underlying BitBlaze Binary Analysis Platform features a novel fusion of static and dynamic analysis techniques, dynamic symbolic execution, and whole-system emulation and binary instrumentation. The BitBlaze platform has different components for each task: Vine, TEMU, and Rudder. The three components in tandem provide the power for effective analysis of real-world binary programs for various applications.

  • Vine, the static analysis component. Open source release available now. Vine provides an an intermediate language for assembly (ILA), and an infrastructure for analyzing programs written in this language. ILA is a full language in which programs can be written, type-checked, then compiled down to assembly. We also provide analysis on the ILA, such as abstract interpretation, dependency analysis, and logical analysis via interfaces with theorem provers.
  • TEMU, the dynamic analysis component. Open source release available now. TEMU provides a dynamic analysis environment through whole-system emulation and dynamic binary instrumentation. TEMU is OS-aware (i.e., it understands OS-level semantics) and enables various fine-grained dynamic analysis to build upon, such as dynamic taint analysis and fine-grained behavioral analysis.
  • Rudder, the component for online dynamic symbolic execution. Rudder is an engine for online dynamic execution on binaries. At a high level, with a specified set of input sources of interest, Rudder can automatically explore different execution paths in a program determined by the input sources. It will automatically build logical formulas representing the constraints on the chosen input to take the followed paths.

You can download the currently available BitBlaze components here:

Vinevine-1.0.tar.gz
TEMUtemu-1.0.tar.gz

Or read more here.

Posted in: Forensics, Secure Coding

Topic: Forensics, Secure Coding


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Microsoft Fixes SSL Spoofing Renegotiation Bug

Keep on Guard!


Well this flaw was first publicized in November last year, it was successfully used against Twitter in the same month.

IETF completed the SSL vulnerability fix in January this year and now in August – 10 months after the original release of the flaw – Microsoft has stepped up and fixed it.

The fix is labeled as MS10-049 and categorised as a Critical security vulnerability. Interestingly it also notes that it fixes both a publicly exposed vulnerability and a privately reported bug both in the Secure Channel (SChannel) security package in Windows.

Microsoft has updated a broad swath of products to fix a potentially serious spoofing vulnerability in the secure sockets layer (SSL) protocol that secures email, web transactions and other sensitive internet traffic.

The software company on Tuesday released MS10-049 to kill the bug in Windows Server 2008, Windows 7 and 12 other versions of Windows that are still under support. The patch updates a part of the operating system known as SChannel, or Secure Channel, which is responsible for implementing SSL, which is also referred to as TLS, or transport layer security.

The weakness first became public in November, when word leaked out that a vulnerability in the underlying protocol used by hundreds of companies allowed attackers to inject text into encrypted traffic passing between two endpoints. Researchers had been meeting in secret to develop an industry-wide fix before attackers could figure out a way to exploit it.

Microsoft’s update follows the revision in January of RFC 5246, the request-for-comments document that previously mapped out the technical specifications for the protocol. The new controlling blueprint for SSL/TLS communications is RFC 5746. Since then, other packages, including OpenSSL, RedHat Linux and Oracle’s Java, have also been patched.

The vulnerability is pretty widespread as it covers both Windows 7 – their latest OS and 12 other versions of Windows which Microsoft still supports. It’s marked as critical on 5 versions of Windows, which means it allows remote code execution and the rest it’s marked as important as it allows spoofing.

I’m guessing most large corporates running Windows systems will be pushing out this patch ASAP, especially those that rely on SSL for daily business – those in eCommerce would be the likeliest to find this kind of attack a real risk.

“Ten months after public disclosure the majority of the industry has a fix,” said Marsh Ray, a software developer at two-factor authentication service PhoneFactor and one of the researchers who first sounded the alarm. “I think it’s about as good a time as any to declare victory on that project.”

Microsoft rated the severity of the vulnerability as “important,” the second-highest classification on its four-tier scale. The bulletin correctly said the SSL vulnerability could be exploited only in concert with another attack – such as ARP spoofing or DNS cache poisoning – that allowed someone to perform a man-in-the-middle attack.

“It is important to note that this is still potentially a significant issue for certain deployments, and the update should be installed,” Maarten Van Horenbeeck, a program manager in the Microsoft Security Response Center, wrote here. “In particular, the vulnerability may affect other non-HTTP protocols that are less well understood.”

The vulnerability in the older protocol stems from the ability for either party in an SSL transaction to renegotiate the session, usually so one of them can refresh its cryptographic keys or change other parameters. That could allow man-in-the-middle attackers to surreptitiously introduce text at the beginning of an SSL session.

The latest Patch Tuesday from Microsoft has been a bit of a record breaker with 14 security patches for at least 34 separate vulnerabilities.

This closely follows more disclosed bugs in Adobe PDF related products following their latest patches for other critical rated vulnerabilities.

Source: The Register

Posted in: Exploits/Vulnerabilities, Networking Hacking, Windows Hacking

Topic: Exploits/Vulnerabilities, Networking Hacking, Windows Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


OpenFISMA – FISMA Compliance & Risk Management Application

Outsmart Malicious Hackers


The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

OpenFISMA is built on a modern, standardized platform called Zend Framework, which is an open source, object-oriented web application framework with a flexible architecture.

The OpenFISMA project is unique in several ways.

  • Open source – OpenFISMA is the largest open source project for the U.S. federal government. See the open source section for an explanation of the advantages of open source.
  • Highly customizable – OpenFISMA is highly customizable through our web-based administration interface. The branding can be changed. The workflow can be changed. The roles and privileges can be changed. New reports can be added to the system without writing a single line of code.
  • Easy to deploy – OpenFISMA comes with built-in security controls that allow you to easily C&A your OpenFISMA implementation with ease. OpenFISMA also provides configurable security policies so that your implementation will fall in-line with your agency’s specific security policies as well.

Features

  • Track security weaknesses to closure

    OpenFISMA provides a proven business process for tracking the remediation of security weaknesses. This business process enforces quality controls and segregation of duty, pulling together individuals from different areas of the organization to plan, execute, and review all remediation actions.

  • Role-based access control

    Access control is based on roles; each role has fine-grained access to certain privileges on each information system that is being tracked. The roles are completely customizable.

  • Active Directory/OpenLDAP Authentication

    Authentication in OpenFISMA can be handled by any LDAP-compatible service, such as Microsoft Active Directory (AD) or OpenLDAP, in order to provide single sign-on convenience for your agency’s users.

  • Scan Injection

    If you run automated scans as part of your C&A process or as part of a continuous monitoring program, you can upload your scan results in XML format directly into OpenFISMA. OpenFISMA uses the information in scans to create new findings, assess risk exposure, and even update your asset inventory.

    The scan injection provides some smarts, too. OpenFISMA matches new scan results against past scan results. Based on a simple set of rules, it decides whether to supress duplicate findings or to flag multiple, similar findings for human review. This reduces the overhead of redundant findings and can also help your organization identify systemic weaknesses that could be addressed more efficiently at the enterprise level.

  • E-mail Notifications

    OpenFISMA sends notifications directly to users’ inboxes when action is needed from them. This automated notification system relieves security managers of the burden of manually monitoring the workflow. The notification system also reduces turn-around time by alerting users quickly when their action is needed.

  • Rich Text Editing

    Data about findings is entered using a rich text editor that allows for formatting (bold, italics, underline, and outline formats) as well as spell checking.

  • Plug-in Reports

    Reporting is one of the most critical requirements for any process management tool. OpenFISMA provides the ability to “plug in” a report without writing any code. These reports are created by writing SQL and updating a configuration file. OpenFISMA then creates the interface and data export features on-the-fly. The plug-in architecture drastically reduces the cost and time involved in creating custom reports.

  • NIST SP 800-53 Rev. 2

    OpenFISMA contains many of the NIST SP 800-53 security controls required for a FIPS-199 “high” impact information system. This helps you get your OpenFISMA instance authorized to operate quickly. The built-in controls include system use notification, rules of behavior, electronic privacy policy (p3p), and many, many more.

    OpenFISMA also contains a catalog of all NIST SP 800-53 Rev. 2 controls built-in. Findings in OpenFISMA can be matched against these security controls to provide supplemental information for remediation and planning. The catalog includes descriptions of the controls, scoping, and supplemental guidance.

You can download OpenFISMA here:

OpenFISMA (registration required)

Or read more here.

Posted in: Countermeasures, Legal Issues, Security Software

Topic: Countermeasures, Legal Issues, Security Software


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.