Resources

  • Using PowerShell for Client Side Attacks – abofapenetrationtester.com
    This blog post details everything that Nikhil Mittal spoke about at DeepSec plus much more. With this blog post, a newer version of Nishang with “Client” category of attacks is also being released. Lets have a look at the scripts one-by-one.
  • Operation Cleaver – cylance.com
    The Operation Cleaver report sheds light on the efforts of a coordinated and determined group working to undermine the security of at least 50 companies across 15 industries in 16 countries. Cylance report unveils the tactics, techniques and procedures used in what is still an ongoing campaign. Read the report here.
  • Pen Test Hackfest Talks – Some GREAT Reads – pen-testing.sans.org
    the single best part of the SANS Hackfest is the great speakers who share incredibly useful tips, techniques, strategies, and utterly awesome knowledge with attendees. Here are the slide decks from each of the presenters.
  • DEFCON 22 videos and slides – twitter.com
    DEFCON 22 videos and slides have been released! Download link is available in this DEFCON tweet.

Tools

  • PGPy: Pretty Good Privacy for Python – github.com
    PGPy is a Python (2 and 3) library for implementing Pretty Good Privacy into Python programs, conforming to the OpenPGP specification per RFC 4880.

Techniques

  • Exploiting MS14-066 / CVE-2014-6321 (aka “Winshock”) – securitysift.com
    Enough time has passed now to provide a little more detail on how to exploit MS14-066 schannel vulnerability (aka “Winshock”). In this post Mike won’t be providing a complete PoC exploit, but he will delve into the details on exactly how to trigger the heap overflow along with some example modifications to OpenSSL so you can replicate the issue yourself.
  • Internet Explorer EPM Sandbox Escape CVE-2014-6350 – googleprojectzero.blogspot.com
    CVE-2014-6350 is perhaps the most interesting of the bunch, not because the bug is particularly special but the technique to exploit it to get code execution out of the sandbox is unusual. This blog post is going to go into a bit more detail about how you can exploit the vulnerability.
  • Reverse Engineer a Verisure Wireless Alarm part 2 – Firmwares and crypto keys – funoverip.net
    This post is the second chapter of foip’s Verisure story where you’ll learn how to extract and dig into firmwares. In this article, You’ll learn How to extract firmwares from the devices, Multiple ways to recover personal keys from the devices and How to get the session keys.

Vulnerabilities

  • CVE-2014-1824 – A New Windows Fuzzing Target – blog.beyondtrust.com
    So as hoped, BeyondTrust Research Team crash in the memcpy and have exercised the vulnerable code. More than this particular vulnerability they are trying to isolate, this crash seems like it may be more indicative of less audited code then, say, MS Word.

Other News

  • Sony Pictures and F.B.I. Widen Hack Inquiry – nytimes.com
    Sony Pictures Entertainment and the F.B.I. on Wednesday were seeking more information about an attack that crippled Sony’s computer systems — including whether North Korea, or perhaps a former employee, was responsible. Sony was hit by hackers on Nov. 24, resulting in a companywide computer shutdown and the leak of corporate information.