Week 6 In Review – 2014

Resources

  • Why PLCpwn Is Important for ICS Cyber Weapons – www.digitalbond.com
    The interesting question is what happens when organizations and governments stumble across one of these deployed attack systems and covert channels?

  • Cheat Sheets – packetlife.net
    Here are Cheet sheets by packetlife. You can download all from here.
  • OWASP Cheat Sheet Series – owasp.org
    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific web application security topics. These cheat sheets were created by multiple application security experts and provide excellent security guidance in an easy to read format.
  • Pen-Test-A-Go-Go: Integrating Mobile and Network Attacks for In-Depth Pwnage – pen-testing.sans.org
    Josh Wright and eskoudis presented a webcast a few months back that is chock full of useful pen testing techniques from the mobile and network arenas. Based on the new SANS course.
  • Top Security Questions to Ask Your Cloud Provider – fishnetsecurity.com
    When considering a move to the cloud, there are a number of security questions that should be considered as you select a potential cloud provider.
  • DARPA Open Catalog – darpa.mil
    Here is the DARPA Open Catalog, which contains a curated list of DARPA-sponsored software and peer-reviewed publications. DARPA funds fundamental and applied research in a variety of areas including data science, cyber, anomaly detection, etc.
  • A look at Snapchat client-side controls – intrepidusgroup.com
    An iOS tweak to save Snapchat images to persistent storage, disable screenshot notifications, and never expire images. For this exercise, Intrepidus used the Theos framework to write a MobileSubstrate based tweak.
  • WAVSEP Web Application Scanner Benchmark 2014 – sectooladdict.blogspot.ro
    Here is a detail analysis by Shay Chen on The Web Application Vulnerability Scanners Benchmark.
  • SWAMP – continuousassurance.org
    The Software Assurance Marketplace (SWAMP) is committed to bringing a transformative change to the national software assurance landscape by providing a national marketplace that provides continuous software.

Tools

  • tilde_enum – github.com
    Takes the output of a java scanner that exploits the IIS tilde 8.3 enumeration vuln and tries to get you full file names.
  • SPIPScan – github.com
    SPIP (CMS) Scanner for penetration testing purpose written in Python, and released under MIT License. This tool has been designed to perform detection of SPIP installs during penetration testing.
  • pasteye – github.com
    It’s an interesting side project, and can be rather useful to some people. Great for breach notifications (i.e: realtime notification if a large DB has been pasted to Pastebin), and future versions will have custom filter features which would allow you to monitor for anything.

Techniques

  • Here’s how Bell was hacked – SQL injection blow-by-blow – troyhunt.com
    OWASP’s number one risk in the Top 10 has featured prominently in a high-profile attack this time resulting in the leak of over 40,000 records from Bell in Canada. It was pretty self-evident from the original info leaked by the attackers that SQL injection had played a prominent role in the breach.
  • New iFrame Injections Leverage PNG Image Metadata – blog.sucuri.net
    In today’s attacks, especially when talking about drive-by-downloads, leveraging the iFrame tag is often the preferred method. It’s simple and easy, and with a few attribute modifications, the attacker is able to embed code from another site, often compromised, and load something via the client’s browser without them knowing.
  • Pwn Faster with Metasploit’s Multi-Host Check Command – community.rapid7.com
    A new trick we’d like to introduce today is the modified “check” command, which allows you to quickly identify vulnerable, or likely exploitable machines in a more accurate manner.
  • Obtaining NTDS.dit Using In-Built Windows Commands – blog.cyberis.co.uk
    Using the same underlying technique (Volume Shadow Service), there is an in-built command (Windows 2008 and later) that does a backup of the crucial NTDS.dit file, and the SYSTEM file (containing the key required to extract the password hashes), without the need to use VB Script, third-party tools or injecting into running processes.
  • Reverse engineering my bank’s security token – blog.valverde.me
    Thiago Valverde’s current bank, one of Brazil’s largest, provides its clients with one of several methods (in addition to their passwords) to authenticate to their accounts, online and on ATMs. He reverse engineered their Android OTP code generator and ported it to an Arduino-compatible microcontroller.
  • How I hacked Github again. – homakov.blogspot.com
    This is a story about 5 Low-Severity bugs, Egor pulled together to create a simple but high severity exploit, giving him access to private repositories on Github.

Vendor/Software patches

Vulnerabilities

Other News

  • Hacked Within Minutes: Sochi Visitors Face Internet Minefield – nbcnews.com
    The U.S. State Department has told Americans coming to Sochi that they should have “no expectation of privacy,” even in their hotel rooms.

    • That NBC story 100% fraudulent -blog.erratasec.com
      On February 4th, NBC News ran a story claiming that if you bring your mobile phone or laptop to the Sochi Olympics, it’ll immediately be hacked the moment you turn it on. The story was fabricated.
  • Security Tip (ST14-001) Sochi 2014 Olympic Games – us-cert.gov
    Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many international level media events, hacktivists may attempt to take advantage of the large audience to spread their own message.
  • Security Tip (ST14-001) Sochi 2014 Olympic Games – us-cert.gov
    Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many international level media events, hacktivists may attempt to take advantage of the large audience to spread their own message.
  • This iPhone-Sized Device Can Hack A Car, Researchers Plan To Demonstrate – forbes.com
    At the Black Hat Asia security conference in Singapore next month, Spanish security researchers Javier Vazquez-Vidal and Alberto Garcia Illera plan to present a small gadget they built for less than $20 that can be physically connected to a car’s internal network to inject malicious commands affecting everything from its windows and headlights to its steering and brakes.
  • Target attack shows danger of remotely accessible HVAC systems – computerworld.com
    Cloud security service provider Qualys said that its researchers have discovered that about 55,000 Internet-connected heating systems, including one at the Sochi Olympic arena, lack adequate security.

Leave A Comment