Week 10 in Review – 2013

Event Related

Resources

  • IPv6 Focus Month
    • IPv6 Focus Month: Addresses – isc.sans.edu
      I would like to start our focus month with a simple post about what many consider the IPv6 killer feature: Addresses. There are a number of issues that come up with addresses, and you need to understand them when you deploy IPv6.
    • IPv6 Focus Month: Device Defaults – isc.sans.edu
      IPv6 in this part of the planet is not very advanced, as in the deployment isn’t. Whilst companies and telcos realise that the end so to speak is nigh for IPv4 uptake is rather slow in AU at least.
    • IPv6 Focus Month: Guest Diary: Stephen Groat – Geolocation Using IPv6 Addresses – isc.sans.edu
      IPv6 designers developed a technique called stateless address autoconfiguration (SLAAC) to reduce the administrative burden of managing the immense IPv6 address space.
    • IPv6 Focus Month: Barriers to Implementing IPv6 – isc.sans.edu
      First of all, if you want IPv6 addresses that will route on the internet, they’re not free. For instance, if you’re within arin.net’s jurisdiction, the fee schedule is here: https://www.arin.net/fees/fee_schedule.html. The fees are annual, none of these are one time prices.
    • IPv6 Focus Month: Filtering ICMPv6 at the Border – isc.sans.edu
      First of all, what is RFC4890 all about
      [1]? The RFC is considered informational, not a standard. Usual guidance for IPv4 is to not block ICMP error messages, but one can get away with blocking all ICMP messages.
    • IPv6 Focus Month: IPv6 Encapsulation – Protocol 41 – isc.sans.edu
      Packet Tunneling IPv6 over IPv4 protocol 41 (Toredo or 6to4) is nothing new. It was first introduce in RFC 2473 in December 1998 and has been in use since ~2002.
  • PowerShell Basics – Execution Policy and Code Signing Part1 – darkoperator.com
    One will see in many places in Microsoft documentation and in several books out there that PowerShell has security system called Execution Policy, I personally do not agree this is a security measure but just a simple control to protect from accidental execution of code not specifically allowed thru normal means.
  • Windows Priv Esc – insomniasec.com
    This is the powerpoint of WindowsPrivEsc.
  • Hacking the Mind: How & Why Social Engineering Works – veracode.com
    Social engineering: the hack that requires no knowledge of code. Despite its relative simplicity the risks associated with social engineering are just as serious as the numerous hacks that have populated recent headlines.
  • Resilient Military Systems and the Advanced Cyber Threat – acq.osd.mil
    This is a task report from the Department of Defense – Defense Science Board

Tools

  • TekDefense/Automater.py – github.com
    Welcome to Automater! I have created this tool to help analyst investigate IP Addresses and URLs with the common web based tools. All activity is passive so it will not alert attackers. Web Tools used are: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com www.TekDefense.com
  • New Tool Release – RPC_ENUM – RID Cycling Attack – trustedsec.com
    Null session attacks are nothing new when it comes to what we typically do on a penetration test. There is already some great tools out there such as dumpusers, dumpsec, and others however most are for Windows. We set out to write something that we could use in a standard install of Back|Track or any NIX platform.

Techniques

  • New Heap Spray Technique for Metasploit Browser Exploitation – community.rapid7.com
    In this demonstration, I’ll just use Internet Explorer 10 on Windows 8. Please make sure to enable script debugging in IE during development. The debugger we’ll be using is WinDBG, which can be downloaded here.
  • You Injected What? Where? – blog.spiderlabs.com
    While harder to detect, there are still some instances of websites exploitable via partially blind SQL injection. For the purposes of this blog we’re going to call the website AngryGrrl’s Sock Puppets.
  • Mounting NFS shares through Meterpreter withNfSpy – room362.com
    While it’s original intent was aide in bypassing NFS security controls it has the right amount of options to make mounting NFS over Meterpreter possible.
  • Retrieving Crypto Keys Via IOS Runtime Hooking – blog.gdssecurity.comI am going to walk you through a testing technique that can be used at runtime to uncover security flaws in an iOS application when source code is not available, and without having to dive too deeply into assembly.
  • VulnVPN (Vulnerable VPN) Solutions – rebootuser.com
    The following post shows some possible ways to hack and gain root on VulnVPN from Rebootuser.com
  • Hacking Web Services with Burp – netspi.com
    WSDL (Web Services Description Language) files are XML formatted descriptions about the operations of web services between clients and servers. They contain possible requests along with the parameters an application uses to communicate with a web service.
  • Video Tutorial: Introduction to Pen Testing Simple Network Management Protocol (SNMP) – community.rapid7.com
    The Simple Network Management Protocol (SNMP) is used on networked deviced to read, write, and update device configuration remotely. Windows desktop systems typically do not run snmp services by default but these can be enabled for testing.
  • New DIY hacked email account content grabbing tool facilitates cyber espionage on a mass scale – blog.webroot.com
    What would an average cybercriminal do if he had access to tens of thousands of compromised email accounts? He’d probably start outsourcing the CAPTCHA solving process, in an attempt to hijack the IP reputation of both Domain Keys verified and trusted domains of all major free Web based email service providers.
  • PSExec Demystified – community.rapid7.com
    Multiple modules inside the Metasploit Framework bear the title PSExec, which may be confusing to some users.
  • Elusive Thoughts: The Hackers Guide To Dismantling IPhone (Part 1) – securityhorror.blogspot.com
    This blog post is going to focus on how to perform a complete penetration test on an iOS application, no time is going to be wasted on how to pentest the server component since the threat land scape is almost identical to that of a Web Application or a Web Service, and since you read my blog (if you don’t start doing it) you should know by now that I covered most types of attacks for Web Applications and Web Services so far.
  • Metasploit MSI Payload Generation – rewtdance.blogspot.com
    A few months ago I created a Metasploit Local Exploit to capitalize on a registry/group policy setting that meant that .msi files were installed with SYSTEM privileges.

Vendor/Software Patches

  • KIA: Reveton Ransomware Java 7 Exploit – CVE-2013-0431 – invincea.com
    We are doing some amazing things at Invincea to help combat the largest attack surface your organization faces – campaigns aimed at your users in the form of spear-phishing, watering hole and drive-by download attacks to name a few.
  • SUDO Auth Bypass Vulnerability – sectechno.com
    Authentication bypass vulnerability has been discovered in sudo utility, the affected versions are Sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 inclusive.

Vulnerabilities

  • When a Signed Java JAR file is not Proof of Trust – eromang.zataz.com
    Running a signed Java JAR file is not a proof of trust and could lead to malware installation if Java default settings are applied.
  • Twitter OAuth API Keys Leaked – threatpost.com
    The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning.

Other News

2017-03-12T17:39:41-07:00 March 11th, 2013|Security Conferences, Security Tools, Security Vulnerabilities, Week in Review|0 Comments

Share This Story, Choose Your Platform!

Leave A Comment