Week 40 in Review – 2010

Events Related:

• Ekoparty 2010 Wrap-Up – dvlabs.tippingpoint.com
  The reason that Ekoparty is the premier conference in South America can be summed up in one word: collaboration.
• Metasploit Unleashed, Again! – offensive-security.com
  As new features are being added to the Metasploit Framework, we are attempting to add them to the Wiki in order to keep our content fresh and up-to-date to ensure we are providing a valuable resource to our readers.
• S4 2011 Cancelled – digitalbond.com
  It is with great sadness that we announce there will be no SCADA Security Scientific Symposium
  [S4] this January.
• Crypto Challenges at the CSAW 2010 Application CTF Qualifying Round – gdssecurity.com
  Two of of our former interns, Julian Cohen and Luis Garcia, who were responsible for organizing the CTF asked that I help write some crypto challenges, as well as be one of the judges of the competition.
• Beyond DEFCON 15 Must See Hacking Conferences – threatpost.com
  The editorial team at Threatpost has compiled this list of 15 shows we think are worth a second look.

Resources:

• New Paper on Password Security Metrics – reusablesec.blogspot.com
  Since I had the paper and presentation approved through my company’s public release office I was given permission to blog about this subject while the larger issue of my blog is still going through the proper channels.

Tools:

• Windows Credentials Editor v1.0 (WCE) – hexale.blogspot.com
  It allows to perform pass-the-hash and other things related to windows logon sessions and supports XP,2003,7,2008 and Vista.
• UPDATE: BeEF v0.4.1-alpha! – pentestit.com
  Now, an updated alpha version – BeEF v0.4.1-alpha has been made available to us!
• ESF: A Exploit Next Generation SQL Fingerprinter Tool! – pentestit.com
  The Exploit Next Generation SQL FingerprintT (ESF) uses well-known techniques based on several public tools that are capable to identify the Microsoft SQL Server version (such as: SQLping and SQLver).
• UPDATE: Network Security Toolkit v2.13.0! – pentestit.com
  The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.
• SECmic: A Penetration Testing Distro! – pentestit.com
  It comprises over 200 pre-installed security oriented applications and maintains Ubuntu/Kubuntu update compatibility; meaning you will be able to receive security updates directly from the Ubuntu/Kubuntu repositories for the lifetime of this Kubuntu 10.04 LTS based release.
• Qubes Alpha 3! – theinvisiblethings.blogspot.com
  Disposable VMs are really a killer feature IMO.
• DotNetaslpoit – digitalbodyguard.com
  DotNetasploit is a software system that allows .NET payloads to be used against running .NET applications.
• HotFuzz: A Peach based Smart Network Fuzzer! – pentestit.com
  The HotFuzz project aims at providing a tool for discovering security vulnerabilities in network applications.
• UPDATE: FOCA v2.5.3! – pentestit.com
  FOCA, which stands for “Fingerprinting Organization with Collected Archives” is an automated tool for downloading documents published in websites, extracting metadata and analyzing data.
• VSAM – vsam.sourceforge.net
  Based on the great work of the Inprotect project, Vsam extends the ability of Inprotect by bringing the power of virtualization to this highly functional project.
• UPDATE: Web Security Dojo v1.01rc1! – pentestit.com
  A free open-source self-contained training environment for Web Application Security penetration testing.
• OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing – darknet.org.uk
  It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.
• Oracle passwords (DES) solver 0.2 (SSE2) – conus.info
  It is possible because significant amount of work is to generate all hashes for all possible passwords, but checking generated hash value against to what is defined in list, is not very costly.
• PyProxy | Proxy Hunter and Tester, A high-level cross-protocol proxy-hunter python library – gunslingerc0de.wordpress.com
  PyProxy is a Proxy Hunter and Tester, a high-level cross-protocol proxy-hunter python library.

Techniques:

• The Rapidly Evolving Exploitation Playground – technet.com
  The cat-and-mouse game between offensive and defensive researchers has brought us two important and game-changing mitigations: ASLR and DEP.
• Penetration Testing : NMAP.XML to TAB – redspin.com
  Following up on my last NMAP post, processing port scan data in a meaningful manner is essential to network penetration testing.
• LowerMyRights – didierstevens.com
  When this DLL is loaded inside an existing process, it will check a whitelist and a blacklist to decide if it has to restrict the process’ rights (it also checks if it’s running on Windows XP).
• PHP deobfuscation – zscaler.com
  This code can be deobfuscated by hand, but it takes multiple iterations and can be time-consuming.
• Simple Mac OS X ret2libc exploit (x86) – vnsecurity.net
  Our target is to transfer the desired shellcode to the __IMPORT section of dyld then execute it.
• Using a MAC address to find your physical location (via Google Location Services) – diniscruz.blogspot.com
  Google knows about MAC addresses from the data feeds provided either by Google’s Street View cars or by passing-by pedestrians using Android phones.
• SEH all-at-once: new technique to bypass SafeSEH+SEHOP protections. Doc: http://bit.ly/d9W3KW. Exploit: http://bit.ly/bHpchw – @roman_soft
• About the .NET Padding Oracle Attack
  To better clarify how this exploit originally worked, we spent some days in our labs studying the .NET Ajax libraries.
  • Investigating .NET Padding Oracle Exploitation with padBusterdotnet – mindedsecurity.com
  • PadBuster v0.3 and the .NET Padding Oracle Attack – gdssecurity.com
• O2 Platform script to create Twitter accounts (with CAPTCHA support) – diniscruz.blogspot.com
  Part of the challenge of automating/scripting web application security vulnerabilities is the need to handle multi-stage data inputs.

Vulnerabilities:

• Paypal Sender Country XSS – praetorianprefect.com
  PayPal has had similar problems with cross site scripting in the past, including an incident back in March.
• Oracle Application Server Fastcgi Echo Vulnerability Reports – integrigy.com
  The vulnerability is in the FastCGI module delivered with the Apache httpd server that is incorporated into the Oracle Application Server.

Vendor/Software Patches:

• Oracle Critical Patch Update October 2010 Pre-Release Analysis – integrigy.com
  Oracle E-Business Suite customers with externally facing implementations should carefully review the remotely exploitable vulnerabilities in iRecruitment to determine if these pages are blocked by the URL firewall.
• Adobe ships another mega-patch for PDF Reader – zdnet.com
  Adobe has slapped another band-aid on its heavily targeted PDF Reader/Acrobat product line, warning that hackers are already exploiting some of these vulnerabilities to launch malware attacks.

Other News:

• Caught Spying on Student, FBI Demands GPS Tracker Back – wired.com
  A California student got a visit from the FBI this week after he found a secret GPS tracking device on his car, and a friend posted photos of it online.
• Emerging Pen Testing Cert is Crest of Honor – coresecurity.com
  CREST, which was launched in response to the need for regulated and professional security testers to serve the global information security community, has been a huge hit overseas, most notably in the United Kingdom.
• Your Password Cracking System Sucks – pauldotcom.com
  For NTLM without overclocking I tend to get around 10.5Billion password attempts a second even with several thousand hashes.
• Qualys SSL Labs releases raw data from the Internet SSL survey – ivanristic.com
  The raw data contains the SSL assessment results of about 850,000 domain names (out of about 120M we inspected).