Week 41 In Review – 2013

Resources

  • Louisville Infosec 2013 Videos – www.irongeek.com
    Here are the videos from Louisville Infosec 2013 conference.
  • BruCON talks – youtube.com
    BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Here are the videos from BruCON talks.
  • Scanning Targets for PHP My Admin Scans – stateofsecurity.com
    Here are an updated list of the common locations where web scanning tools in the wild are checking for PHPMyAdmin. You should check to make sure your site does not have a real file in these locations or that if it exists, it is properly secured.
  • Defcon 21 Materials – defcon.org
    Here are the links of DEFCON 21 Hacking Conference updated CD, DVD’s and Presentations etc.

Tools

  • Nmap Cheat Sheet 1.0 – pen-testing.sans.org
    Over the last couple of days, the folks at Counter Hack and eskoudis have put together an Nmap cheat sheet covering some of the most useful options of everyone’s favorite general-purpose port scanner, Nmap. And, with its scripting engine, Nmap can do all kinds of wonderful things for security professionals.

Techniques

  • Exploiting Integer Based SQL Injection In Nested SQL Queries – blog.gdssecurity.com
    In this post Sasha Zivojinovic will be talking you through exploiting what turned out to be an interesting SQL Injection variation – SQL injection involving nested queries and arithmetic evaluation.
  • SNMP Process Sniper – Kill Windows Processes With SNMP Write Access – www.hackwhackandsmack.com
    On a recent test, DOUG came across SNMP write access on a Windows box and he really wanted to use it to lower the security posture of the server however at the time the only attacks that he could come up with were Denial of Service (change IP, name etc) or Pointless POC’s (writing a contact etc).
  • Proxmark3 – Adding Ultralight Support – penturalabs.wordpress.com
    The Proxmark3 appeared to be missing Mifare Ultralight support. The ability to identify Ultralight cards was present within the ‘hf 14a reader‘ command. A simple ‘svn update‘ will update any current repository. Else use the following command to grab the repository.
  • Veil AV Bypass on Kali – cyberarms.wordpress.com
    One of the common hurdles of security and penetration testers is bypassing anti-virus on target systems. Veil uses a Metasploit like interface to create a remote shell program that will bypass most Anti-Virus programs. In this article Cyber arms will discuss how to install and run Veil on Kali Linux.

Vendor/Software patches

Vulnerabilities

Other News

  • Feds Arrest Alleged Top Silk Road Drug Seller – krebsonsecurity.com
    Federal authorities last week arrested a Washington state man accused of being one of the most active and sought-after drug dealers on the online black market known as the “Silk Road.” The BBC reported that four men had been arrested in the U.K. for alleged drug offenses on the Silk Road.

  • Phony order faxed to registrar leads to Metasploit defacement – threatpost.com
    A pro-Palestine hacker collective went old-school in its takedown of the Metasploit and Rapid7 websites today. Metasploit creator and HD Moore confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com.

Leave A Comment