Week 40 In Review – 2013

Events Related

  • SyScan360 Beijing slides – reverse.put.as
    Eight days and 10 flights later author Papers back from SyScan360 in Beijing. It was his first visit to China and he had lots of fun observing many things that he only “knew” from reading. His presentation slides are available here.

Resources

  • What I Wish I Knew Before Studying Computer Security in College – blog.matthewdfuller.com
    In twelve short weeks Matt Fuller is going to be graduating from college with a degree in Computer Networking with a focus on Computer Security. Now that his time in college is almost over, he wants to reflect on some of the things he has learned as a student of Computer Security with the hope that some incoming security students can learn from his experiences.
  • Derbycon 2013 Videos – www.irongeek.com
    Here are all the Videos of presentations from Derbycon 2013.

    • Testing Malware Scenarios in your Environment Derbycon 2013 – myne-us.blogspot.comm
      We often perform pentests, vulnerability assessments, social engineering tests, and physical security but these test all miss 1 major form of attack, malware. The concept here is to introduce a different sort of test than we normally do right now.

Tools

  • OllyDbg 2.01 – ollydbg.de
    New version of OllyDbg 2.01 released with many new features. OllyDbg also released Disassembler 2.01 under GPL v3, preliminary version without documentation.

Techniques

  • Security Considerations for ActiveMQ’s Simple Authentication Plugin – gursevkalra.blogspot.com
    Apache ActiveMQ is a popular message broker that has several security features to help secure its deployment. In this blog post Gursev Singh Kalra will discuss ActiveMQ’s simple authentication plugin and analyze it from security perspective.
  • Reverse Engineering the NEST Thermostat – Part 1 – danielbuentell0.blogspot.com
    Earlier this year danielbuentell0 glanced over the teardown of the NEST smart thermostat. One of the things that stood out was the inclusion of zigbee hardware that was never mentioned in any official NEST documentation. He started reverse engineering it
  • Identifying suspicious domains using DNS records – www.alienvault.com
    Very often when cybercriminals are migrating to new infrastructure or when the previous has been taken down, they point their domain names (sleep) to temporary specific adresses. AlienVault Labs are going to describe a couple of techniques that you can use to implement DNS logging in your environment and look for suspicious domains that follow the described rule.
  • Recovering Plain Text Passwords with Metasploit and Mimikatz – cyberarms.wordpress.com
    Mimikatz, created by our friend Gentil Kiwi, is a great password recovery tool. It is able to recovery passwords from several Windows processes in Plain Text. Not to long ago a Mimikatz module was added to Metasploit, so recovering clear text passwords once you have a remote meterpreter shell is easier than ever.

Vendor/Software patches

  • Metasploit releases CVE-2013-3893 (IE SetMouseCapture Use-After-Free) – community.rapid7.com
    Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still at least a temporary fix-it that you can apply from Microsoft, which can be downloaded here.

Vulnerabilities

  • How I met Firefox: A tale about chained vulnerabilities – viaforensics.com
    The main purpose of this article is to show some vulnerabilities recently found in the browser created for Android smartphones. The findings detailed below affect all Firefox Android browser versions below version 24, therefore it is highly recommended that you update your application to ensure you are not running an outdated version that is suceptible to these vulnerabilities.
  • Adobe To Announce Source Code, Customer Data Breach – krebsonsecurity.com
    Adobe Systems Inc. announced that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. Adobe says it will be releasing critical security updates for Adobe Acrobat and Adobe Reader.

Leave A Comment