Resources:
- Free Online Information Security Training By Offensive Security – offensive-security.com
A free version of the online course, Metasploit Unleashed – Mastering the Framework. - The Top Cyber Security Risks – sans.org
Two risks dwarf all others, but organizations fail to mitigate them - SecurityTube – hackaday.com
This is the YouTube for hacks and security-related videos. - Research Presentation from EnergySec – digitalbond.com
A presentation about control system security research and tools - Penetration Testing and Vulnerability Analysis – pentest.cryptocity.net/blog/
A blog about the pentesting course at NYU:Poly
Tools:
- Origami v1.0.0 Beta0 – security-labs.org
Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. - PDFRessurect v0.8 – 757labs.com
This tool attempts to extract all previous versions while also producing a summary of changes between versions. - Wireshark 1.2.2, 1.0.9 and 1.3.0 Released – wireshark.org
The update contains numerous fixes. - BinScope Binary Analyzer – microsoft.com
BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level. - MiniFuzz File Fuzzer – microsoft.com
MiniFuzz is a very simple fuzzer designed to ease adoption of fuzz testing by non-security people. - Nessus 4.0.2 Released – tenablesecurity.com
This release includes several fixes and support for the latest operating systems from Microsoft and Apple. - RFIDIOt v0.z – rfidiot.org
RFIDIOt is an open source python library for exploring RFID devices. - John the Ripper v1.7.4.2 – net-security.org
Its primary purpose is to detect weak Unix passwords - BeEF v0.4 – bindshell.net
This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. - MSSQLScan 0.8.4 – cqure.net
A small multi-threaded tool that scans for Microsoft SQL Servers.
Techniques:
- In the wild Flash exploit analysis – part 2 – zscaler.com
In this post, we will see how the shellcode functions and how it downloads malicious binaries to an infected system. - Scanning Web Applications That Require Authentication – tenablesecurity.com
Nessus can be configured with the appropriate credentials for these authentication schemes as they relate to web application testing. - TOTW: Port Redirection (nc, socat, ssh, fpipe, cryptcat) – itsecops.blogspot.com
This Tool/Technique Of The Week (TOTW) covers port redirection using different tools. - Building a Java Applet with Meterpreter Payload – spl0it.wordpress.com
A talk about building an Applet that executes cmd.exe. - BeEF: XSS Vuln To Hack In Less Than 20 Characters – darkreading.com
BeEF is a fantastic tool for getting across to developers and Web admins the seriousness of vulnerabilities like cross-site scripting (XSS). - Access token stealing on Windows – rootkit.com
In Windows versions prior to Windows Vista there were no integrity checks on these fields, therefore it was possible to add and remove SIDs.
Vulnerabilities:
- SMB2 exploit released to the wild
Yesterday a well known security company added a remote SMB2 exploit module for their exploitation product.- White hats release exploit for critical Windows vuln – theregister.co.uk
- Microsoft Confirms SMB2 Flaw, Heightens Severity – threatpost.com
- Update on the SMB vulnerability situation – technet.com
Vendor/Software Patches:
- Microsoft ships one-click ‘workaround’ for critical SMB2 flaw – zdnet.com
The fix-it package effectively disables SMBv2 and then stops and starts the Server service. - Cisco drops patches for serious IOS vulnerabilities – zdnet.com
This batch of patches, which covers vulnerabilities in the way Cisco IOS processes SIP, NTP, IKE, IP and H.323 tunnels.
Other News:
- NYT Site Hit by Adjackers
The ad delivery system of the New York Times website was injected with some malicious code - Android app “tests” Windows vulnerability – hackaday.com
An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. - Safety first for IT executives in China – crn.com.au
US Government recommends weighing laptop before and after each visit. - DHS to review report on vulnerability in West Coast power grid – computerworld.com
The aim of the research was to study potential weak spots on the West Coast grid. - Misdirected spyware infects Ohio hospital – cio.com.au
Information on 62 patients was exposed after spyware was allegedly sent via Yahoo mail. - PBS.org hacked, serving malware cocktail – zdnet.com
According to researchers at Purewire, attempts to access PBS pages yielded JavaScript that serves exploits from a malicious domain via an iframe. - Why virus writers are turning to open source – cnet.com
Malware developers are going open source in an effort to make their malicious software more useful to fraudsters. - A Security Update: Flash Drives – navy.mil
Authorized users and only DoD-approved, DoD-purchased thumb drives and other USB devices will be allowed. - Inside the Password-Stealing Business – avertlabs.com
With so many financial transactions occurring online today, stealing passwords is an irresistible attraction for cybercriminals. - NSW seeks to build unhackable netbook network – itnews.com.au
At the physical layer, each netbook is password-protected and embedded with tracking software at the BIOS level of the machine. - Cyber Crooks Target Public & Private Schools – washingtonpost.com
On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District initiated a batch of bogus transfers out of the school’s payroll account.
No comments yet.