Week 44 In Review – 2013

Resources

Tools

  • The Social-Engineer Toolkit (SET) v5.4 “Walkers” Released – trustedsec.com
    TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get around the security “enhancements”.
  • Toorcon 2013 – github.com
    Toorcon 2013 Talk contains configuration scripts, examples, and of course the talk notes.

Techniques

  • Phishing With Linkedin’s Intro – jordan-wright.github.io
    In this post, we’ll take a look and see what exactly Linkedin is doing to its users’ email, as well as how we can spoof this information, gaining full control of the information shown to the user.

  • Drop Box on The Cheap – securepla.net
    A drop box is a small lightweight system that you can drop into an environment that will call back to you. The concept is that you are on a physical penetration test and you are able to social engineer your way into the building.
  • Use Microsoft’s Sigcheck 2.0 to check all files in a folder on Virustotal – www.ghacks.net
    Microsoft has released Sigcheck 2.0 a couple of days ago. The excellent program enables you to verify information about files — including digital certificates, version numbers and timestamp information – by pointing it to a folder that you want checked.

Vulnerabilities

  • HTTP Request Hijacking – www.skycure.com
    This post contains details about a coding pitfall Yair Amit recently identified in many iOS applications, which he calls HTTP Request Hijacking (HRH). If you are an iOS developer in a hurry to fix this issue, feel free to jump over to the “Remediation” section. Skycure created a quick-and-easy solution that will automatically protect all vulnerable iOS apps.
  • Dragos Ruiu’s “badBIOS”
    #BADBIOS (And Lotsa Paranoia, Plus Fireworks) – kabelmast.wordpress.com
    Update on the malware formerly known as “BIOS SDR,” now known as #badBIOS: Dragos’s post to his Facebook page basically reads like the video message voice-over at the beginning of a post-apocalyptic horror film.

Other News

Leave A Comment