Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
New SaaS Security Software
Posted by: Secrook
Date: July 22, 2009 04:23PM

Hi,

I would like to introduce a new security service called XyberShield. It is a relatively new concept for Internet Security, enacting a Behavior Based Protection that attacks and stops cyber attacks before they cause damage to your website. Everything from SQL Injection, Cross Site Scripting, SSI Injection, Brute Force Attacks, and HTTP Response Splitting is shut down through this service. I would like for you guys to check out the website and tell me what you think about it.

Thanks,

-HS

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: thrill
Date: July 22, 2009 07:18PM

lack of link, no points for you.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: PaPPy
Date: July 22, 2009 07:37PM

im guessing
http://www.xybershield.com/AboutXyberShield.aspx

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: July 22, 2009 11:45PM

I love the logos:


How do you implement the "Sessions" you claim you can fingerprint someone with "reduced false positives" using different IP addresses and different browsers.

So.. how does that work?

Also, who is your target market?

Quote

It's quick and easy to select a package that fits your security needs. If your website experiences more than 1,000 visits a month, additional protected visits are available.

Even my blog receives more than 1k visits a month..

Anyway, this is just a WAF.. I mean we will bypass it if we really want to hack your customers.. xD

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 5 time(s). Last edit at 07/23/2009 12:00AM by sirdarckcat.

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: thrill
Date: July 22, 2009 11:56PM

Quote

How do you implement the "Sessions" you claim you can fingerprint someone with "reduced false positives" using different IP addresses and different browsers.

So.. how does that work?

They use the:

if EvilHacker
   ShowRealName;

function.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: July 23, 2009 12:14AM

Haha this is awesome:
http://www.xybershield.com/XyberShieldDemo.aspx

The super hackers magically knows the name of the table he has to modify, the column names, the productname, etc..

And they even do it 3 times!!! and we can watch in slow motion how the super hacker types the same query again and again xD

Also, the ez-protect is so absurd.. you have a 3 minutes video of some guy clicking yes to a list of questions.. "do you want to be protected against XSS? 1..2..3.. yes... congratulations you are protected!!"

This website looks like swordfish's panels.. like a weird security solution made in Macromedia Flash. jQuery or something like that.

WAFs are doomed to fail, unless you are trying to protect against mickey mouse.

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 07/23/2009 01:06AM by sirdarckcat.

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: thrill
Date: July 23, 2009 02:01AM

1 point for sirdarckcat for showing lameness_level.

However, -1 point for sirdarckcat for not finding any vulns..
Score
~~~~~

Secrook     0   - lameness in lack of link
PaPPy      -1   - No vulns+using google
sirdarckcat 0   - Pointing to lame flash video -no vulns
thrill      3   - for pointing out everyone's failures

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: July 23, 2009 03:24AM

I should find a vuln to all the bs posted in here? that sucks, -2 to id, and +1 to mickey mouse.


Score
~~~~~

Secrook     0   - lameness in lack of link
PaPPy      -1   - No vulns+using google
sirdarckcat 0   - Pointing to lame flash video -no vulns
mickeymouse 1   - For being awesome
thrill      1   - for pointing out everyone's failures
id         -2   - for not mounting tra.ckers.org

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: Spyware
Date: July 23, 2009 03:34AM

Needs even more flashy graphics and javascript-based web-app to convince me.

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: July 23, 2009 04:10AM

I love this:
http://www.xybershield.com/console/xybershield.swf
and then:
javascript:document.getElementsByTagName('embed')[0].Play()

haha its an awesome UI!!

I dont have time to check their methods but they are very well documented:
http://www.xybershield.com/xsws/XyberShield.asmx
http://www.xybershield.com/XyberShieldAPI.asmx

I wonder what happens when you use TSetVariable(':/active_host','<censored>') and hostListArray[<censored>].customerId to <censored> that should <censored> access to all the <censored>and then a guid for the <censored> Token from the configuration of <censored> inside the source of <censored> application!!!.. but Im just thinking you see.. just thinking!

but looks cool!!

--edit--
added censored because I dont have enough points to release a 0day on news and links :(

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 7 time(s). Last edit at 07/23/2009 04:30AM by sirdarckcat.

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: Anonymous User
Date: July 23, 2009 06:17AM

The console login is http only?

<SOAP-ENV:Envelope 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<Login xmlns="http://tempuri.org/">
<UserName>admin</UserName>
<Password>admin</Password>
</Login>
</SOAP-ENV:Body></SOAP-ENV:Envelope>

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: PaPPy
Date: July 23, 2009 04:49PM

-1 points wtf? yall wouldnt have been able to look at the site without me!

bahhhhhhhhhhhhhhhhhhhhhhhh :(

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: thornmaker
Date: July 23, 2009 08:07PM

PaPPy Wrote:
-------------------------------------------------------
> yall wouldnt have been able to look
> at the site without me!
>

excactly. hence the -1

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: rvdh
Date: July 23, 2009 08:37PM

sirdarckcat Wrote:
-------------------------------------------------------
> I love the logos:
> http://www.xybershield.com/images/default/about_im
> age_1.png

So now they got all of our IP's when sourcing their images here ;-)

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: July 23, 2009 10:50PM

> So now they got all of our IP's when sourcing their images here ;-)
-1 point to rvdh for not using ToR to browse sla.ckers

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: thrill
Date: July 24, 2009 12:42AM

-1 point to anyone who read this thread.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: thrill
Date: July 24, 2009 12:45AM

and -2 points for anyone who posted on this thread..

oh shit.. I'm like -10 now.. bitch!

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: Cyr4n0
Date: July 27, 2009 08:28PM

Saw a full demo of this today. Not a WAF. Shiny GUI, like an iphone or a Pre.

Don't care about -2 points for posting. I've got 18 charisma and a +10 DNR.

-Cy

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: October 08, 2009 01:20PM

@Cyr4n0
-28 points for having charisma

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: no_pig
Date: October 10, 2009 09:18AM

with my poor english i can't understanding it well
but it seems to be so intersting.....oh!my god

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: June 05, 2010 01:34AM

sorry guys but I have to revive this thread.

http://xybershieldtest.com/

bypass
username: guest'--

Greetings!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: tr3w
Date: June 05, 2010 07:27PM

Yeah, all their sql injection protections are easily bypassed just with single line comments

foo'/**/or 1=1;/**/update/**/productinventory/**/set/**/listprice=101/**/where/**/productname='solarpanel_type2'--

I think some of those /**/ are not necessary but I'm too lazy to test.



Edited 2 time(s). Last edit at 06/06/2010 12:13AM by tr3w.

Options: ReplyQuote
Re: New SaaS Security Software
Posted by: sirdarckcat
Date: June 06, 2010 01:09AM

lolz
https://www.facebook.com/topic.php?uid=103331541541&topic=23009
they point to us!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote


Sorry, only registered users may post in this forum.