Week 49 In Review – 2013

Events Related

  • BotConf 2013 Wrap-Up
    • BotConf 2013 Wrap-Up Day #1 –blog.rootshell.be
      Xavier was in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event was dedicated to botnets and malwares.
    • BotConf 2013 Wrap-Up Day #2 – blog.rootshell.be
      Here is the Day 2 wrap up of the conference by Xavier.
  • The Appsec Program Maturity Curve 3 of 4 – www.veracode.com
    This is post three in a series on the Application Program Maturity Curve. A dedicated and rigorous Application Security Program is best pursued as a sustained, policy-driven program that employs proactive, preventative methods to manage software risk.
  • Baythreat 4 – thesprawl.org
    The year is almost over, but the infosec community in the Bay Area shows no signs of slowing down with the fourth annual BayThreat conference.

Resources

Tools

  • GCC Poison – blog.leafsr.com
    gcc-poison is a simple header file for developers to ban unsafe C/C++ functions from applications. It uses the #pragma GCC poison directive to define a number of identifiers (function names) as unsafe.
  • SYmbolic Exploit Assistant – seatool.org
    “Symbolic Exploit Assistant” ( SEA ) is a small tool designed to assist the discovery and construction of exploits in binary programs. SEA is free software (GPL3) and includes a minimal toolkit (BSD) to quickly develop binary analisys tools in Python.

    • SEA -github.com
  • Binwally: Directory tree diff tool using Fuzzy Hashing – w00tsec.blogspot.com
    A simple script to perform directory tree diffing using the concept of Fuzzy Hashing (ssdeep) to define a matching score between binaries.
  • TekDefense-Automater – github.com
    Automater is a tool that orginially created to automate the OSINT analysis of IP addresses. It quickly grew and became a tool to do analysis of IP Addresses, URLs, and Hashes.
  • New Burp/ZAP plugin : Script Generator – blog.h3xstream.com
    ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
  • oclHashcat v1.00 – hashcat.net
    oclHashcat v1.00 is a fusion of oclHashcat-plus v0.15 and oclHashcat-lite v0.15. Download it here.

Techniques

  • The gentle art of cracking passwords – www.bbc.co.uk
    If you want to pick a stronger password do not use simple combinations of words and numbers, choose words that are only tangentially related to you and make sure the password you use for your online banking is used for nothing else.

Vendor/Software patches

Vulnerabilities

  • Healthcare.gov Operational – Security concerns not addressed – trustedsec.com
    TrustedSec’s CEO presented in front of Congress on the security concerns on the healthcare.gov website. TrustedSec performed no form of hacking, just passive analysis of the healthcare.gov website.
  • DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs – thehackernews.com
    In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities. After analyzing the Log file from the victim’s server, The Hacker News have noticed many WordPress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated.
  • Siemens Patches Authantication Bypass Flaw in SINAMICS ICS Software – threatpost.com
    Siemens has patched a serious remotely exploitable vulnerability in its SINAMICS S/G ICS software that could enable an attacker to take arbitrary actions on a vulnerable installation without having to authenticate. The vulnerability affects all versions of the Siemens SINAMICS S/G products with firmware versions earlier than 4.6.11.
  • Unprivileged GPU access vulnerability – CVE-2013-5987 – nvidia.custhelp.com
    An NVIDIA graphics driver bug allows unprivileged user-mode software to access the GPU inappropriately. An attacker who successfully exploited this vulnerability could take control of an affected system.

Other News

Leave A Comment