Week 5 In Review – 2014

Resources

Tools

  • iker – labs.portcullis.co.uk
    ker is a Python tool to analyse the security of the key exchange phase in IPsec based VPNs. Download link is available here.
  • SecUpwN / Android-IMSI-Catcher-Detector – github.com
    This is an android-based project to detect and avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Sounds cool and security is important to you?
  • wifijammer – github.com
    Wifijammer continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card.
  • mass-deauth – github.com
    This is Mass-Deauth script for 802.11 pwnage. Download this script from here.
  • DependencyCheck – github.com
    Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency.

Techniques

  • Reversing the WRT120N’s Firmware Obfuscation – devttys0.com
    It was recently brought to Craig’s attention that the firmware updates for the Linksys WRT120N were employing some unknown obfuscation. He thought this sounded interesting and decided to take a look.

Vulnerabilities

  • Revisting XXE and abusing protocols – www.corelan.be
    The basic premise behind the vulnerability is that when a user authenticates with a site using OpenID, that site does a ‘discovery’ of the user’s identity. To accomplish this the server contacts the identity server specified by the user, downloads information regarding the identity endpoint and proceeds with authentication.

Other News

2017-03-12T17:39:33-07:00 February 3rd, 2014|Security Tools, Security Training, Security Vulnerabilities, Week in Review|0 Comments

Leave A Comment