Week 13 in Review – 2013

Event Related

• Blackhat Europe 2013 Arsenal Tools Event Wrap-up – toolswatch.org
  I finally found time to write a wrap-up about the activities of the Arsenal Tools Event during the last session of Blackhat Amsterdam Europe 2013.
• IPv6 Focus Month: IPv6 over IPv4 Preference – isc.sans.edu
  Initially, most IPv6 deployments will be “Dual Stack”. In this case, a host will be able to connect via IPv4 and IPv6. This brings up the question which protocol will be preferred, and if multiple addresses are possible, which source and destination address are used.
• Digital cameras easily turned into spying devices, researchers prove – net-security.org
  In this presentation from Shmoocon 2013, they explained in detail how they managed to mount the attacks, and have also offered advice for users on how to secure their cameras and connections against these and similar attacks.

Resources

• Web for Pentester – pentesterlab.com
  This exercise is a set of the most common web vulnerabilities.
• Eavesdropping on a wireless keyboard – windytan.blogspot.se
  To investigate this, I bought an old Logitech iTouch PS/2 cordless keyboard at an online auction. It’s dated July 2000.
• Windows Hardening Guide – 0xdabbad00.com
  This guide is focused on Windows Vista, 7 and 8 systems for personal use. This guide is not concerned with the following.

Tools

• YoNTMA (You’ll Never Take Me Alive!) – isecpartners.com
  Enter YoNTMA! YoNTMA (You’ll Never Take Me Alive!) is a tool designed to enhance the protection of encrypted data. YoNTMA runs as a background service and begins monitoring your computer any time the screen is locked.
• Psexec Python Rocks! – pen-testing.sans.org
  Python rocks! PSEXEC rocks! So, what could be better than psexec written in Python?
• Passpat, Password Pattern Identifier – digininja.org
  It is generally accepted that most passwords in common use are based on dictionary words however, some people decide to use keyboard patterns instead and to try to spot these I’ve created Passpat.
• Announcing Mercury v2.2 – mwrinfosecurity.com
  Today, Mercury v2.2 is available for download. Well, it’s nearly easter, and whilst we are packing up for the long weekend we wanted to give you a little present.
• Introducing dumpmon – raidersec.blogspot.com
  I created a Twitter-bot which monitors multiple paste sites for different types of content (account/database dumps, network device configuration files, etc.). You can find it on Twitter and on Github.

Techniques

• Buffer Overflows with Crossbow
  • The Shadow File: Buffer Overflows with Crossbow Part 1 – shadow-file.blogspot.com
    For this tutorial I’ve written a simple program in C that overflows a buffer on the stack with whatever it reads from the network.
  • The Shadow File: Buffer Overflows with Crossbow Part 2 – shadow-file.blogspot.com
    In part 1, we had gotten a crash by sending a 2048-byte pattern to the vulnerable program.
• mongodb – SSJI to RCE – blog.scrt.ch
  Trying some server side javascript injection in mongodb, I wondered if it would be possible to pop a shell.
• Network Testing 101: If Your Name’s Not Down, You’re Not Getting In – blog.gdssecurity.com
  The thing is how do we get these usernames? A few basic network pentesting tricks are listed here.
• How I became a password cracker – arstechnica.com
  My journey into the Dark-ish Side began during a chat with our security editor, Dan Goodin, who remarked in an offhand fashion that cracking passwords was approaching entry-level “script kiddie stuff.”
• Cisco IOS Patching: Defense and Offense – blog.didierstevens.com
  First PoC is how changing the canary value 0xFD0110DF to another value can provide defense against exploits like FX explained in this paper. I changed the appropriate instructions so that IOS uses canary value OxFC0220CF.
• Cracking IKE Mission:Improbable (Part 1) – blog.spiderlabs.com
  All too often during pen tests I still find VPN endpoints configured to allow insecure Aggressive Mode handshakes. Fortunately, gaining access to the internal network as a result of this vulnerability remains a fairly complex task.

Vulnerabilities

• There’s a Hole in 1,951 Amazon S3 Buckets – community.rapid7.com
  Cloud hosting and cloud storage is all the rage, but there are still some common pitfalls that many organizations overlook. In this blog post, I will walk through an issue that seems to be coming up a lot – exposed Amazon S3 buckets.
• Report: Nearly 94% Of Endpoints Running Java Are Vulnerable To Exploit – securitybistro.com
  The announcement of a new Java vulnerability seems about as common as sunshine in San Diego.
• Critical Flaw Threatens Millions of BIND Servers – threatpost.com
  A critical security vulnerability in BIND DNS software could allow an attacker to knock an affected server offline or compromise it completely.

Other News

• DDos Attack
• The DDoS That Almost Broke the Internet – blog.cloudfare.com
  The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week.
• Answers about recent DDoS attack on Spamhaus – spamhaus.org
  At this time The Spamhaus Project is getting more press enquiries than we can personally respond to. Below is a list with the most frequently asked questions, along with our answers.
• FBI wants real-time Gmail, Dropbox spying power. – slate.com
  Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time.
• Firm Is Accused of Sending Spam, and Fight Jams Internet – nytimes.com
  A squabble between a group fighting spam and a Dutch company that hosts Web sites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure around the world.