Event Related

  • Course Review: SANS SEC573 Python for Penetration Testers – ethicalhacker.net
    “SANS SEC573 Python for Penetration Testers” is a five-day class that teaches the basics of the Python language then builds on that knowledge to show how to utilize its specialized libraries to perform network capture and analysis, SQL injection, Metasploit integration, password guessing and much more.
  • HiTCON 2013 slides – reverse.put.as
    The slides are slightly changed from previous presentations, fixing/reordering some things and minor additions (small details related to OS X Mavericks).
  • Stronger Identity Protection via Mobile Devices Passwords13 – viaforensics.com
    At this year’s PasswordsCon, viaForensics Mobile Researcher David Weinsten presented “Stronger Identity Protection via Mobile Devices”. The presentation was made on July 30, 2013.
  • Black Hat USA 2013
  • BSides Las Vegas
    • BSidesLV: Android Backup [un]packer release – blog.c22.cc
      As part of my “Mobile Fail: Cracking open “secure” android containers” talk at BSidesLV I’ve released a couple of scripts I wrote to automate some of the legwork involved in backing up Android applications and automatically unpacking their data and settings.
    • Bsides Las Vegas 2013 Videos – irongeek.com
      These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.
    • BSidesLV Day 2 Postmortem – novainfosec.com
      Just wanted to follow-up with our article from yesterday on some of the going-ons at BSidesLV this year… Unfortunately, I took the morning off to pick up my badge for Defcon but did manage to catch some gems later in the afternoon.
    • Researchers bypass home and office security systems – computerworld.com
      Many door and window sensors, motion detectors and keypads that are part of security systems used in millions of homes and businesses can be bypassed by using relatively simple techniques, according to researchers from security consultancy firm Bishop Fox.
  • Defcon 21
    • Car hacking code released at Defcon – news.cnet.com
      Car computer hacking hit the gas on the first morning of Defcon 21, as hackers revealed how they took over two of the most popular cars in America. Read this article by Seth Rosenblatt on CNET News.
    • Defcon Day 2 Postmortem – novainfosec.com
      As compared to day 1 of Defcon I did a little better and actually got into Defcon before noon. And after a quick lunch I headed off to check out several talks.
    • Researchers Develop DIY System to Detect Malware on Mobile Phones – wired.com
      Researchers have developed a do-it-yourself system for detecting malware on mobile phones using a femtocell that allows users to monitor their own mobile traffic.

Tools

  • drozer – labs.mwrinfosecurity.com
    drozer provides tools to help you use and share public Android exploits. It helps you to deploy a drozer agent by using weasel – MWR’s advanced exploitation payload.
  • A Cheap Spying Tool With a High Creepy Factor – mobile.nytimes.com
    Brendan O’Connor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street – not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?

Techniques

  • admin to SYSTEM win7 with remote.exe – carnal0wnage.attackresearch.com
    I ended up using Method 2 on a recent test. The post above calls for needing an elevated command shell so you can call “at”. This is easy if you are legitimately sitting in front of the box but if you pentesting, potentially harder.
  • How to Easily Spot Broken Cryptography in iOS Applications – andreas-kurtz.de
    Within one of my recent research projects on mobile application security, I reviewed some password managers for iOS devices from the Apple App Store.
  • Troy Hunt: Everything you wanted to know about SQL injection (but were afraid to ask) – troyhunt.com
    Put on your black hats folks, it’s time to learn some genuinely interesting things about SQL injection. Now remember – y’all play nice with the bits and pieces you’re about to read, ok?
  • Struts 2 Remote Code Execution via OGNL Double Evaluation – communities.coverity.com
    Struts 2 heavily utilizes OGNL as a templating / expression language. OGNL, similar to other expression languages, is vulnerable to a class of issues informally termed “double evaluation”. That is, the value of an OGNL expression is mistakenly evaluated again as an OGNL expression.
  • Mimikatz Minidump and mimikatz via bat file – carnal0wnage.attackresearch.com
    First, check out this post by the mimikatz author. Now, one of the twitter comments I received was: “duh anyone can right click and dump process memory to a file”. Unfortunately i’m rarely sitting with a GUI and can just “right click” but i do usually have the ability to “net use” and create scheduled tasks. The cool thing about AT jobs and scheduled tasks is that if you run them as “admin” they really get run as SYSTEM, so you can do neat stuff like dump lsass memory or get SYSTEM shells when the job executes your binary.
  • Obviously a Major Malfunction…: RFIDler – An open source Software Defined RFID Reader/Writer/Emulator – aperturelabs.com
    RFID is, as with a lot of these technologies, mysterious by nature. It relies on strange physical phenomena like “induction” and “electro-magnetism” and “near-fields”, etc. Yes, what we Code Monkeys like to call “Magic Moonbeams”. It’s all very nasty and analoguey.
  • Zone Transfers on The Alexa Top 1 Million – ethicalhack3r.co.uk
    At work as part of every assessment we do a some reconnaissance which includes attempting a DNS Zone Transfer (axfr) and conducting a subdomain brute force on the target domain/s. The subdomain brute force is only as good as your wordlist, the Zone Transfer is a matter of luck.

Vendor/Software Patches

Vulnerabilities

Other News