Event Related

  • DEFCON 20
    • DEFCON 20: Day 2 Interesting Presentations – it.toolbox.com
      Day 2 of DEFCON, and things are jamming. There is a tremendous amount of energy at this 20 year celebration of the Con. People are behaving, and the talks are pretty interesting.
    • Defcon Day 2 Talk Notes – The DCWG Debriefing – novainfosecportal.com
      In November of 2011 a multinational force of feds and wizards took down Rove Digital’s on-line infrastructure including the DNS Changer name servers. Under contract to the FBI, employees of Internet Systems Consortium (ISC) installed “clean” replacement DNS servers to take care of a half million DNS Changer victims.
    • The tl;dr version of Moxie’s MSCHAPv2 – erratasec.blogspot.com
      I couldn’t figure out what the deal is with Moxie’s MSCHAPv2 talk, as cracking the challenge/response for weak passwords has been known for the last decade. In addition, the press has enormously hyped this talk beyond any reasonable degree.
    • End of Days for MS-CHAPv2 – isc.sans.edu
      Moxie Marlinspike and David Hulton gave a talk at Defcon 20 on a presentation on cracking MS-CHAPv2 with 100% success rate. This protocol is still very much in use with PPTP VPNs, and WPA2 Enterprise environments for authentication.
    • Defcon is 20 Years Old in 2012 – securelist.com
      Defcon 2012 marked its 20th anniversary with unexpected speakers, some pretty tough content, and the cultural dark magic that buzzes the conference every year.
    • Defcon focus on the Fed comes with conflicting emotions – blog.eset.com
      After my colleague Stephen Cobb stood in a huge line at Defcon waiting to get into the Friday keynote by NSA chief General Alexander, plus a swarm of interest shown at the two-part “Meet the Fed” panel presentation the next day, it’s becoming clear that multiple agencies of the federal government are focused on hackers, and vice versa. But to what end?
    • Defcon And Black Hat Wrap-Up: Wifi And VPN Crypto Cracked, NSA Chief Asks For Hackers’ Help, Android Vulnerable To Brute Force Attack – forbes.com
      The annual five-day, back-to-back Las Vegas security conferences Black Hat and Defcon provide the main stage for the information security community’s biggest stunts and revelations–more than any one reporter can cover. So here are a few of the highlights from this year’s hacker bonanza that I haven’t already written about.
    • DEFCON 20 CTF Network – s3.amazonaws.com
      This is a torrent file.
    • Cryptohaze Cloud Cracking Slides & Writeup – blog.cryptohaze.com
      In the event that you missed my talk at Defcon 20, I’m putting a written version of it up here, along with my relevant presentation slides. I’ll link the video when it goes up. This is a summary of what I talked about, and does include more information that was not available at the time of the actual talk.
    • Huawei’s routers of vulnerability – h-online.com
      “Hacking
      [redacted] Routers” was the title of a lecture at Defcon by security expert Felix Lindner (also known as FX) and Gregor Kopf of the Berlin-based Recurity Labs. The “censored” routers were quickly established as being the AR18 and AR28 routers from the Chinese manufacturer Huawei.
    • Defcon 20 slides – ia600505.us.archive.org
      Here are the slides for Defcon 20.
    • Tracing Bugs in Wireshark – isisblogs.poly.edu
      So word spread pretty quickly about the wireshark bugs being thrown around Defcon 20 CTF. After I got my hands on acme pharms packet capture I quickly set out to recover the evil packets and weaponize them 🙂
    • What you need to know about the vulnerabilities in MSCHAPv2 – blog.zoller.lu
      There was a talk at Defcon 20 entitled “Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2”, by Moxie and David Hulton – the talk announced the implementation of a tool that reduced the security of MS-CHAPv2 to the strength of a single DES encryption.
    • “Crack Me If You Can” – DEFCON 2012 – contest-2012.korelogic.com
      The initial feeling this year was that the contest had become overly complicated. The KoreLogic team introduced several new rules which seemed designed to handicap the larger teams, while we definitely appreciate the idea of getting more people involved in password cracking, as a large team, we felt rules such as those to be biased.
  • 2012 AIDE Conference
    • Video: Pen Testing HTML 5 Web Storage – community.rapid7.com
      Recorded at the 2012 AIDE conference, this video covers a presentation given by Jeremy Druin; a professional web application and network pen-tester. The topic is pen-testing html5 web storage which is a client-side storage technology available in html5-aware browsers. Web storage is discussed from two perspectives: altering your own web storage and altering the web storage of a remote user.
  • BSides Las Vegas 2012
    • BSides Las Vegas 2012 Videos – irongeek.com
      These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.
  • Black Hat USA 2012
  • 5 takeaways from Las Vegas – securelist.com
    Probably the two most important security conferences in the world are held in Las Vegas during the same week, gathering more than 15,000 attendees and offering dozens of talks.
  • Hacking Embedded Devices: UART Consoles – labs.mwrinfosecurity.com
    The ‘Hardware Hacking’ scene has exploded recently, thanks largely to the widespread adoption of devices such as the Arduino and Raspberry PI by the hacking community. Applying hardware hacking techniques during product assessments can often give unrivaled levels of access to hidden or undocumented functionality particularly when reviewing embedded devices such as routers, switches and access points.

Resources

  • Flamer Analysis: Framework Reconstruction – blog.eset.com
    From the very beginning of our analysis of Win32/Flamer it was clear that this was an extremely sophisticated piece of malware which we had never seen before. It implements extremely elaborate programming logic and has an intricate internal structure. At the heart of Flame’s modularity lies a carefully designed architecture allowing all its components interoperability without causing any incompatibilities.
  • The #security question du jour (ANSWERS TIME) – gse-compliance.blogspot.com
    The following page is a good introduction to Nmap.
  • BYOD: Organizations Question Risk vs Benefit – blogs.technet.com
    Over the past few posts we’ve been covering the concept of the BYOD trend. We started with a foundation describing the origins and evolution of BYOD, followed by a closer examination of the pros and cons of BYOD from the employee perspective. This post will focus on BYOD from the point of view of the company or IT organization.
  • Flamer Analysis: Framework Reconstruction – blog.eset.com
    Flame’s main module consists of objects that each implement specific functionality: gathering information on the compromised system; infecting other computers; communicating with C&C, and so on.
  • Exploit Exercises – exploit-exercises.com
    exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering.

Tools

  • Attack Surface Analyzer
    • Microsoft’s Free Security Tools – Attack Surface Analyzer – blogs.technet.com
      In this second article in my series focused on Microsoft’s free security tools, I’d like to introduce you to the Attack Surface Analyzer version 1.0. Back in January of 2011 the Security Development Lifecycle team released a beta version of the Attack Surface Analyzer and today they announced the release of version 1.0.

    • Attack Surface Analyzer 1.0 Released – blogs.msdn.com
      Last year we released a beta version of our free Attack Surface Analyzer tool. The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications. Since the initial launch of Attack Surface Analyzer, we have received quite a bit of positive feedback on the value it has provided to customers. Today we are pleased to announce that the beta period has ended and Attack Surface Analyzer 1.0 is now available for download.

  • chapcrack – github.com
    A tool for parsing and decrypting MS-CHAPv2 network handshakes.

  • ASEF Android Tool Analyzes App Security and Behavior – threatpost.com
    A researcher at Qualys has released a new tool designed to allow users–even non-technical ones–to evaluate the security and behaviors of the apps installed on their Android devices.

  • HTExploit – mkit.com.ar
    HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process.

  • BBQSQL – github.com
    A Blind SQL Injection Exploitation Tool

  • NetList Script – blog.ericrafaloff.com
    NetList is a small networking and security auditing script I wrote in Ruby. Given a search term, it will query the ARIN database for an organization and all of its related networks. This can assist a pen tester in finding out which networks are owned by the target, and noting them for a later scan and audit.

Vendor/Software Patches

Vulnerabilities

  • Australia in Crosshairs with Over 2,300 Dumped Password Hashes – novainfosecportal.com
    There are four new smaller password hash dumps that we discovered on OZDC.net over the past few weeks. Of course many of the records also contained other interesting data such as emails, usernames, obfuscated credit card numbers, credit card types, names, user ids, and nicknames.

Other News

  • Credit Card Roulette: Payment Terminals Pwned in Vegas – wired.com
    The vulnerabilities can also be used to make a fraudulent card transaction look like it’s been accepted when it hasn’t been, printing out a receipt to fool a salesclerk into thinking items have been successfully purchased.

  • Whistleblower, Suspected of Leaking Warrantless Spying Program, Sues NSA – wired.com
    A former congressional staffer and NSA whistleblower who the authorities suspected of exposing the George W. Bush administration’s warrantless wiretapping program is suing the government, saying her constitutional rights are being violated because her computer seized five years ago has never been returned, and the feds have refused to clear her name.

  • Cybersecurity Bill Fails in US Senate – securityweek.com
    A bill aimed at protecting the United States from cyber attacks failed to advance in the US Senate on Thursday, severely denting hopes for the passage of a measure backed by President Barack Obama.