Week 16 In Review – 2016

Events Related

• CanSecWest – www.slideshare.net

• BSides Nashville 2016 Videos – www.irongeek.com

• Infiltrate 2016 – infiltratecon.com

Resources

• Ransomware: Past, Present, and Future – blog.talosintel.com
  The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware.

Tools

• RDP Replay Code Release – www.contextis.com
  We have made this tool available after being asked by a number of our blog readers. This tool requires the private key for decrypting, which can usually be recovered with cooperation from the client.

Techniques

• If You Can’t Break Crypto, Break the Client: Recovery of Plaintext iMessage Data – www.bishopfox.com
  CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client. In contrast to attacking the iMessage protocol, it is a relatively simple bug.

• Discover the Unknown: Analyzing an IoT Device – www.insinuator.net
  This blog post will give a brief overview about how a simple IoT device can be assessed. It will show a basic methodology, what tools can be used for different tasks and how to solve problems that may arise during analyses.  It is aimed at readers that are interested in how such a device can be assessed, those with general interest in reverse engineering or the ones who just want to see how to technically approach an unknown device.

• Petya Ransomware
  Petya appeared on researchers’ radar last month when criminals distributed it to companies through spam emails that masqueraded as job applications. It stood out from other file-encrypting ransomware programs because it overwrites a hard disk drive’s master boot record (MBR), leaving infected computers unable to boot into the operating system.
  • Petya Ransomware’s Encryption Defeated and Password Generator Released – www.bleepingcomputer.com
  • Experts crack Petya ransomware, enable hard drive decryption for free – www.csoonline.com

Vulnerabilities

• Microsoft Unleashes 13 Bulletins, Six Critical – threatpost.com
  Microsoft today released a lucky 13 bulletins for April, with six rated critical and the others important. In total, Microsoft patched 29 unique CVEs for this round, with the most anticipated patch tied to Badlock.

• Badlock Vulnerability Falls Flat Against Its Hype – threatpost.com
  Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients.

Other News

• Hyping vulnerabilities is no longer helping application security awareness – techcrunch.com
  It used to be a vulnerability was disclosed, a few people who paid attention to such things blogged about it, patches were made, and we went about our day. During this time, not enough people understood the importance of application security and remediating vulnerabilities. It wasn’t mainstream, and it certainly wasn’t considered major news.

• The Vigilante Who Hacked Hacking Team Explains How He Did It – motherboard.vice.com
  Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it.