Resources

  • CRITs-Collaborative Research Into Threats – crits.github.io
    Upload threat data and uncover critical information to keep your organization safe. Develop additional capabilities using the Services Framework to combine CRITs with third-party and home-grown intelligence systems.
  • Heartbleed, Cupid and Wireless – sysvalue.com
    Since Luis Grangeia presentation on cupid had gotten quite a bit of attention, he felt it’s necessary to provide a bit more context about this issue and what it was exactly. He had received some questions and tried to post all the answers here.
  • HTTP Security Headers Nmap Parser – smeegesec.com
    The reason behind creating this table is to get a clear view of the headers used in a large environment. With this report we can search for individual IPs and report on them or get a general feeling for the security posture of many servers.
  • Redmond is patching Windows 8 but NOT Windows 7, say security bods – theregister.co.uk
    Researchers found the gaps after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in 7. The presentation slides are available online.
  • CCS Injection Tester – ccsbug.exposed
    Enter the name of a website to test if they are vulnerable to the CCS attack.

Tools

  • iCamasu – blog.dinosec.com
    iCamasu, iOS com_apple_MobileAsset_SoftwareUpdate, is a Python-based tool that parses and extracts multiple details from Apple iOS software update PLIST files.

    • iCamasu v0.41 – dinosec.com
      iCamasu v0.41 has been tested with PLIST files up to iOS version 7.1.1

Techniques

  • Bypassing Windows ASLR in Microsoft Word using Component Object Model (COM) objects – greyhathacker.net
    Bypassing ASLR on Microsoft Word RTF formatted documents has now become a lot easier. There could be potentially hundreds of possible ProgIDs on a system from various applications that could be used increasing the ever threat of being compromised.
  • Debugging Android Applications – blog.opensecurityresearch.com
    Using a debugger to manipulate application variables at runtime can be a powerful technique to employ while penetration testing Android applications. In this blog post OpenSecurity Research team will highlight the benefits of runtime debugging and give you a simple example to get you going!

Vendor/Software patches

  • Critical new bug in crypto library leaves Linux, apps open to drive-by attacks – arstechnica.com
    A recently discovered bug in the GnuTLS cryptographic code library puts users of Linux and hundreds of other open source packages at risk of surreptitious malware attacks until they incorporate a fix developers quietly pushed out late last week.

    • GnuTLS Patches Critical Remote Code Execution Bug – threatpost.com
      GnuTLS chief architect and Red Hat engineer Nikos Mavrogiannopoulos released a patch last Wednesday after researchers from Codenomicon, the same firm that reported the Heartbleed OpenSSL vulnerability, said they’d found a remote execution bug in GnuTLS.
  • OpenSSL Security Advisory – openssl.org
    Security advisories of OpenSSL security team on different issues are available here.

Vulnerabilities

  • ApBleed: Heartbleed over WPA1/2 Enterprise – mathyvanhoef.com
    It was clear heartbleed was also exploitable against WPA1/2 enterprise networks, even if it wasn’t discussed as publicly as other heartbleed stories. Normally enterprise networks use one of the many EAP methods inside an SSL tunnel to authenticate users. If OpenSSL is being used, this SSL tunnel might be vulnerable to heartbleed.
  • How I discovered CCS Injection Vulnerability (CVE-2014-0224) – ccsinjection.lepidum.co.jp
    The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation. If the reviewers had enough experiences, they should have been verified OpenSSL code in the same way they do their own code. They could have detected the problem.
  • Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks – arstechnica.com
    It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients.