Event Related
- Workshop on the Economics of Information Security 2012 – lightbluetouchpaper.org
I’m liveblogging WEIS 2012, as I did in 2011, 2010 and 2009. The event is being held today and tomorrow at the Academy of Sciences in Berlin. - Blackhat Arsenal Tools Vegas 2012 LineUp – toolswatch.org
I’m very pleased to announce that Blackhat Team has released the Lineup for Arsenal Floor Vegas 2012. In fact, after 2 months of collecting tools, I was incredibly amazed to see such great astonishing tools. 46% of them are to be announced during the event itself. - SIRACon – societyinforisk.org
The first SIRA Conference was held May 7th, 2012 in Saint Paul, MN. Thanks to all the speakers and attendees for making our inaugeral event a success! - Videos for ALL Cons – phx2600.org
I would love to have a somewhat convenient compiled list of all the cons out there that have videos, and the links to the page(s) that have the videos. I will post a list of my own that I have compiled so far. If anybody knows of any other ones please feel free to reply with it.
Resources
- eHarmony Password Dump Analysis– blog.spiderlabs.com
Password cracking was performed on a custom built system using off-the-shelf parts totaling less than $1,500 utilizing three NVIDIA 460GTX graphics cards (GPUs) as the primary medium for the password cracking process. - BMC Remedy Password Descrambling– rewtdance.blogspot.com
The BMC Remedy application scrambles the users password with client side javascript on the login.jsp page. - All your ASUS servers iKVM/IPMI may belong to other!– pedromadias.wordpress.com
In this post i will describe how i found multiple implementation fails by ASUS that allows a remote attacker to grab user’s passwords and consequently access ASUS iKVM/IPMI equipped servers. - 6 Weeks and 60,000 Passwords Later– securityblog.verizonbusiness.com
There were quite a few statistics that jumped out at me in this year’s data breach report, however one of them stuck in my head: 79% of all attacks were classified as “opportunistic”. We define opportunistic attacks in the report as “The victim isn’t specifically chosen as a target; they were identified and attacked because they exhibited a weakness the attacker knew how to exploit.” - Open Source Passive DNS Replication– users.isc.org
This is a presentation. - Insecure Cryptographic Storage Explained– veracode.com
We recently recorded Veracode Security Researcher Chris Lytle discussing Insecure Cryptographic Storage. Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely.
Techniques
- How to Break Into Security, Ptacek Edition– krebsonsecurity.com
I decided to ask some of the brightest minds in the security industry today what advice they’d give. Almost everyone I asked said they, too, frequently get asked the very same question, but each had surprisingly different takes on the subject. - Exploiting Windows 2008 Group Policy Preferences – Expanded– rewtdance.blogspot.com
This follows on from the disclsoure http://esec-pentest.sogeti.com/exploiting-windows-2008-group-policy-preferences which discussed how Group Policy Preferences can be used to create Local Users on machines and the resulting passwords easily decrypted. - Hack Tips: CiscoWorks Exploitation– blog.opensecurityresearch.com
This article is the third in a series (See Hack Tips: Blackberry Enterprise Server and Hack Tips: Good For Enterprise) covering, step-by-step, practical post-exploitation tips that can be used to get the most out of various common network servers. - Password Audit of a Domain Controller– blog.cyberis.co.uk
Following on from our article on SAM retrieval without injection, a few people have asked if this technique is possible on a Domain Controller. Unfortunately, no, as account information, including hashes, are stored rather differently in Active Directory. The file in question is ntds.dit – an Extensible Storage Engine that basically stores all AD account information, including group membership, account status and importantly, password hashes. - Network Analysis With ProxyDroid, BurpSuite, and Hipster Dog– intrepidusgroup.com
My last post gave an overview of some options to setup your environment for Android network analysis. Of the winners that I pointed out, my personal favorite way to do an assessment (depending on the app) is to use ProxyDroid to forward network traffic to BurpSuite’s proxy.
Tools
- LiME 1.1 Released– dfsforensics.blogspot.com
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. - GameOver: A Web Application Penetration Test Learning Platform– pentestit.com
It always helps to have a test bed that helps you hone your attacking skills. GameOver is a new offering from the NULL community that helps you do that even if you are a newbie! - Analyzing PDF Malware – Part 3B– blog.spiderlabs.com
As the big blue letters above state, this is part 3B of the Analyzing PDF Malware series. If you haven’t read any of the preceding posts you can find them here: Part1, Part2, and Part3A. - Are We Completely Wiping That Hard Disk?– technibble.com
Is your client’s company disposing of old hardware, or do you have a client with sensitive data who desires complete and total erasure of data? Jackhammers, wrenches, and explosives may be more enjoyable methods of destruction, but what if the user would like to use the old hardware for non-sensitive data in another way, such as an external hard drive for storing personal data of a non-sensitive nature? DBAN it, right? - Openwall GNU/*/Linux 3.0 – a small security-enhanced Linux distro for servers– openwall.com
We’ve released John the Ripper 1.7.9-jumbo-6 earlier today. This is a “community-enhanced” version, which includes many contributions from JtR community members – in fact, that’s what it primarily consists of. - smbexec– sourceforge.net
A rapid psexec style attack with samba tools - ronin-support 0.5.0, ronin 1.5.0 and ronin-gen 1.2.0 released– ronin-ruby.github.com
Special pack / unpack methods were added to String, Integer, Float and Array classes. Unlike the normal Array#pack / String#unpack methods, these methods accept C-types. - androguard: Reverse engineering, Malware and goodware analysis of Android applications … and more– code.google.com
Androguard (Android Guard) is mainly a tool written in python to play with. - netsniff-ng: the packet sniffing beast– netsniff-ng.org
netsniff-ng is a free, performant Linux networking toolkit.
Vulnerabilities
- RSA
- Why RSA is misleading about SecurID vulnerability– rdist.root.org
There’s an extensive rebuttal RSA wrote in response to a paper showing that their SecurID 800 token has a crypto vulnerability. It’s interesting how RSA’s response walks around the research without directly addressing it. A perfectly accurate (but inflammatory) headline could also have been “RSA’s RSA Implementation Contained Security Flaw Known Since 1998”. - RSA repeats earlier claims, but louder– rdist.root.org
Sam Curry of RSA was nice enough to respond to my post. Here’s a few points that jumped out at me from what he wrote.
Other News
- Researchers steal keys from RSA tokens – Update– h-online.com
Researchers have succeeded in determining the secret RSA key from an RSA SecurID 800 Authenticator token in just 13 minutes. The attack – described in the paper “Efficient Padding Oracle Attacks on Cryptographic Hardware” by Bardou, Focardi, Kawamoto, Simionato, Steel and Tsay – is in principle nothing new. - Hardware Hacker Sentenced to 3 Years in Prison for Selling Rooted Cable Modems– wired.com
Cable-modem hacker Ryan Harris has been sentenced to three years in prison for helping users steal internet access in what the authorities say was a $1 million scheme to defraud cable companies of business. - RIAA chief: ISPs to start policing copyright by July 1– news.cnet.com
Comcast, Time Warner, and Verizon are among the ISPs preparing to implement a graduated response to piracy by July, says the music industry’s chief lobbyist. - Serious Web Vulnerabilities Dropped In 2011– it.slashdot.org
“It’s refreshing to see a security report from a security vendor that isn’t all doom-and-gloom and loaded with FUD. Web Application Security firm WhiteHat Security released a report this week (PDF) showing that the number of major vulnerabilities has fallen dramatically. Based on the raw data gathered from scans of over 7,000 sites, there were only 79 substantial vulnerabilities discovered on average in 2011. To compare, there were 230 vulnerabilities on average discovered in 2010, 480 in 2009, 795 in 2008, and 1,111 in 2007. As for the types of flaws discovered, Cross-Site Scripting (XSS) remained the number one problem, followed by Information Leakage, Content Spoofing, Insufficient Authorization, and Cross-Site Request Forgery (CSRF) flaws. SQL Injection, an oft-mentioned attack vector online – was eighth on the top ten.”
Leave A Comment