Week 36 In Review – 2015

Events Related

• Chaos Communication Camp 2015 – media.ccc.de

Resources

• microchips – zeptobars.ru

Tools

• WPSploit – github.com
  This repository is designed for creating and/or porting of specific exploits for WordPress using metasploit as exploitation tool.

• armory-pass – github.com
  Password manager for USB Armory

• Sleepy Puppy – github.com
  Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.

• CrackMapExec – github.com
  A swiss army knife for pentesting Windows/Active Directory environments

• Peeking Inside the BGM111 Bluetooth Module – blog.lacklustre.net
  In August Silicon Labs released the BGM111, a Bluetooth Smart (BLE) module that might be powering the next generation of IoT devices in customers’ hands and on hackers’ workbenches.

Vulnerabilities

• Bugs in Belkin Routers.
  The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers.
  • CERT Warns of Slew of Bugs in Belkin N600 Routers – threatpost.com
  • Belkin F9K1111 V1.04.10 Firmware Analysis – blog.vectranetworks.com

• Malware on Apple iOS.
  A new family of Apple iOS malware dubbed KeyRaider is slamming jailbroken iOS devices with ransomware, data theft, and fraudulent purchases.
  • Biggest Apple Account Theft Ever Hits Only JailBroken iOS Devices – darkreading.com
  • “KeyRaider” Malware Exposes Over 225,000 Jailbroken iPhones And Apple IDs – forbes.com
  • Malware for iOS – www.theiphonewiki.com

Other News

• Proposed Rule from FCC.
  Right now, the FCC is considering a proposal to require device manufacturers to implement security restricting the flashing of firmware.
  • FCC introduces rules banning WIFI router firmware modification – hackaday.com
  • Save WIFI: Act now to save WIFI from the FCC – hackaday.com

• Justice Department Announces Enhanced Policy for Use of Cell-Site Simulators – www.justice.gov
  The Justice Department today announced a new policy for its use of cell-site simulators that will enhance transparency and accountability, improve training and supervision, establish a higher and more consistent legal standard and increase privacy protections in relation to law enforcement’s use of this critical technology.