Week 15 in Review – 2013

Event Related

• HITB Amsterdam 2013
  • HITB Amsterdam 2013 Day #1 Wrap-Up – blog.rootshell.be
    I back in Amsterdam for the third time this month. Today, it is to participate to the Hack In The Box conference. This is already the 4th one, time flies! Like the previous editions, the event is organised at the Okura hotel, a very nice place. Thanks to the Easter break, roads were clear to Amsterdam and I arrived in time to register and grab some coffee.
  • HITB Amsterdam 2013 Day #2 Wrap-Up – blog.rootshell.be
    And we are back for a second day full of fun and pwnage! It was a rainy day on Amsterdam today but water will not prevent hackers to meet again! I joined the hotel for the breakfast in time.
  • Index of /hitbsecconf2013ams/materials – hitb.org
    Materials for the HITB Sec Conf 2013 Amsterdam
• Cybersecurity
  • cybersecurity framework webcast – nist.gov
    This event was webcast live on April 3, 2013. Captions will be posted shortly.
  • Cyber Security Framework Workshop, April 3, 2013 – technoflak.blogspot.com
    The April 3 workshop was mobbed, the Department of Commerce auditorium was filled to capicity. I assumed that it would be thinly attended like the meetings of the Federal XML work group; but there must have been something like 500 people there.
• Outerz0ne 9 (2013) – irongeek.com
  These are the videos from the Outerz0ne 9 conference. Big thanks to Joey and Evan on the video crew.
• When Offense and Defense Become One – pen-testing.sans.org
  While I was at the RSA Conference in February, my buddy Josh Wright contacted me and told me how many of the techniques covered in his SANS 575 course on mobile device security and ethical hacking could also be used for mobile device forensics analysis.

Resources

• Dark South Korea and Discovered PuTTY Tools Behaviours – zataz.com
  By analyzing one of the Dark South Korea dropper, I discovered interesting behaviours associated with the PuTTY binaries installed in “%TMP%” Windows folder. These behaviours could be considered as expected, but they could be used more efficiently in the future.
• Top 5 Mistakes – emea.symantec.com
  Ways People Leave Themselves Open to Compromise from Hackers.
• InfoSec Institute Resources Penetration Testing for iPhone Applications Part 4 – resources.infosecinstitute.com
  In the first part of the article, we have discussed the iPhone application traffic analysis. The second part of the article covered privacy issues and property list data storage. The third part covered in-depth analysis of the iOS keychain data storage. In this part, we will look at different types of files stored/created in the application’s home directory and other insecure data storage locations.

Tools

• Metasploit 4.6.0 Released – community.rapid7.com
  We just released Metasploit 4.6.0, so applying this week’s update will get you the brand new version. While Chris has a delightful blog post of what all is new in Metasploit Pro, let’s take a look at what’s exciting and new between Metasploit 4.5.0 and today’s update to 4.6.0.
• Adobe ColdFusion APSB13-03 Remote Exploit – exploit-db.com
  This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions.
• 
  Python Exploit Development Assistance for GDB – code.google.com
  PEDA is a gdbinit Python script to help exploit development on Linux/Unix
• Viproy – VoIP Penetration Testing Kit – github.com
  SIP and NGN Services Testing Modules for Metasploit Framework

Techniques

• Poshing the hashes: Using PowerShell to play with hashes – labofapenetrationtester.blogspot.com
  This powershell session will have privileges of the user whose hashes were used in WCE. Please note that there is nothing which could be flagged by an AV as we are using WCE on our machine and rest of it is Windows’ features.
• Implicit type conversion in MySQL – vagosec.org
  In some languages, using arithmetic operators on elements that aren’t numeric, give some weird results. In JavaScript for example,
  [ ] + { } is an Object, while { } + [ ] appears to be NaN.
• Open Security Research: Hacking EAP-FAST Phase 0 with hostapd-wpe – opensecurityresearch.com
  EAP-FAST (Flexible Authentication via Secure Tunneling) [RFC 4851] is an EAP-Type developed by Cisco “to support customers that cannot enforce a strong password policy and want to deploy an 802.1x EAP type that does not require digital certificates”.
• Sessiondump Meterpreter Extension – room362.com
  Mimikatz is awesome right, so is WCE. But both have one fatal flaw, even though you can execute them in memory {link} – you still have to have the binaries, remember the command to execute it in memory, and ultimately transfer the entire binary over so that metasploit can do its thing.
• A Sweet Script to Dump Keys from Wlan Profiles – Post Exploitation (or Regular Use) – zeroknock.blogspot.com
  After post exploitation, retrieving data from the compromised machine is always an interesting scenario. Considering the time factor, even a small automation is productive. Running a same command several times is not bad but its better to take a next step.
• Putting the MY in phpMyAdmin – pen-testing.sans.org
  A wee time ago on a pen test not far, far away, I was looking for that first toehold; the first shell that split the test wide open; my entry into the target; the toe in the door; the camel’s nose in the tent; the first part of the whatever that gets into there wherever that it shouldn’t be in the first place. I kicked off an nmap sweep using the http-enum script, in hopes of finding an interesting web server with an even more interesting set of directories.
• Using Volume Shadow Copies from Python – pen-testing.sans.org
  Volume Shadow copies are immensely useful to penetration testers, often containing a treasure trove of valuable information. What if the domain administrator knows the penetration testers are coming, so he deletes “passwords.txt” from his desktop?

Vendor/Software Patches

• Microsoft Security Bulletin
  • Out with the old, in with the April 2013 security updates
    – blogs.technet.com
    Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users.
  • Assessing risk for the April 2013 security updates – blogs.technet.com
    Today we released nine security bulletins addressing 13 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important.
• Critical Fixes for Windows, Flash and Shockwave – krebsonsecurity.com
  The second Tuesday of the month is upon us, and that means it’s once again time to get your patches on, people (at least for readers running Windows or Adobe products). Microsoft today pushed out nine patch bundles to plug security holes in Windows and its other products.

Vulnerabilities

• KIA: NationalJournal.com Pushing Malware Through Fiesta EK Killed with Invincea – invincea.com
  Today, we noticed an interesting infection in our cloud based Threat Data Server indicating that malware was being served by www.nationaljournal.com.
• Brute Force Attacks Build WordPress Botnet – krebsonsecurity.com
  Over the past week, analysts from a variety of security and networking firms have tracked an alarming uptick in so-called “brute force” password-guessing attacks against Web sites powered by WordPress, perhaps the most popular content management system in use today (this blog also runs WordPress).

Other News

• Hitting Back At Hackers: Why “Strikeback” Is Doomed To Fail ReadWrite – readwrite.com
  Between agenda-pushing hacktivists, money-grubbing cyber criminals, and — more recently — belligerent nation states, there is no shortage of attackers breaking into networks, stealing trade secrets and generally wreaking havoc throughout IT infrastructure.
• Researcher Says He’s Found Hackable Flaws In Airplanes’ Navigation Systems (Update: The FAA Disagrees) – forbes.com
  An airplane’s cockpit, including the Honeywell flight management system that Hugo Teso says is among the vulnerable equipment he tested. Here’s an uncomfortable image to keep in mind during your next flight: A rogue hacker who can redirect planes at will with the touch of an Android phone’s screen.