Week 23 in Review – 2013

Resources

• The Ultimate Guide to Finding and Using Free Images On Your WordPress Site – wpmu.org
  Blog writing can involve a lot of blood, sweat and tears, unless you’re one of those magical people who can tap out an insightful post with inexplicable ease or some kind of deus ex machina intervention.
• Calling NTDLL Functions Directly – resources.infosecinstitute.com
  If you’re reading this, then you’ve probably wanted to call some internal ntdll function that isn’t exported and easily callable, right? If no, then let me explain what I mean.
• Cisco In The Sky With Diamonds: Nexus 1000V jailbreaks, licensing and 0day
  [Slides] [PDF] – phenoelit.org
  Generally, virtualization is the abstraction of resources towards the resource of consumer.

Tools

• Mercury v2.2.1 – labs.mwrinfosecurity.com
  Well, ToolsWatch broke the news: after nearly 18 months, thousands of downloads, countless hours of R&D and loads of feedback from the community, we are sad to be waving goodbye to Mercury and its awesome (if somewhat maligned) logo.

Techniques

• Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit – article.gmane.org
  I’m quite proud of this list cycle trick, here’s how to turn it into an arbitrary write.
• EasyDA – Easy Windows Domain Access Script – nccgroup.com
  For people who regularly conduct internal penetration tests on Windows domains, typically you will see common issues arise such as common passwords.
• Using Nessus to Audit VMware vSphereConfigurations – blog.gdssecurity.com
  Nessus has the ability to run compliance checking scripts for many different services and servers, and is a great resource for aligning a server with “best practice” server hardening guides, such as those released by the Center for Internet Security (CIS). Recently VMware officially released the vSphere 5.1 Hardening Guide, for which Tenable have then released Nessus compliance scripts to check for the recommended configurations.
• Using Mimikatz Alpha or Getting Clear Text Passwords with a Microsoft Tool – room362.com
  Mimikatz is now built into Metasploit’s meterpreter, you can do load mimikatz from the meterpreter prompt, but if you don’t want to go through the hassle of dealing with AV, reverse or bind payloads, meterpreter binaries, and you have clear text credentials for an admin, you can just use Mimikatz’s alpha release that allows you to run Mimikatz on your machine against a process memory dump of LSASS.
• Part 3: Quick and Useful Tricks for Analyzing Binaries for Pen Testers – pen-testing.sans.org
  In the first part of this series, I discussed analyzing binary files and looking for hints about their communications streams.

Other News

• US Cyber Commander proposes radical changes to combat cybercrime – zdnet.com
  General Keith B. Alexander, leader of U.S. Cyber Command, wants to combine military and intelligence forces to try and combat the global threat of cybercrime.
• The Changing and Terrifying Nature of the New Cyber-Warfare – vanityfair.com
  On the hidden battlefields of history’s first known cyber-war, the casualties are piling up. In the U.S., many banks have been hit, and the telecommunications industry seriously damaged, likely in retaliation for several major attacks on Iran.