Events Related

Resources

  • Intel debugger interface open to hacking via USB – blog.ptsecurity.com
    New Intel processors contain a debugging interface accessible via USB 3.0 ports that can be used to obtain full control over a system and perform attacks that are undetectable by current security tools.

Tools

  • Wiegotcha – github.com
    Wiegotcha is the next evolution of Long Range RFID badge capturing. Based on previous work by Fran Brown and Bishop Fox (Tastic RFID Thief), Wiegotcha uses a Raspberry Pi in place of an Arduino for the added capabilities and ease of customization.

Techniques

  • Meraki RCE: When Red Team and Vulnerability Research fell in love. Part 1 – research.trust.salesforce.com
    In one assessment, I installed a pwnplug inside a meeting room. Unfortunately, when I went back to the office to check the shell, I learned that I had ended up plugged into a VoIP VLAN. Not very promising from an attacker point of view, but I decided to see what I could glean from this VLAN anyway.

Vulnerabilities

  • In the News: A BGP Hijacking Technical Post-Mortem – www.bishopfox.com
    In the first week of 2017, Iranian ISP Telecommunication Infrastructure Company (TIC) performed a BGP hijack affecting 99.192.226.0/24. Their goal was to censor select websites residing on the /24 block from Iranian internet users.

Other News

  • Microsoft slates end to security bulletins in February – www.computerworld.com
    Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches.
  • Hack the Army Bounty Pays Out $100,000; 118 Flaws Fixed – threatpost.com
    The Hack The Army bounty, announced last fall, was the second such government rewards program, debuting months after the conclusion of the Hack the Pentagon bounty. Government officials positioned both programs as a vehicle for outreach to white-hat hackers and researchers, inviting a select number to participate and try to penetrate online properties and databases normally off-limits.