Week 20 In Review – 2017

 

Events Related

  • Converge 2017 Videos – www.irongeek.com
    These are the videos from the Converge Information Security Conference.

Resources 

  • New Whitepaper: Aligning to the NIST Cybersecurity Framework in the AWS Cloud – aws.amazon.com
    Today, we released the Aligning to the NIST Cybersecurity Framework in the AWS Cloud whitepaper. Both public and commercial sector organizations can use this whitepaper to assess the AWS environment against the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and improve the security measures they implement and operate (also known as security in the cloud).

Techniques

  • Reverse Engineering Apple Location Services Protocol – appelsiini.net
    While working on Whereami I got interested on how Apple location services actually work. I know it is handled by locationd since Little Snitch keeps blocking it. Usual way of inspecting traffic with proxychains did not work since macOS now has something called System Integrity Protection (SIP).
  • Sending AM-OOK using Metasploit and rftransceiver – sensepost.com
    Towards the end of last year, I found myself playing around with some basic amplitude modulation (AM)/On-off keying (OOK) software defined radio. That resulted in ooktools being built to help with making some of that work easier and to help me learn. A little while ago, the Metasploit project announced new ‘rftransceiver’ capabilities that were added to the framework with a similar goal of making this research easier.

Tools 

  • AMT status checker for Linux – github.com
    A simple tool that tells you whether AMT is enabled and provisioned on Linux systems. Requires that the mei_me driver (part of the upstream kernel) be loaded. 
  • WiFi-Pumpkin – github.com
    Framework for Rogue Wi-Fi Access Point Attack 

Vendor/Software Patches 

  • Windows Defender vulnerability discovered and fixed – www.ghacks.net
    The Microsoft Malware Protection Engine is used by various Microsoft products, including Windows Defender and Microsoft Security Essentials on consumer PCs, and products such as Microsoft Endpoint Protection, Microsoft Forefront, Microsoft System Center Endpoint Protection, or Windows Intune Endpoint Protection on the business side. 
  • Microsoft Released Guidance for WannaCrypt – isc.sans.edu
    Microsoft released information what can be done to protect against WannaCry which includes deploying MS17-010 if not already done (March patch release), update Windows Defender (updated 12 May) and if not using SMBv1 to disable it. 

Vulnerabilities

Other News

  • US District Court Rules GNU GPL is an Enforceable Contract – www.xda-developers.com
    GPL projects are used in many free and commercial applications. The GNU GPL license requires developers that use the GPL-licensed software to adhere to its licensing. A developer modifying GPL-licensed code must release a source if he or she releases a project to the public.

 

 

Leave A Comment