Week 24 in Review – 2013

Event Related

• Workshop on the Economics of Information Security 2013 – lightbluetouchpaper.org
  I’m liveblogging WEIS 2013, as I did in 2012, 2011, 2010 and 2009. This is the twelfth workshop on the economics of information security, and the sessions are being held today and tomorrow at Georgetown University.
• Stupid Little IPv6 Tricks – isc.sans.edu
  With the IPv6 Summit on Friday, various IPv6 related topics are of course on my mind. So I figured to put together a quick laundry list of “stupid little IPv6 tricks/topics”. Let me know what issues you are running into as well.

Resources

• Volume Shadow Copy NTDS.dit Domain Hashes Remotely – Part1 – room362.com
  Ever run into a Domain Controller that wasn’t allowed to talk to the Internet, had insane AV and GPOs not allowing anyone to RDP in (Even Domain Admins) unless they provided some kind of voodo happy dance?
• The Value of a Hacked Email Account – krebsonsecurity.com
  This post aims to raise awareness about the street value of a hacked email account, as well as all of the people, personal data, and resources that are put at risk when users neglect to properly safeguard their inboxes.
• Category:OWASP Top Ten Project – owasp.org
  The OWASP Top 10 for 2013 is now officially released as of June 12, 2013.
• Symantec Intelligence Report: May 2013 – symantec.com
  For starters we’ve taken a look at data breaches. Symantec and the Ponemon Institute have just released their annual Cost of a Data Breach report, which covers trends seen in 2012.

Techniques

• Modifying Mimikatz to be Loaded Using Invoke-ReflectiveDLLInjection.ps1 – clymb3r.wordpress.com
  This is a follow up to my article about reflectively loading DLLs using PowerShell. This will walk you through the relatively simple process of modifying mimikatz to be loadable using the reflective DLL loader to dump passwords.
• Steps Toward Weaponizing the Android Platform – zitstif.no-ip.org
  In this article I will be covering ways that one can turn their Android based device into a powerful pocket sized penetration testing tool. If you’re looking to do wireless sniffing or packet injection with your Android based device, this article will be of little help.
• Sometimes, The PenTest Gods Shine On You – blog.spiderlabs.com
  Settling down for a hacking session usually means lots of hard work and a long grind towards target data. You’ve got to juggle a large stack of systems and testing constraints, all while learning about the environment from the ground up. You can spend 3 hours trying to land a shell on a box, just to find it gets you nowhere. However, sometimes a beautiful beam of light shines down from the heavens and opens up a door or two for you (or maybe its just the sun reflecting off of something in my office, either way).
• Video Tutorial – Installing Kali Linux on Bootable, Persistent USB – community.rapid7.com
  This video covers the installation of Kali Linux on a USB drive. Additionally, setting up persistence on a separate partition is reviewed including how the persistence works. A Kali Linux virtual machine is used to create the USB.

Vendor/Software Patches

• Novell Zenworks MDM: Mobile Device Management for the Masses – console-cowboys.blogspot.com/
  I’m pretty sure the reason Novell titled their Mobile Device Management (MDM, yo) under the ‘Zenworks’ group is because the developers of the product HAD to be in a state of meditation (sleeping) when they were writing the code you will see below.
• Adobe, Microsoft Patch Flash, Windows Krebs on Security – krebsonsecurity.com
  Patch Tuesday is again upon us: Adobe today issued updates for Flash Player and AIR, fixing the same critical vulnerability in both products.
• Assessing risk for the June 2013 security updates – blogs.technet.com
  Today we released five security bulletins addressing 23 CVE’s. One bulletin has a maximum severity rating of Critical, and four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Vulnerabilities

• The most sophisticated Android Trojan – securelist.com
  Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated.

Other News

• Edward Snowden
  • NSA Contractor Outs Himself as Source of Surveillance Documents – wired.com
    Edward Snowden, a former computer security administrator for the CIA and current contractor for the NSA, has outed himself as the source of a string of explosive documents describing NSA surveillance activities against U.S. citizens and foreign targets.
  • Edward Snowden: the whistleblower behind the NSA surveillance revelations – guardian.co.uk
    The 29-year-old source behind the biggest intelligence leak in the NSA’s history explains his motives, his uncertain future and why he never intended on hiding in the shadows.