Week 26 In Review – 2014

Black Hat USA Briefings Giveaway
Enter to win an Black Hat USA 2014 Briefings ticket worth
$2,2000 from Infosec Events

Events Related

• Hack in Paris 2014 Wrap-Up Day #1 – blog.rootshell.be
  Hack in Paris, a French security conference held in Disneyland Resort Paris. The conference started with a sunny sky over the conference centre in the New York hotel. Here is Xavier’s wrap-up for the first day. Happy reading!
  • Hack in Paris 2014 Wrap-Up Day #2 – blog.rootshell.be
    Here is the wrap up for the second day of Hack in Paris 2014.

Resources

• Verifying ASLR, DEP, and SafeSEH with PowerShell – www.netspi.com
  Here is a PowerShell script, released by Eric Gruber, that easily displays whether images (DLLs and EXEs) are compiled with ASLR, DEP and SafeSEH. The PEchecker PowerShell script utilizes C# code to create the relevant structs needed for the PE Header format.
• Shakacon #6 presentation: Fuck you Hacking Team, From Portugal with Love – reverse.put.as
  The presentation was about reverse engineering HackingTeam’s OS X malware latest known sample. The slide count is 206 and It was obviously not able to present everything.
• Major Security Project – RaspAP (Smart Network Device) – hackogram.com
  The concept of this project is to build a portable Access Point with secure authentication server, to serve a wired network, wirelessly using 802.1x and inspect an authenticated traffic entering the company’s network using Intrusion Prevention System. This project also covers the use of syslog server to store all logs of network to a centralised location using Raspberry Pi Model B.

Tools

• Simple bruteforce detection tool – santarago.org
  Here you’ll find a simple, drop-in bruteforce detection program. The tool is just quick proof of concept but it might be useful when one doesn’t have the time and resources to add integrated bruteforce detection to a possibly very complex web application stack.

Techniques

• NAC doesn’t like your penetration testing device? IPv6 to the rescue! – blog.spiderlabs.com
  Sometimes in a network penetration test it’s just too easy to get to the “crown jewels”. And sometimes it hit the wall from the very start and have no idea how to proceed. Here ANiemiec explained how when his IPv4 connections were blocked by the NAC system, he used IPv6 to compromise a number of hosts and some sensitive data during a recent test.
• Identifying Xml eXternal Entity vulnerability (XXE) – blog.h3xstream.com
  Note that this article doesn’t explain in dept XXE. It focus on tips and methodology to identify the vulnerability and the parser capabilities. The tests presented are those that were effective on the old version of RunKeeper.
• Back To The Future: Unix Wildcards Gone Wild – www.defensecode.com
  This article will cover one interesting old-school Unix hacking technique, that will still work nowadays in 2013. Hacking technique of which even many security-related people haven’t heard of.

Vulnerabilities

• Nest Learning Thermostat has its security cracked open by GTVHacker – www.engadget.com
  GTVHacker just revealed an exploit for the (now Google-owned, and owner of Dropcam) Nest Learning Thermostat. It could let owners do new and interesting things (like replace the Nest software entirely) but of course, someone with bad intentions could take it in another direction.
• Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication – www.duosecurity.com
  Researchers at Duo Labs , the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web services.
• Timthumb raises its ugly head, once again – www.dxw.com
  A new vulnerability has been announced in TimThumb, a library that many WordPress sites use to manipulate and display images. This vulnerability makes sites with a particular configuration of TimThumb vulnerable to arbitrary code execution attacks.
• Researchers crack iPad PINs by tracking the fingers that enter them – www.engadget.com
  A group at the University of Massachusetts Lowell has developed a way to capture iPad passcodes without needing any kind of on-screen cue. A camera is still required, but because the position of the lockscreen keypad is static, their software references finger movement against tablet orientation to estimate the PIN by the way it’s entered.
  • Google Glass Snoopers Can Steal Your Passcode With a Glance – www.wired.com
    The odds are you can’t make out the PIN of that guy with the sun glaring obliquely off his iPad’s screen across the coffee shop. But if he’s wearing Google Glass or a smartwatch, he probably can see yours.
• Surprise iOS 7.1 jailbreak for most iPhones and iPads uses year-old flaw – arstechnica.com
  Developers in China have published what appears to be a reliable and malware-free jailbreak for most iPhones and iPads running the latest version of Apple’s iOS. The release underscores how hard it is to keep such jailbreak exploits out of the public domain, since the code vulnerability that makes it possible appears to come from a highly secretive training class on iOS exploit development.

Other News

• Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones – www.wired.com
  Newly uncovered components of a digital surveillance tool used by more than 60 governments worldwide provide a rare glimpse at the extensive ways law enforcement and intelligence agencies use the tool to surreptitiously record and steal data from mobile phones.