Week 19 In Review – 2017

Events Related

Resources

  • Car Hacking – illmatics.com
    Instead of buying books or paying exorbitant amount of money to learn about car hacking, we (Charlie Miller and Chris Valasek) decided to publish all our tools, data, research notes, and papers to everyone for FREE!
  • Password Magic Numbers – room362.com
    LanManager passwords (“LM”) is a very old and well known password hashing function. Used way back in OS/2 Warp and MS-Net (networking for MS-DOS). It was great in it’s day, however how it worked was not sustainable.

Techniques

  • WHID Injector: How to Bring HID Attacks to the Next Level – whid-injector.blogspot.lt
    Due this increased amount of nifty software, as Pentester and Red-Teamer, I wanted a cheap and dedicated hardware that I could remotely control (i.e. over WiFi or BLE). And this is how WHID was born.
  • Outlook Forms and Shells – sensepost.com
    Using MS Exchange and Outlook to get a foothold in an organisation, or to maintain persistence, has been a go to attack method for RedTeams lately. This attack has typically relied on using Outlook Rules to trigger the shell execution. Although Ruler makes accomplishing this really easy, it has, up until now, required a WebDAV server to host our shell/application.
  • Reverse-Engineering The Peugeot 207’s CAN BUS – hackaday.com
    Here’s a classic “one thing led to another” car hack. [Alexandre Blin] wanted a reversing camera for his old Peugeot 207 and went down a rabbit hole which led him to do some extreme CAN bus reverse-engineering with Arduino and iOS.

Vulnerabilities

 

 Other News

 

 

Leave A Comment