Event Related

  • USENIX
  • Toorcamp 2012
    • ToorCamp 2012: Tribes & Technology – tripwire.com
      I recently returned from a week on the Olympic Peninsula at ToorCamp where I presented a talk and stayed the week attending workshops, learning electronics, picking locks and other activities.
    • Toorcamp 2012 -flickr.com
      Pictures for Toorcamp 2012
  • Bsides
  • Mobile Hacking 101 – ethicalhacker.net
    Next item on the board meeting agenda: the war on smartphones! For some time now, smartphones have been quietly creeping into our society and slowly infiltrating our families and companies. It started off simply enough: the CEO’s husband bought her an iPad for Christmas, and she thought it would be pretty savvy to be able to answer work email on it at a business meeting half way around the world.
  • Black Hat USA 2012 update – census.labs.com
    This year we have presented our research work at Black Hat USA 2012, the leading information security conference. Our researchers Patroklos Argyroudis and Chariton Karamitas visited Caesar’s Palace at Las Vegas, Nevada and delivered the talk.

Resources

  • Ghost USB Honeypot Part 1- Interview with Project Leader Sebastian Poeplau – resources.infosecinstitute.com
    Malware threats have become very common these days. In the past, many honeypots have been created to detect malware propagation over the network. These honeypots trick the malware into believing that they are a part of the network.
  • SecureLogix Releases 2012 State of Voice Security Report – voipsecurityblog.typepad.com
    SecureLogix has officially released our State of Voice/UC Security report for 2012. I co-authored this report with Rod Wallace, our VP of services. The report has been out since March, but we have made it available for any and all via our website.
  • New Linux Distro for Mobile Security, Malware Analysis, and Forensics – resources.infosecinstitute.com
    Yes, you read the title right and I hope I just grabbed your attention! A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been unleashed and its alpha version is now available for download for you to try out.
  • SQL Server 2008 Local Administrator Privilege Escalation – netspi.com
    Unlike previous versions, SQL Server 2008 and 2012 don’t provide local system administrators with database administrator rights by default. This was a great idea by Microsoft to reinforce the practices of least privilege and separation of duties. However, in spite of the fact that their heart was in the right place, it was implemented in such a way that any local administrator (or attacker) can bypass the restriction.
  • Why I Choose PowerShell as an Attack Platform – exploit-monday.com
    Since the inception of PowerShell, it has been a blessing for Windows administrators everywhere. As Don Jones so eloquently puts it, “you can either learn PowerShell, or learn to ask, ‘would you like fries with that?’” I couldn’t agree with that sentiment more. After all, with server core being the default installation option of Windows Server 2012, knowledge of PowerShell is becoming increasingly crucial.
  • The Exploit Magazine 01/2012 – theexploitmag.com
    Dear Readers, we proudly present you The ExploitMag. We decided to launch entirely new magazine devoted to exploits. In this very first issue we focused on Metasploit Framework. In the nearest future, you can expect publications on: DoS Attacks, SOAP, WSDL hacking and more.
  • White hats publish DDoS hijacking manual, turn tables on attackers -arstechnica.com
    Turning the tables on miscreants who paralyze websites with torrents of junk data, security researchers have published a detailed manual that shows how to neutralize some of the Internet’s most popular denial-of-service tools.

Techniques

  • Simple but Extremely Useful Windows Tricks – blog.opensecurityresearch.com
    Navigating Windows in the most efficient manner possible can be seen as wizardry– it almost seems as if Microsoft tries to make it increasingly more difficult to accomplish simple things. However, there are plenty of very useful tricks and shortcuts built into Windows, the problem is they are not publicized very well. Students in our Ultimate Hacking Courses usually find these Windows tips useful, so we figured we would share them.
  • Stealing the Keys to the Kingdom through SQL injection – pentestgeek.com
    Recently I was conducting a penetration test for a very large high profile client. The network itself had over 5500+ nodes and nearly 400 subnets. I started out using one of my new tactics by utilizing Nmap’s new http-screenshot.nse script.
  • building isecpartners ios-ssl-kill-switch tweak – greenoperator.tumblr.com
    For some time it has been a challenge to trap SSL traffic from iOS applications in a web proxy tools such as Fiddler or WebScarab. iOS application in many cases performed Certificate Pinning which checked for specific information within the SSL certificate before accepting allowing the application to complete a request.

Tools

  • Phone to Phone Android Debug Bridge – github.com
    A set of scripts to assist in pulling data, making system changes, etc, with minimal user input.
  • Brainfuck beware: JavaScript is after you! – patriciopalladino.com
    I just made a tool to transform any javascript code into an equivalent sequence of ()
    []{}!+ characters. You can try it here, or grab it from github or npm. Keep on reading if you want to know how it works.
  • XMPPloit: A Tool to Attack XMPP Connections! – pentestit.com
    A new day and a new tool from the Blackhat USA 2012 tool arsenal – XMPPloit! Before we talk about the tool itself, let us first know what XMPP is. XMPP stands for Extensible Messaging and Presence Protocol and is a streaming XML protocol that was previously named Jabber.
  • DakaRand 1.0: Revisiting Clock Drift For Entropy Generation – dankaminsky.com
    So, I’ve been playing with userspace random number generation, as per Matt Blaze and D.P. Mitchell’s TrueRand from 1996.
  • Backtrack 5 r3 List of (some of the) new Tools and Programs – cyberarms.wordpress.com
    What are the new utilities included with Backtrack 5r3? I couldn’t find a list, so I decided to make one myself comparing BT5r2 with the latest version. This is not an exhaustive list, but hopefully it will help people see some of the very cool new tools and programs added to Backtrack.
  • Smartphone Pentest Framework v0.1.1 available (Install Script for BackTrack Included) – github.com
    The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices.
  • dnsspider-0.4.py – nullsecurity.net
    A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
  • asef – code.google.com
    ASEF – Android Security Evaluation Framework : Open Source Project to perform security analysis of Android Apps by various security measures.
  • Sandcat Browser – Pen-Test Oriented Web Browser v2.1 Beta available – syhunt.com
    Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner.
  • nishang – code.google.com
    Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.

Vendor/Software Patches

  • Microsoft Security Bulletin
    • Microsoft Security Bulletin MS12-043 – Critical – technet.microsoft.com
      This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker’s website.
    • Microsoft Security Bulletin MS12-053 – Critical – technet.microsoft.com
      This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
    • Microsoft Security Bulletin MS12-054 – Critical – technet.microsoft.com
      This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted response to a Windows print spooler request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.
    • Microsoft’s Free Security Tools – BinScope Binary Analyzer – blogs.technet.com
      This article in our series focused on Microsoft’s free security tools is on a tool called BinScope Binary Analyzer. This tool can be helpful for both developers and IT professionals that are auditing the security of applications that they are developing or deploying/managing.
    • UPDATE: OllyDbg 2.01 Beta 2 – pentesit.com
      Our first post regarding OllyDbg can be found here. Recently, a beta – OllyDbg version 2.01 Beta 2 – was released! OllyDbg itself has hardly changed. This release only has minor improvements.
  • Update: InstalledPrograms.xls V0.0.2 – blog.didierstevens.com
    I fixed InstalledPrograms as earthsound suggested: now I include 32-bit installations on 64-bit systems (provided you use 64-bit Excel).
  • Scanning SharePoint with PowerShell – obscuresecurity.blogspot.com
    A few months ago, I published Get-HttpStatus – a PowerShell function that aides in generic directory and file fuzzing. In order to get it added to PowerSploit, Matt suggested several improvements and eventually made a few of his own.
  • CVE-2012-1535: Adobe Flash being exploited in the wild – labs.alienvault.com
    Yesterday Adobe issued a security update to address CVE-2012-1535 that was being exploited in the wild.
  • UPDATE: Samurai Web Testing Framework 2 Final – pentestit.com
    The Samurai Web Testing Framework is a live Linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.

Vulnerabilities

  • How to respond to the inevitable security breach – gcn.com
    Breaches have become an inevitable part of IT security, making incident response an important element in security programs.
  • PDF fuzzing and Adobe Reader 9.5.1 and 10.1.3 multiple critical vulnerabilities – gynvael.coldwind.pl
    Several months ago, we started an internal Google Security Team effort to improve the general security posture of the Chrome embedded PDF reader, in an approach similar to the Flash fuzzing performed several months ago by Tavis Ormandy.
  • WoW, New Blizzard Password Dump? – novainfosecportal.com
    Yesterday we came across an interesting Pastebin password dump from 8/15 that we noticed on OZDC.net called ”World of Warcraft Database Hacked 10[NEW].” It’s since been removed however given the possible breach of passwords Blizzard announced last week this particular dump caught our attention.

Other News

  • WikiLeaks Stirs Global Fears on Antiterrorist Software – nytimes.com
    A new release of stolen corporate e-mails by WikiLeaks has set off a flurry of concern and speculation around the world about a counterterrorist software program called TrapWire, which analyzes images from surveillance cameras and other data to try to identify terrorists planning attacks.
  • Elusive FinSpy Spyware Pops Up in 10 Countries – bits.blogs.nytimes.com
    FinFisher is a spyware product manufactured by the Gamma Group, a British company that sells surveillance technology. It says its spyware offers “world-class offensive techniques for information gathering.”
  • Could The New Air Traffic Control System Be Hacked? – npr.org
    The Federal Aviation Administration is in the midst of a multibillion-dollar upgrade of the nation’s air traffic control system. The new system is called the Next Generation Air Transportation System, or NextGen.