Week 9 in Review – 2011

Events Related

• Secure 360
  A two-day security conference held every May in Saint Paul, MN.
  • Secure360 Moderating Global Risk – secure360.org
  • How I Set Up Speaker Selection – beechplane.wordpress.com
• RSA 2011 Conference Notes –  chuvakin.blogspot.com
  Here is my account of RSA 2011 conference – with all its awesomeness! I LOVE RSA and I always say that if you can only attend one security event a year – make it RSA.
• ShmooCon 2011 Firetalks – audio.textfiles.com

Resources

• Alexa Top 100K Sites (The Malware Blues) – blog.sucuri.net
  How big do you think the web-based malware problem is? How many sites do you think were hacked and/or infected with malware in the last 6 months?
• Ask Ars: How Can I Securely Erase the Data On MY SSD Drive? – arstechnica.com
  As pointed out in a recent research article, there isn’t a standard method for securely deleting data from a solid state drive.
• PenTest Execution Standard
  Well, after many months of hard work in the background, we’ve reached that point where it’s time to talk about PTES openly.
  • Penetration Testing Execution Standard – blog.c22.cc
  • Pre-Alpha Release Announced – vulnerabilitydatabase.com
• Japanese WiFi Stumbling – erratasec.blogspot.com
  So-called “smartphones” still lag in Japan overall. The Japanese got e-mail and limited Internet access on relatively “dumb” phones before the U.S. did.

Tools

• SMBRelay by MS SQL server – dsecrg.blogspot.com
  Today we will talk about practical using of SMBRelay attack through one of the famous software which very often becomes a part of ERP systems. This is MS SQL server.
• OllyDbg Tricks for Exploit Development – resources.infosecinstitute.com
  This is the second article in a series about using the OllyDbg, a 32 bit assembler level analyzing user mode debugger for Windows.
• Debugging Fundamentals for Exploit Development – resources.infosecinstitute.com
  This is a basic exploit writers tutorial for OllyDbg, a 32 bit assembler level analyzing user mode debugger for Windows.
• Context App Tool Beta 4 – contextis.co.uk
  Our old post regarding the Context App Tool or CAT can be found here. We missed reporting about an update – CAT beta 4 – that was released almost a year ago!
• TaskManager.xls Version 0.0.3 – blog.didierstevens.com
  I’ve added a couple of columns with info I need (the Filename, the process Creation time and a 32/64 bit indicator).
• Scapy 2.2.0 released with support for new protocols – hg.secdev.org
• Cain and Abel v4.9.39 – oxid.it
  Our previous post regarding Cain & Abel can be found here. Now, oxid.it has released an updated Cain & Abel version 4.9.39!
• Creepy Geolocation Aggregator
  Excess information reconnaissance before you involve the human part in a security test never hurts!
  • Creepy: A Geolocation Information Aggregator! – github.com
  • Creepy v.1.7 Released – github.com
• JBoss Application Server Remote Exploit – exploit-db.com
• NessusDB v1.3 Released – github.com
  NessusDB is Nessus XMLv2 parser, which pushes reports into anActiveRecord database, easing report generation.
• Dangerous Filewrite bug in Foxit PDF reader – scarybeastsecurity.blogspot.com
  Recently, I’ve been playing around with the various JavaScript APIs available in various different PDF readers.
  
  

Techniques

• Psychological Warfare With NIRCMD – room362.c0m
  One of the best ways to throw blue teamers off the scent of another host getting owned.
• Injecting Malicious HTML IFrames – research.zscaler.com
  Injecting malicious HTML IFrames into the legitimate web pages has become a commonplace technique in web based attacks.
• Volatility – zonbi.org
  If you’re into forensics or the challenges I’ve been talking about lately, you should be familiar with Volatility.

Vendor/Software Patches

• Wireshark 1.4.4 and 1.2.15 Released – wireshark.org
  Wireshark 1.4.4 and 1.2.15 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.
• Wireless Host App “Karma” Patch Update – foofus.net
  I’ve posted an updated version of my “Karma” patch for HostAP (hostap_0_7_2-775-g9fc6aa9). This patch adds Karma-style automatic probe response.

Vulnerabilities

• Android DroidDream Uses Two Vulnerabilities – blog.fortinet.com
  You probably haven’t missed DroidDream which trojaned several applications on the Android Market and several blog posts on the matter.
• Shmuck of the Month: Sony – dogber1.blogspot.com
  Two types of companies exist: those which are growing and those which are dying. Sony clearly belongs to the latter for over a decade now.
• ONJECT and EMBED are inherently Unsafe – Icamtuf.blogspot.com
  The specification effectively takes away the ability for any single party to decide how a particular plugin document should be handled by the browser.

Other News

• Google Buys Security Analytics Software Developer Zynamis – techcrunch.com
  Zynamics builds reverse engineering tools for both offensive and defensive security that help find and prevent security vulnerabilities and issues within software applications.
• Why I’m Quitting Security (Part 1) – darkreading.com
  The last straw came at the RSA Conference: A perfect storm of negative situations culminated at one of the big vendor parties with me apparently having lost my phone.
• Flash Drives Dangerously Hard To Purge of Sensitive Data – theregister.co.uk
  In research that has important findings for banks, businesses and security buffs everywhere, scientists have found that computer files stored on solid state drives are sometimes impossible to delete using traditional disk-erasure techniques.
• Malware in Android Market highlights Google’s vulnerability – arstechnica.com
  Google has removed 21 applications from the Android Market after it was discovered that the apps secretly installed malware.
• Crackers Destroy Security Mailing List For Linux Distributors – h-online.com
  Meissner says a cracker apparently broke into the mailing list server at lst.de and destroyed the installation.