Week 2 in Review – 2013

Event Related

  • Index of Congress 29c3 – ftp.ccc.de

    High quality mp4 of 29c3.

  • The ‘Hack Back’ Offense – bankinfosecurity.com

    To repel the onslaught of cyberattacks against organizations, security leaders are debating the merits of the “hack back” defense.

  • THREADS – trailofbits.com

    THREADS is an annual conference that focuses on pragmatic security research and new discoveries in network attack and defense. Held each year during NYU-Poly’s Cyber Security Awareness Week (CSAW) in Brooklyn, NY, THREADS is organized by NYU-Poly Hackers in Residence Dan Guido and Dino Dai Zovi with the help of cyber security students at the university.

Resources

  • An AWK-ward Response – blog.commandlinekungfu.com

    There’s a couple of different ways you could attack this using the material I showed you in the previous post. One way would be to do string comparison on field $1.

  • Demystifying dot NET reverse engineering: Introducing Round-trip engineering – resources.infosecinstitute.com

    After covering the basics of dot NET reverse engineering in first articles (refer to the references), it’s time to go more in depth of the dot NET MSIL assembly language.

  • Windows DLL Injection Basics – blog.opensecurityresearch.com

    DLL injection is the process of inserting code into a running process. The code we usually insert is in the form of a dynamic link library (DLL), since DLLs are meant to be loaded as needed at run time.

  • Nokias MITM on HTTPS traffic from their phone – gaurangkp.wordpress.com

    The statements I have posted on this site are mine alone and do not necessarily reflect the views of Unisys Tested On Handset Model Nokia Asha 302 OS Version 14.78 (31-08-12), RM-813 Browsers Tested On Nokia Browser (2.2.0.0.31) OS Type Series 40 (S40) After discovering that HTTP traffic from the phone is getting redirected through…

    • NMAP
      • NMAP Scripting Example – resources.infosecinstitute.com

        When writing Nmap NSE scripts, we of course need to have a way to talk to the Nmap API, which provides us with various advanced features so we don’t have to write those features ourselves.

      • writing nmap nse scripts for vulnerability scanning – thesprawl.org

        Nmap Scripting Engine became part of the mainline codebase with the release of Nmap 4.21ALPHA1 back in December, 2006.

    Tools

    • Detours – research.microsoft.com

      Detours Professional 3.0 is available for immediate purchase at the online Microsoft Store. Detours Professional includes a commercial use license that allows the use of Detours in commercial products and in production environments.

    • Tool release: AMF Deserialize Burp plugin – netspi.com

      Action Message Format (AMF) is one of the communication protocols used to exchange messages between Flash client and server; the others are RTMP and XML.

    • [ultimet] – The Ultimate Meterpreter Executable – eldeeb.net

      Stand-alone meterpreter executables that are created using (msfpayload/msfvenom) are not flexible in selecting the LHOST, LPORT or even the transport after being created …

    Techniques

    • GoogleScraper.py – A simple python module to parse google search results. – incolumitas.com

      I always was in need of a fast and reliable working python module to query the google search engine. The google API is rubbish, because they just give you maximally 36 results. This is completly inacceptable!

    • Stacked based MSSQL blind injection bypass methodology – secforce.com

      If you have a blind SQL injection you are already in a good position. Exploitation however, depending on the type of the blind SQL injection, can take time.

    • psexec_command: Not Your Daddys Psexec – pentestgeek.com

      The psexec_command module allows a user with proper credentials to run commands against a system similarly to the sysinternals psexec. The following is how I used the module to start the services, obtain the ntds.dit and sys files from the domain controller and put the system back as I encountered it by only using the psexec_command module.

    • Dumping Class Information for Encrypted iOS Applications – securityaegis.com

      This article will outline using runtime hacking to dump classes of iOS applications even if the application is still encrypted. (cross-posted from my blog at Fortify On Demand)

    • Handling Untrusted JSON Safely – blog.whitehatsec.com

      JSON (JavaScript Object Notation) is quickly becoming the de-facto way to transport structured text data over the Web, a job also performed by XML.

    Vendor/Software Patches

    • Adobe
      • Adobe ColdFusion Exploits in Wild; Patch Remains Week Away – threatpost.com

        Users of Adobe ColdFusion application server will have to wait another week for a security update and patches for three vulnerabilities being exploited in the wild. Adobe recommends users deploy a series of mitigations in the meantime.

      • Adobe, Microsoft Ship Critical Security Updates – krebsonsecurity.com

        Adobe and Microsoft today separately issued updates to fix critical security vulnerabilities in their products. Adobe pushed out fixes for security issues in Acrobat, Adobe Reader and its Flash Player plugin.

    • Assessing risk for the January 2013 security updates – blogs.technet.com

      Today we released seven security bulletins addressing 12 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

    • New year, new Java zeroday! – labs.alienvault.com

      Earlier this morning @Kafeine alerted us about a new Java zeroday being exploited in the wild. With the files we were able to obtain we reproduced the exploit in a fully patched new installation of Java. As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab.

    • PoC exploits for CVE-2013-0156 and CVE-2013-0155 – ronin-ruby.github.com/blog

      Params are first parsed by ActionDispatch::Middleware::ParamsParser, which detects the MIME type of the request and parses the body appropriately. By default ParamsParser only supports parsing XML and JSON requests. After the request body is parsed, the resulting data is coerced into a HashWithIndifferentAccess, ensuring all Hash keys are Strings.

    • Defeating iOS Jailbreak Detection – securityaegis.com

      There are several ways to employ jailbreak detection in a security conscious mobile application. Many of easier-to-defeat methods involve checking the iOS file system to see if any jailbreak relevant files exist.

    • CMarkup Use After Free Vulnerability – CVE-2012-4782 – vnsecurity.net

      Latest M$ tuesday patch kill one of my 0day in Microsoft Internet Explorer 9/10. So I decided release Proof Of Concept code and writeup some analyze about this bug. Hope it helpful.

    • Exploiting Ruby on Rails with Metasploit (CVE-2013-0156) – community.rapid7.com

      Earlier this week, a critical security flaw in Ruby on Rails (RoR) was identified that could expose an application to remote code execution, SQL injection, and denial of service attacks. Ruby on Rails is a popular web application framework that is used by both web sites and web-enabled products and this flaw is by far the worst security problem to surface in this framework to date.

    Vulnerabilities

    Other News

2017-03-12T17:39:43-07:00 January 14th, 2013|Security Conferences, Security Tools, Security Vulnerabilities, Week in Review|0 Comments

Share This Story, Choose Your Platform!

Leave A Comment