Event Related

  • Juniper Networks intros global cloud-based ‘attacker database’ – zdnet.com
    At the start of RSA 2013, Juniper Networks is rolling out a global database to track attacks on individual devices.
  • MASTIFF Analysis of APT1 – novainfosec.com
    At Shmoocon this year we were please to find that there is a project focused on this specifically called MASTIFF.
  • Armor for Your Android Apps ShmooCon follow-up – intrepidusgroup.com
    Hopefully, everyone’s already decompressed from all the Shmoocon partying by now. I wanted to follow up on the IG Learner app that I presented during my “Armor for your Android Apps” talk and give out a couple of tips on how to approach cracking the challenges (which aren’t all that hard, really).

Resources

  • Android Security 101
    • Android Security 101 IG Learner – isisblogs.poly.edu
      This app was released in this year’s Shmoocon’13 by Intrepidus Group. You can get the app from the Google play store.
    • Android Security 101 IG Learner(Part-2) – isisblogs.poly.edu
      The instructions for this lesson suggest that we need to intercept the token that is sent as a request to a server. However, the request is sent via https, so the traffic when we intercept will be encrypted. We need to find a way to decrypt the traffic, so that we can get the secret token.
    • Android Security 101 IG Learner(Part-3) – isisblogs.poly.edu
      As the title suggests, this lesson is about encryption. Specifically, it concentrates difficulties with key management and why relying on client-side encryption to generate secrets may not be a good idea. As you look through the list of methods in the Lesson6Activity class, “encryptNumberWithAES()” looks interesting.
  • Positive Research Center: SAP Unknown Default Password for TMSADM – blog.ptsecurity.com
    SAP default passwords are nothing new. The top five default passwords are presented in many books and articles on security issues. One would hardly find anything new on this topic.
  • API Hooking in Python – rohitab.com
    This uses in process patching and trampolines to hook windows APIs. Thanks to this forum for ideas and example code. CODE Python Language # patcher…
  • Root Cause Analysis Memory Corruption Vulnerabilities – corelan.be
    For the past year or so I’ve spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes. Early on in my research I quickly realized that building fuzzers and generating large quantities of crashes, even for heavily targeted applications, was easy.
  • PowerShell Basics–Objects and the Pipeline – pauldotcom.com
    PowerShell is an Object based Shell, this means that everything is an object. Those that have programed in Perl, Ruby, Python, C# or any other Objects based language know very well the power of objects, for those that come from a Bash, cmd.exe or any other regular text based shell you will notice that in PowerShell is a lot simpler to parse and use data, typically on one of this shells we are searching for strings, extracting the strings of text that we need and then piping them to something else, this can be very labor intensive.
  • WebAppDefaultsDB (Web App Defaults Database) – github.com
    This is a repository for webappdefaultsDB.
  • iSECPartners/LibTech-Auditing-Cheatsheet – github.com
    This list is intended to be a list of additional or more technical things to look for when auditing extremely high value applications. The applications may involve operational security for involved actors (such as law enforcement research), extremely valuable transactions (such as a Stock Trading Application), societal issues that could open users to physical harassment (such as a Gay Dating Application), or technologies designed to be used by journalists operating inside repressive countries.

Tools

  • iCloud backups inside out – blog.crackpassword.com
    It’s been a while since we released the new version of Elcomsoft Phone Password Breaker that allows downloading backups from iCloud (read the press release).
  • Looking Up Hosts and IP Addresses: Yet Another Tool – blog.didierstevens.com
    lookup-hosts.py takes hostnames or files with hostnames via arguments or stdin, and then uses getaddrinfo to lookup the IP addresses. And you can use a counter if you need to lookup sequentially numbered hosts, like this: master
    [0-20].teamviewer.com.
  • Open Web Application Security Project – blogspot.com
    The OWASP iGoat tool is a stand-alone iOS app (distributed solely in source code) designed to introduce iOS developers to many of the security pitfalls that plague poorly-written apps.
  • gamelinux/passivedns – github.com
    A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

Techniques

  • Bypassing Windows ASLR using skype4COM protocol handler – greyhathacker.net
    While investigating an unrelated issue using SysInternals Autoruns tool I spotted a couple of protocol handlers installed on the system by Skype. Knowing that protocol handlers can be loaded by Internet Explorer without any prompts I decided to check if these libraries have there dynamic base bits set.
  • Java 7 Exploit for CVE-2013-0431 in the Wild – community.rapid7.com
    An exploit for CVE-2013-0431 has been analyzed and shared by SecurityObscurity, and is also now available as a Metasploit module with some improvements for testability. We would like to use this blog post to share some details about the vulnerabilities abused by this new Java exploit.
  • Bypassing Googles Two-Factor Authentication – blog.duosecurity.com
    TL;DR – An attacker can bypass Google’s two-step login verification, reset a user’s master password, and otherwise gain full account control, simply by capturing a user’s application-specific password (ASP).
  • Injecting a DLL in a Modern UI Metro Application – blog.nektra.com
    Dll injection is one of the oldest techniques used to run custom code inside a target application in Windows. It is usually used to intercept and modify normal application behavior or add new functionality.
  • Deobfuscating Java 7u11 Exploit from Cool Exploit Kit (CVE-2013-0431) – security-obscurity.blogspot.it
    At the beginning of the past week @EKWatcher has spotted Cool Exploit Kit using Java 7 update 11 vulnerability (CVE-2013-0431).
  • The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor – securelist.com
    New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as MiniDuke.
  • Suggestions on what to do when a service you use getscompromised – room362.com
    It seems like every week there is a new compromise of some service or another. But as a user what are you supposed to do with this knowledge? Here are some suggestions on things to do or think about when reacting.

Vendor/Software Patches

  • The Java Zero-Day Procession Continues – threatpost.com
    After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found yet another zero-day vulnerability in Oracle’s thoroughly troubled Java platform.

Vulnerabilities

Other News