[ Beneath the Waves ]
 

This is the personal website of Ben Lincoln.

Yield-Focused Vulnerability Score

I've been building an experimental vulnerability scoring system designed to give more accurate results (especially for penetration testing) than other existing systems (e.g. CVSS). You can read about it in the Yield-Focused Vulnerability Score (YFVS) article. The live YFVS 0.4 score calculator includes some fancy radial bar graphs that I'm pretty pleased with. You can read more about those in the Nightingale Charts article.

I am definitely looking for feedback on the scoring system — it is most certainly a work-in-progress.

 
Wax seal, etc.

I went to Metrix on Capitol Hill in Seattle on Thursday, 2014-10-02, and had a wax seal made out of my personal symbol using a computer-controlled laser. You can see some photos and whatnot in the What Does This Symbol Mean? article. Metrix is a great place, and their rates are outstanding. I thought it would cost $50-$100 to have that seal made, but it was actually more like $15-$20.

 
Unofficial ShellShock logo/symbol

Like several other people, I'd read over the last few days a number of comments about how the fantastic ShellShock vulnerability disclosed this past week wasn't quite as cool as Heartbleed because it didn't have a custom logo, and decided to do my part to help remedy the situation. Consider it my tribute to Stephane Chazelas' work.

License: Creative Commons Attribution-ShareAlike CC BY-SA

A few of the other unofficial logos/symbols I've seen:

 
A British accent for your Android phone

A few weeks ago I discovered how to Give Your Android Phone A British Accent — and that it's possible to compel it to speak arbitrary text. I think you'll agree that the results are pretty great.

 
Thermal imaging

Another update I've had on my list for awhile — I obtained a FLIR E4 thermal imager in early 2014 and used the modification developed by Mike Harrison and company to bump it up to 320x240 resolution. I've added several sets of Thermal Imaging Examples, and the Thermal versus Near Infrared article has been updated.

 
SonicCare® lock picks and Christmas pudding

I've finally gotten around to posting a couple of experiments from the last two years: SonicCare® Lock Picks (an experimental tool), and a recipe for a vegetarian (or vegan), gluten-free version of British-style Christmas Pudding.

 
On The Outside, Reaching In - version 0.3

Version 0.3 of On The Outside, Reaching In has been released. The main new feature is the inclusion of a pair of "generic" modules which can be used to exploit basic XXE vulnerabilities without having to wait for someone to write a full module. For example, if you can obtain content from a target system using the Burp Suite Repeater component, you can copy/paste your request into a template file, make a few modifications, and then be able to use On The Outside, Reaching In's features such as walking the filesystem (for Java-based targets), or doing blind reads of numerous files from a list. A detailed tutorial is available: OTORI - Example 7: Generic XXE Modules.

 
A few updates

An article I had to cut from the last update due to time constaints has been finished: OTORI - Exploring the Linux Filesystem is about using On The Outside, Reaching In to obtain a variety of useful information from Linux hosts thanks to the pseudo-files in /proc and the special content in a few other locations. This article is the main reason for version 0.2.1 of On The Outside, Reaching In, which includes some lists specifically designed to scrape content from /proc on Linux target systems — see OTORI - Exploring the Linux Filesystem for more details.

I also did some cleanup of the articles related to On The Outside, Reaching In — the FAQ is now a separate document to make the main page less wordy, the Squiz Matrix tutorial (OTORI - Example 2: Squiz Matrix) notes that it (like Mahara) needs to be run on a system without certain very recent libxml2 patches to be vulnerable, etc.

 
On The Outside, Reaching In, and She Wore A Mirrored Mask

My weekend project on and off since February has been a pair of penetration-testing tools. These are very early "preview" versions, but should work well enough to be useful for some people. I also wanted to be able to finally get some feedback on whether this was a useful direction to go in. It seemed to me like there was not a good tool in this space. Some might argue that there still isn't, of course :). They're both released under version 3 of the GPL.

On The Outside, Reaching In is designed to automate exfiltration of files from servers with XML External Entity ("XXE") vulnerabilities. It uses a Metasploit-style "module" system, because the specific mechanisms for exploiting this type of vulnerability vary too much for a generalized tool.

She Wore A Mirrored Mask is "a webserver with hidden talents" — it pretends to be something innocuous, but actually acts as a partner for On The Outside, Reaching In when using certain types of XXE exploit. In the future, it may do a lot more than that.

I included four detailed tutorials to get people started:

OTORI - Example 1: Apache Solr

OTORI - Example 2: Squiz Matrix

OTORI - Example 3: Mahara

OTORI - Example 4: McAfee ePO

 
Further updates to the Motorola article

I managed to track down the location-data-collecting component of Motorola's software on my phone - but before you get too excited, it was not enabled at the time. It's called "Little Sister", and I've added a section on it and a few other updates to the Motorola Is Listening article. I've also added a description of the hack/workaround I've used on my own device to prevent it from communicating with Motorola.

In the process of testing that hack/workaround, I learned something about HTTP proxies. Maybe it's common knowledge in some circles, but I sure hadn't run across it before. The details are in the HTTP Proxies and Loopback Addresses article.

I've made some minor corrections to the Multipurpose Man-in-the-Middle VM article as well, so if you've been giving that a shot and have run into trouble, those updates may help.

Looks like I forgot to actually upload the updated version of the XMPPPeek HTML file that included a link to the package with updated traffic-forwarding scripts. Sorry about that. It's been corrected.

 
 
[ Page Icon ]