Events Related

Resources

  • My slides from BsidesPDX’16 – firmwaresecurity.com
    I gave a brief presentation at Security BSides Portland (BsidesPDX) a few days ago. Title was “Firmware Tools for Security Researchers”. Since it was only a 20-minute time slot, I only had time to cover a few tools, and didn’t get a chance to mention other noteworthy tools.
  • Setting up a Research Environment for IP Cameras – insinuator.net
    Embedded devices often serve as an entry point for an attack on a private or corporate network. The infamous attack on HackingTeam, for example, followed exactly this path as was revealed here. Although the attack may have been for the greater good (refer also to this great keynote), such incidents demonstrate that it is important to properly secure your embedded devices.
  • IP Cameras Default Passwords Directory – ipvm.com
    We have gathered this list of IP camera manufacturers and their default usernames and passwords to help users get started more quickly. After the list, we discuss recent changes by manufacturers as well as password security issues.

Tools

  • BloodHound – github.com
    BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor.

Techniques

  • What are malicious USB keys and how to create a realistic one? – www.elie.net
    Dropping a malicious USB key in a parking lot is an effective attack vector, as demonstrated by our recent large-scale study. This blog post follows up on the study by showing how reliable and realistic-looking malicious USB keys can be created.
  • Just Too Much Administration – Breaking JEA, PowerShell’s New Security Barrier – www.scriptjunkie.us
    Just Enough Administration (JEA) is a new Windows 10/Server 2016 feature to create granular least privilege policies by granting specific administrative privileges to users, defined by built-in and script-defined PowerShell cmdlets. Microsoft’s documentation claimed JEA was a security boundary so effective you did not need to worry about an attacker stealing and misusing the credentials of a JEA user.
  • Extracting LastPass Site Credentials from Memory – techanarchy.net
    Let me start by stating this is not an exploit or a vulnerability in LastPass. This is just extracting any data that may remain in memory during a forensics acquisition. At some point the data must be in clear.
  • SLACK, A Brief Journey to Mission Control – secalert.net
    In order to understand the infrastructure and to gain information about the used framework I started to check the HTTP response header and saw that Slack is using an Apache httpd server. So I tried to identify common Apache directories and directives like “/icons/README”, “/manual/”, “/server-info” and “/server-status”.

Vulnerabilities

  • 5900 online stores found skimming
    [analysis] – gwillem.gitlab.io
    Online skimming is just like physical skimming: your card details are stolen so that other people can spend your money. However, online skimming is more effective because a) it is harder to detect and b) it is near impossible to trace the thieves.
  • Recording Keystroke Sounds Over Skype to Steal User Data – www.onthewire.io
    New research from the University of California Irvine shows that an attacker, who has not compromised a target’s PC, can record the acoustic emanations of a victim’s keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.
  • Researchers Bypass ASLR Protection on Intel Haswell CPUs – news.softpedia.com
    A team of scientists from two US universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research.
  • How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts – motherboard.vice.com
    On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn’t come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government.

Other News

  • Weebly hacked, 43 million credentials stolen – techcrunch.com
    The web design platform Weebly was hacked in February, according to the data breach notification site LeakedSource. Usernames and passwords for more than 43 million accounts were taken in the breach, although the passwords are secured with the strong hashing algorithm bcrypt.
  • How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts – motherboard.vice.com
    On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn’t come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government.
  • How Stolen iOS Devices Are Unlocked – isc.sans.edu
    For a number of years now, Apple has been implementing “Activation Lock” and “Find my iPhone” to deter the theft of iOS devices. According to some statistics, this effort has had some success. But with millions of users carrying devices costing $500 and more loosely secured in their pockets, mobile devices far exceed the value of an average wallet.