Week 26 in Review – 2013

Event Related

• HackMiami Releases Results of Web Application Security Scanner ‘2013 Pwn-Off – PenTest Shootout’ – reuters.com
  HackMiami researchers have released a comprehensive whitepaper that detail the results of the 2013 Pwn-Off Pen-Test Tools Shootout that took place on Miami Beach during the HackMiami 2013 Hackers Conference.

Resources

• Penetration Testing for iPhone 5
  • Penetration Testing for iPhone Applications Part 5 – resources.infosecinstitute.com
    In the first part of the article, we discussed traffic analysis for iPhone applications. The second, third and fourth parts of the article covered an in-depth analysis of insecure data storage locations on the iPhone. In this part, we will take a look at runtime analysis of iOS applications.
  • Penetration testing of iPhone Applications – securitylearn.net
    In the First part of the article, we have discussed about the iPhone application traffic analysis.
• SSL: Intercepted today, decrypted tomorrow – news.netcraft.com
  Millions of websites and billions of people rely on SSL to protect the transmission of sensitive information such as passwords, credit card details, and personal information with the expectation that encryption guarantees privacy.
• The top ten most common database security vulnerabilities – zdnet.com
  What are the most common, and serious, database vulnerabilities that businesses should be aware of?
• Scapy Guide The Release – itgeekchronicles.co.uk
  Two weeks ago I posted about my intention to write a “dummies” guide to Scapy. So here it is “The Very Unofficial Dummies Guide to Scapy”.

Tools

• Python MITM Tool + targeting script for local network
  • DanMcInerney/wifi-monitor – github.com
    Prints the IPs on your local network that’re sending the most packets
  • DanMcInerney/intercept – github.com
    Running just intercept.py without -ip argument will arp scan the network and give you a choice of targets then just arp spoof the target
• ResponseCoder – Manipulation of HTTP Response Headers – blog.cyberis.co.uk
  ResponseCoder is designed to allow you to easily manipulate HTTP response headers – specifically to identify weaknesses in perimeter filtering appliances such as web proxies and next generation firewalls.
• Adding Vulnerability Scanning Capabilities to Nmap with NSE Vulscan 1.0 – toolswatch.org
  Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV version detection per service which is used to determine potential flaws according to the identified product.
• prasanna2204/IronSAP – github.com
  Usage : 1. download all the files in github into folder IronWasp/modules/IronSAP 2. Start Ironwasp 3. From menu click … Modules -> My Downloads -> IronSAP 5. Enter the IP Address of SAP host in text box and hit start 6. Wait till the results are displayed.

Techniques

• Spidering WordPress.org for Security Fixes – infosec4breakfast.blogspot.se
  I first saw this concept in Australia at Ruxcon 2012, which basically comprised of looking at change logs and other available information online to derive vulnerabilities for earlier versions of web applications.
• Old Exploits Still Do the Trick – blog.spiderlabs.com
  We are all aware that patching is very important. Many websites, however, take the risk of not updating their software for various reasons: it requires manual modifications, adjustment of the current code to work with the changes, the layout gets broken… In other words- they are lazy.
• Exploiting Serialized XSS in Joomla! (return of the undead CVE) – blog.spiderlabs.com
  While reviewing Joomla! Vulnerabilities I felt a glitch in the matrix. Deja vu had set in and I was working on the same XSS vulnerability that I had written a test for month’s prior.
• How Wi-Fi can track movement through walls, ruin hide-and-seek forever – gigaom.com
  Researchers think the low-cost, portable technology could be used for personal safety and to locate survivors in collapsed buildings.
• Anatomy of a browser trick youve heard of clickjacking, now meet keyjacking – nakedsecurity.sophos.com
  You may remember clickjacking, where your cursor is placed over a clickable button, such as a Facebook Like, that is itself placed over an innocent-looking image.
• Gone in 59 seconds: tips and tricks to bypass AppMinder’s Jailbreak detection – reverse.put.as
  There’s a new attempt at jailbreak detection available at http://appminder.nesolabs.de. It is mostly aimed at Enterprise applications and not AppStore usage. I am not sure about AppStore rules but those tricks will most probably not pass the approval process.

Vendor/Software Patches

• HP Storage – lolware.net
  HP’s D2D product line, which has recently been rebranded “StoreOnce”, is effectively an expensive software platform.
• Auditing Security Checklist for AWS Now Available – blogs.aws.amazon.com
  Based on feedback from our customers, AWS has published an Auditing Security Checklist to help you and your auditors assess the security of your AWS environment in accordance with industry or regulatory standards.

Vulnerabilities

• How Much is Your Gmail Worth? – krebsonsecurity.com
  If you use Gmail and have ever wondered how much your account might be worth to cyber thieves, have a look at Cloudsweeper, a new service launching this week that tries to price the value of your Gmail address based on the number of retail accounts you have tied to it and the current resale value of those accounts in the underground.
• RC4 in TLS is Broken: Now What? – community.qualys.com
  RC4 has long been considered problematic, but until very recently there was no known way to exploit the weaknesses.