Week 8 in Review – 2011

Events Related

• RSA Conference 2011
  If you ignored the weather and the travel delays caused by having a Former US President and the Current President of the United States in town the conference was highly enjoyable this year.
  • RSAC 2011 (Zombies and Shiny Things) – visiblerisk.com
  • What I Learned At RSAC – securosis.com
  • RSA 2011: Winning the War But Losing Our Soul – threatpost.com
  • What We Learned – r00tsec.blogspot.com
• DefCon 2011 Call for Papers – defcon.org
  More exciting than HBGary’s email, world’s #1 hacker expose or 5up3r $3kret.gov leak, it is time for the DEF CON Call for Papers to open!

Resources

• Throwing Star LAN Tap – ossman.blogspot.com
  It is a simple cross of CAT5 cable spliced together to permit in-line monitoring of Ethernet connections.
• SQL Injection: bypassing addslashes() – securityreliks.securegossip.com
  This is really simple. Many will try to nullify SQL injection using the php addslahes() function. However, this is easily bypassed using an invalid multi-byte character. Let me illustrate how this works.
• Pulling Cisco configs with Nmap – cqure.net
  A few hours ago I committed a new script created by Vikas Singhal to Nmap.
• Nmap mssql scripts feature boost – cqure.net
  Chris Woodbury and I have been working on some new exciting features and enhancements to the ms-sql scripts and library in Nmap lately.
• Launching OWASP Defenders Community – michael-coates.blogspot.com
  I’ve created the OWASP Defenders Community as the first step towards a vision of OWASP I outlined the other day.
• The Open Pentest Bookmarks Collection – securityaegis.com
  …is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research.
• Penetration Testing Execution Standard – pentest-standard.org
  It is a new standard designed to provide both businesses and security service providers with a common language and scope for performing penetration testing.
• When does a DoD Information System require a re-accreditation – elamb.org
  We are talking about a single client on within an Information System getting an upgraded operating systems, or a firewall being upgraded or the addition of 4 Cisco internetworking devices and a VLAN change.
• Building the ultimate bad arse CUDA cracking server – secmaniac.com
  If you followed my blog post about a year ago , me and another one of my friends Josh Kelley uilt a CUDA cracking server that consisted of an ASROCK overclocker motherboard and 4 GTX 295′s which was a nice accomplishment building it from scratch.
• Jeff Jones’ Security Week in Review: February 25, 2011 – blogs.technet.com
  Well, this week was pretty lean compared to the plethora of Security topics written last week during RSA.
  
• Pentest lab vulnerable servers application list – r00tsec.blogspot.com
  In this post I’m going to present some useful resources to learn about penetration testing and where to use exploitation tools and techniques in a safe and legal environment.

Tools

• DOMXSS Scanner: An Online Tool to find Potential DOM Based XSS Vulnerabilities – domxssscanner.com
  DOMXSS Scanner is an online tool that helps you find potential DOM based XSS security vulnerabilities.
• Reversing Android – zonbi.org
  These are just some useful links to tools and blogs on reversing Android applications and the Android platform. I haven’t had a chance to play with them as yet, but I’m hoping to spend some time on it a little later this evening.
• OllyDbg 2.01 Alpha 2! – ollydbg.de
  Our first post regarding OllyDbg can be found here. Now, the intermediate releaseOllyDbg version 2.01 alpha 2 has been released finally!
• Having Fun with beEF, the browser exploitation network – gnucitizen.org
  Sorry vegetarians, but BeEF is back. That’s right, the Browser Exploitation Framework is back, and it has now been rewritten from the ground up in Ruby.
• [Tool] String Encoder– securityreliks.securegossips.com
  String Encoder is a useful tool when doing XSS and SQLI attacks that require filter bypass. The input to the tool takes whatever your string is, and then encodes it according to your desires and outputs it in an injectable format. Here are the current options.
• vbSEO – From XSS to Reverse PHP Shell – exploit-db.com
  XSS is not a big deal, or is it? On many occasions, I’ve seen this vulnerability being classified as useless, not serious, and being a low threat.
• Behind the Curtain: A Journey Into Reversing the Hyper-V Vmbus Exploit (MS10-102) – blog.coresecurity.com
  One of the exciting things about being product manager for CORE IMPACT PRO is I get to peek behind the curtain and see how the exploits and capabilities that wind up in the product are built.
• New Module for the Metasploit Framework Released by SecureState – blog.securestate.com
  Today, SecureState released a new module for the Metasploit Framework that allows users to brute force credentials on Microsoft OWA servers.
• Ubertooth spectrum analyzer – ossman.blogspot.com
  I took a break from hardware and manufacturing concerns tonight and sat down to write some code. I probably should have worked on the USB bootloader, but instead I wrote a simple spectrum analysis function for the Ubertooth platform.
• Exploit Research Megaprimer (over 300 Minutes) using Backtrack – backtrack-linux.org
  As promised, I have finally started the Exploit Research Megaprimer. I will be dealing with topics like buffer overflows, heap sprays, SEH, SafeSEH, DEP, ASLR etc. in this series and will take up examples from the real world to illustrate these concepts.
• UPDATE: Thicknet with MSSQL Support! – github.com
  This release contains a newer modular format and MSSQL support!

Techniques

• Harddrive Password Recovery – hackaday.com
  These passwords are stored in a special area of the hard disk that also contains the firmware for the device.
• OSINT: large email address list imports with Maltego – holisticinfosec.blogspot.com
  Given the recent HBGary debacle, you’ll soon see where the following discussion may prove useful for discovery of relationships between entries in a large list of email addresses.
• Brute Forcing Passwords pt. 2 – pauldotcom.com
  In this post I hope to go beyond the basics and demonstrate some approaches I use to significantly increase the quality of my tests as well as my chances of success.
• GOTO 10 – zonbi.org
  So I’ve been spending a little time playing with OS X and trying my hand at reverse engineering some binaries.
• Pauldotcom Security Weekly Episode232 – pauldotcom.com
  On today’s tech segment we will cover 2 new enumeration modules against OSX machines that where added to Metasploit.
• Peeling Apart TDL4 And other Seeds of Evil Part 2 – perpetualhorizon.blogspot.com
  Multiple malware components were found on the system and I shall try to describe the analysis processes I used in an attempt to provide something of interest.
• Anti-debugging tricks revealed – corelan.be
  I love cartoons, and I love reversing, so I decided to play a little bit with that binary (b300.exe) which was a lot of fun. Because some interesting anti-debugging tricks were implemented into the binary, I decided to make a short video about the reversing process.
• Hashcat Advanced Password Recovery
  • Hashcat – hashcat.net
  • oclhashcat+ – hashcat.net
  • oclhashcat – hashcat.net
    

Vulnerabilities

• Don’t get blinded by the Flash – blog.rapid7.com
  Flash has become a de-facto standard for Web applications, yet most vulnerability management solutions don’t do a very good job verifying Flash content.
• Thunderbolt: Introducing a new way to hack Macs – erratesec.blogspot.com
  However, it appears to share the same security flaw as some of those older technologies: attaching a hostile device can break into your computer.
  

Other News

• Anonymous vs. HBGary
  The aftermath
  • HBGary hack: lessons learned – isc.sans.edu
  • HBGary and the Future of the IT Security Industry – schneier.com
• NIST boosts crypto with faster SHA-2 functions – thinq.co.uk
  The National Institute of Standards and Technology, guardian of America’s cryptography standards, has announced a new extension to the SHA-2 hashing algorithm family that promises to boost performance on modern chips.
  
• Oracle Database Firewall Security – petefinnigan.com
  A firewall is not activity monitoring and as stated in the article most of the DAM product players support IDS/IPS and also audit trail facilities.
• New type of financial malware hijacks online banking sessions – net-security.org
  A new type of financial malware has the ability to hijack customers’ online banking sessions in real time using their session ID tokens.
• Data remains on USB and Solid-State Hard Drives (SSDs) even after Secure Erase – cyberarms.wordpress.com
  New research shows that secure erase programs used on standard hard drives to wipe important data do not completely erase solid-state (SSD) drives and USB thumb drives.
• Book Excerpt: Kingpin – wired.com
  Published Tuesday, the new book by Wired.com senior editor Kevin Poulsen tells the story of Max Vision, a white hat computer hacker who turned to the dark side.
• ZeuS crimeware variant targets Symbian and BlackBerry users – zdnet.com
  The variant, currently targeting Symbian and BlackBerry users works as follows. Upon successful infection, the crimeware injects a legitimately looking field into the web page.
• What’s the deal with deleting data from flash drives – erratasec.blogspot.com
  Yet, when passing through customs, the border guards seize your laptop and find the proof of your crimes committed as a member of Anonymous and Wikileaks.
• More Thoughts on OWASp 4.0 – curphey.com
  There is a lot of good chatter about what I have learned is being called OWASP 4.0.
• DSD tests Apple iOS for national security – zdnet.com.au
  John Sheridan, first assistant secretary of AGIMO, responded to questions from a Senate Estimates committee this week, informing senators that the DSD hadn’t yet certified Apple’s mobile operating system for use with private wireless networks that handle material of national security.
• Survey: 85% of Employees Under 25 Use Personal Email Accounts For Work – readwriteweb.com
  The survey found that 85% of what Mimecast dubs “Generation Gmail” have used personal email accounts to send work-related documents.
  
• Hackers use hidden device to manipulate news at WiFi hotspots – blogs.computerworld.com
  What if you are reading the news and some startling and almost unbelievable headline caught your eye such as “U.S. wants Assange as head of Defense Department”?