Week 40 In Review

Events Related

• DerbyCon Aftermath
  Leftover notes and resources on DerbyCon
• DerbyCon Recap – noobz.net
• DerbyCon 2011 Videos – irongeek.com
• More DerbyCon 2011 Videos – irongeek.com
• OWASP AppSec USA 2011 – appsecusa.org
  Schedule and list of speakers for the upcoming event.

Resources

•  Dirty Little Secrets In Pentesting
  Resource archive
• The Dirty Little Secrets They Didn’t Teach You In Pentesting Class (video) – room362.com
• The Dirty Little Secrets They Didn’t Teach You In Pentesting Class (slides) – room362.com

• Security 101: Security basics In 140 Characters Or Less – isc.sans.edu
  Since October is “Security Awareness Month,” a few weeks back, I sent out a call on Twitter for folks to submit pithy, 140 character-long, chunks of Security 101 wisdom.  Below, I’ve compiled together the resulting list, along with the Twitter name of the submitter.

Tools

• MagicTree v1.0 Released, A Productivity Tool For Penetration Testers – darknet.org.uk
  MagicTree is a productivity tool for penetration testers. It allows consolidating data coming from various security tools, query and re-use the data and generate reports. It’s aim is to automate the boring and the mind-numbing work, so you can spend your time hacking.
• UPDATE: ZAProxy v1.3.3! – code.google.com/p/zaproxy/downloads/list
  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testingtool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
• UPDATE: THC-HYDRA v7.1! – freeworld.thc.org/releases/hydra-7.1-src.tar.gz
  THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux,Windows,Cygwin, Solaris, FreeBSD and OSX.
• UPDATE: USB VirusScan 1.7.4 – blog.didierstevens.com
  When USBVirusScan launches the program that was specified as argument upon insertion of a removable drive, it will provide debug information regarding the launching of this program.
• CSET: The Cyber Security Evaluation Tool! – us-cert.gov/control_systems/csetdownload.html
  The Cyber Security Evaluation Tool (CSET) can provide you with a systematic and repeatable approach for assessing the cyber security posture of your industrial control systems (ICS) networks and IT systems.
• Oter Tool Download Link – otertool.com
  Webpage embedded with mysterious download link.

Techniques

• Beauty and the BEAST – isc.sans.edu
  As has been already written on million places, the BEAST attack attacks SSL 3.0 and TLS 1.0, in particular their implementation  of the Cipher-block chaining (CBC) block encryption algorithms.This is probably the most widely used mode for block encryption algorithms today, so it is obvious that any attack on this (and SSL/TLS overall) can have huge impact.
• Mutual Authentification In Android and iOS – intrepidusgroup.com
  You’ll notice that the title says “Mutual Authentication”, not “Client Authentication” – our goal here is to implement both strong client authentication using certificates, and verify that the server certificate presented to us is issued by a CA we trust explicitly.
• Gateway-finder script – pentestmonkey.net
  Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal pentests when you want to quickly check for unauthorised routes to the Internet (e.g. rogue wireless access points) or routes to other Internal LANs.  It doesn’t perform a hugely thorough check, but it is quick at least.  It’s python, so it should be easy to modify if you need it to do something more sophisticated.

Vulnerabilities

• Mass WordPress.com infection ongoing – most malicious domains using changeip.com – blog.armorize.com
  The Cyber Security Evaluation Tool (CSET) can provide you with a systematic and repeatable approach for assessing the cyber security posture of your industrial control systems (ICS) networks and IT systems.

Other News

• BlackBerry Media Card Encryption A Security Risk? – blogs.cio.com
  The BlackBerry OS is known for the many security safeguards it affords individual users and organizations, the most basic–and most important–of which is probably the device password.
• Idaho Lab In A Race To Shore Up Critical Infrastructure Systems – wired.com
  All it took was one click of a mouse from the CEO of the ACME Chemical company. Within half an hour of that tap hackers had exfiltrated proprietary documents from the company’s network, commandeered IP-based surveillance cameras at the facility to spy on network administrators, seized control of a computer system managing its chemical mixing process and finally caused a toxic spill that administrators were powerless to stop.
• McAfee Acquires Nitro Security – insecureaboutsecurity.com
  Fast forward to October 2011. At the start of National Cybersecurity Awareness Month, McAfee took the plunge by acquiring Nitro Security, a security management vendor based in lovely Portsmouth, NH.