Events Related:
- (Def) #ConSurvival – h-i-r.net
Some practical tips on how to get through DefCon - BlackHat and DefCon Tips: 2010/N00b Edition – it.toolbox.com
More things to remember on your next Vegas security event - BlackHat Track Schedule – uktek.com
A full schedule of the when and where certain talks are going to be held.
Tools:
- Ubitack 0.2 – code.google.com/p/ubitack/
This tool automates some of the tasks you might need on a (wireless) penetration test or while you are on the go. - SIPVicious 0.2.6 Available – voipsecurityblog.typepad.com
SIPVicious was written in python and can be used on Linux, Windows, FreeBSD 6.2 and Mac OS X. - Open source GSM cracker released
I have named this beast Kraken, after a Norse mythological creature capable of eating many things for breakfast. Kraken feeds of an exclusive diet of A5/1 encrypted data.- New ‘Kraken’ GSM-Cracking Software is Released – cio.com
- The call of Kraken – reflextor.com
- GSM Cracking Tool. Yes it’s open source – marcoramilli.blogspot.com
- Sagan – Real-time System & Event Log (syslog) Monitoring System – darknet.org.uk
Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time! - PlugBot – theplugbot.com
PlugBot is a research project led by Jeremiah Talamantes, a penetration tester and security researcher for RedTeam Security. - WATOBO – THE Web Application Toolbox – sourceforge.net/apps/mediawiki/watobo/
We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. - WebEnum 0.1 – code.google.com/p/webenum/
WebEnum is a tool to enumerate http responses to dynamically generated queries. - dic – code.google.com/p/dic/
“Download Indexed Cache” is a Proof of Concept (PoC) which implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the “Search Engine Reconnaissance” section of the OWASP Testing Guide v3
Techniques:
- Shell of the Future – Reverse Web Shell Handler for XSS Exploitation – andlabs.org
In pentests XSS is usually considered as a dead-end vulnerability – you discover it, take a screenshot and move on to something else. - Identifying Suspicious URLs – threatpost.com
In the Google TechTalk, Justin Ma, a PhD candidate at UC San Diego, discusses a novel method for determining which URLs are malicious by applying large-scale online learning techniques. - Stuxnet and .lnk related studies
- Windows ‘LNK’ Exploit Demonstration – attackvector.org
- Mitigating .LNK Exploitation With SRP – didierstevens.com
- Details for the LNK issue along with a live sample – @hdmoore
- Stuxnet Memory Analysis and IOC creation – mandiant.com
- File Server LNK/stuxnet Protection – attackvector.org
- Distilling the W32.Stuxnet Components – symantec.com
- Weaponizing the Nokia N900 – Part 1 – voipsa.org
Broadly speaking, the objective of this series of blog posts is to introduce folks to the tools available and the potential for this phone as a security testing platform. - Fun with Metasploit payload generation – happypacket.net
My goal was to figure out how to add the msfencode functionality into the generate_simple function that is used by both XMLRPC and the console so that you can encode payloads and all that fun stuff from within Metasploit. - iSEC is releasing this pre-advisory for Kerberos flaws to be discussed at BH. Must read for AD Admins. – @alexstamos
Vulnerabilities:
- More news about the Stuxnet Flaw
The said malware exploits a newly-discovered vulnerability in shortcut files, which allows random code to be executed on the user’s system.- Microsoft Has No Plans To Patch New Flaw – slashdot.org
- The Microsoft LNK / USB worm / rootkit ‘issue’ will kill WIN XP SP2 and WIN2000 earlier… – eddywillems.blogspot.com
- Shortcut zero-day attack code goes public – sophos.com
- Stuxnet Saga Evolves With New Digitally Signed Binaries – threatpost.com
- Tool Blunts Threat from Windows Shortcut Flaw – krebsonsecurity.com
- Stuxnet-A View From an Energy Perspective – mcafee.com
- Twitter XSS Bug – xs-sniper.com
99% of XSS bugs are fairly straightforward and this bug was no exception. - IE and Safari lets attackers steal user names and addresses – theregister.co.uk
Jeremiah Grossman, CTO of White Hat Security, plans to detail critical weaknesses that are enabled by default in the browsers, which are the four biggest by market share. - Old Wireless Security Flaws Still Haunting Networks – threatpost.com
The attack is specifically designed to work against the Cisco Aironet 1200 Series access points and is a twist on existing attacks that have shown WEP to be an eminently defeatable protocol. - SAP GUI: command execution via wadmxhtml – vigilance.fr
An attacker can use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page. - WPA2 vulnerability found – networkworld.com
Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.
Vendor/Software Patches:
- Adobe to use sandboxing to mitigate onslaught of Reader-focused attacks
The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.- Adobe adding ‘sandbox’ to PDF Reader to ward off hacker attacks – zdnet.com
- Adobe: ‘Sandbox’ Will Stave Off Reader Attacks – krebsonsecurity.com
Other News:
- New plug-in tester mimics Mozilla’s – cnet.com
Qualys’ BrowserCheck helpfully targets out-of-date plug-ins, and provides links to download updates. - VeriSign adds malware scanning to SSL services – cnet.com
VeriSign is adding malware scanning to its authentication services for Web site operators, the company announced on Monday. - Siemens SCADA comes with hard-coded password, doesn’t recommend changing it.
A sophisticated new piece of malware that targets command-and-control software installed in critical infrastructures uses a known default password that the software maker hard-coded into its system. - Dell KACE Secure Browser Sandboxes Your Browsing – lifehacker.com
Secure Browser is designed so even if you find yourself on a site that could harm your computer, the harmful effects are contained within the browser sandbox. - Skimmers Siphoning Card Data at the Pump – krebsonsecurity.com
Forced to re-issue an unusually high number of bank cards due to fraudulent charges on the accounts, a regional bank serving Colorado and surrounding states recently began searching for commonalities among the victimized accounts. - Google Ups the Bug Bounty Ante to $3133.7 – threatpost.com
The maximum reward for a single bug has been increased to $3,133.7. We will most likely use this amount for SecSeverity-Critical bugs in Chromium. - PC giant warns of hardware trojan – newscientist.com
Further information posted on Dell’s community forum reveals that the trojan in the affected motherboards is stored in onboard flash memory rather than firmware ROMs. - Certified uncertainty – sophos.com
Second, this particular component of the threat was signed on January 25th, 2010. This implies the perpetrators of this attack have been planning their strategy for quite some time. - How Mass SQL Injection Attacks Became an Epidemic – threatpost.com
Mass compromises of legitimate sites really began in earnest in 2007, and the volume and severity of the attacks has increased significantly since then. - Why Steal Digital Certificates? – eset.com
In theory the digital signature also tells you who signed the file, and who issued the digital certificate so you can decide if you trust the person or company who signed the file and if you trust the organization who issued the certificate. - Forget Walmart. Hackers Conference Badges Show The Future of RFID Tracking – gizmodo.com
This year, HOPE’s Attendee Meta-Data or AMD badge reached new heights, and suggested more about what you could do with RFID attached to people—both good and bad. - Backtrack vs Windows – youtube.com
Spoof of evo vs iphone with an influence in security .. DEFCON 18
[…] This post was mentioned on Twitter by Avnet SolutionsPath™ and Roer.com – the Blog!, Anupam Kakroo. Anupam Kakroo said: Week 29 in Review – 2010 http://bit.ly/drFMFj #Security […]