Week 11 in Review – 2011

Events Related

• BlackHat Europe 2011
  Participant blog journals about what happened during recently concluded BlackHat Europe in Barcelona.
  • BlackHat Europe 2011 Day 01 – corelan.be
  • BlackHat Europe 2011 Day 02 – corelan.be
  • Blackhat Europe 2011 Day 01 wrap-up – blog.rootshell.be
  • BlackHat Europe 2011 Day 02 wrap up – blog.rootshell.be
• CanSecWest 2011 – intrepidusgroup.com
  CanSecWest is a three day conference where attendees can attend every session, if they so choose. The talks are limited and high quality and the scheduling is such that no talks overlap. The focus is on quality.
• Mid-Atlantic CCDC Lessons Learned In Communication – blogs.tenablesecurity.com
  The Collegiate Cyber Defense Competition (CCDC) is always a fantastic and educational event, and this year was no exception.

Resources

• RootedCon 2011 Presentations – slideshare.net
  Archive of slide presentations during the recently concluded RootedCon.
• Standards for Penetration Testing – resources.infosecinstitute.com
  Interviews on PTES with Christopher Nickerson, Peter Herzog, Tim Grance, and Rob Havelt.

Tools

• http-wp-plugins, retrieve installed WordPress plugins – seclists.org
  This script tries to list those probably installed on a given blog by brute forcing the wp-content directory.
• pwClean v0.5 released – vulnerabilitydatabase.com
  pwClean can remove systems, history and built-in accounts, as well as select admin accounts only.
• Nmap? In my Metasploit? It’s more likely than you think! – blog.metasploit.com
  If you’ve been paying any attention to the open source security software space, you’ve probably noticed that one of our favorite tools, nmap, ships with a pretty serious scripting engine.
• Automatically Generating Memory Forensic Tools – moyix.blogspot.com
  Now that the IEEE Symposium on Security and Privacy program has finally been posted, I can describe some research I’ve been working on for the past year and a half related to virtual machine introspection (VMI) and memory forensics.
• OWASP LAPSE+
  LAPSE+ is a security scanner for detecting vulnerabilities of untrusted data injection in Java EE Applications.
  • OWASP LAPSE Project – evalues.es
  • Update: OWASP Lapse+ v.2.8.1! – evalues.es

• cfexplode utility for separating concatenated classifiles as generated by cfcompile – code.google.com
  [It] transforms files containing one or more concatenated classfiles into a series of files with a common prefix. Particularly useful on classes generated by ColdFusion’s compiler.
• Immunity Debugger v1.82! – debugger.immunityinc.com
  After about 3 months, we have an update for the Immunity Debugger! It was first mentioned in our post here. Now, Immunity Debugger version 1.82 is available!
• OpenVAS 4 – wald.intevation.org
  It has been almost 8 months since an updated OpenVAS version was released. We spoke about OpenVAS here. We now have OpenVAS 4!

Techniques

• Hacking crappy password resets (part 2) – skullsecurity.org
  In my last post, I showed how we could guess the output of a password-reset function with a million states. While doing research for that, I stumbled across some software that had a mere 16,000 states.
• Adobe ColdFusion Directory Traversal – packetstormsecurity.org
• Yet Another ClickJacking Attempt – marcoramilli.blogspot.com
  Hi folks, [here’s] yet another quick ‘n dirty post on ClickJacking Attempts for personal memories.

• Meterpreter Resource Files – darkoperator.com
  Tonight while chatting via IRC with Egyp7 he mentioned that Meterpreter should have capability of using Resource files for cleanup in post exploitation…

Vendor/Software Patches

• Background on APSA11-01 Patch Schedule – blogs.adobe.com
  We just posted Security Advisory APSA11-01 announcing a critical vulnerability (CVE-2011-0609) in Adobe Flash Player, which also impacts the authplay.dll component shipping with Adobe Reader and Acrobat for Windows and Macintosh.

Vulnerabilities

• Adobe Flash Vulnerability
  A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.
  • Security Advisory for Adobe Flash Player, Adobe Reader, and Acrobat – adobe.com
  • New Critical 0-day Flash Vulnerability Exploited Via Excel Attachments – ghacks.net
  • Blocking Exploit Attempts of the Recent Flash 0-Day – blogs.technet.com

Other News

• Hackers Attack RSA
  Top security firm RSA Security revealed on Thursday that it’s been the victim of an “extremely sophisticated” hack.
  • RSA: Cyberattack could put customers at risk – news.cnet.com
  • Security firm RSA suffers big breach of security – tgdaily.com
  • RSA Breached: SecurID Affected – securosis.com
  • Hacker Spies Hit Security Firm RSA – wired.com
  • Hacker’s steal sensitive data from EMC’s security division – blogs.forbes.com

• Charlie Miller Reveals His Process for Security Research – resources.infosecinstitute.com
  We got recent Pwn2Own winner Charlie Miller to answer a few questions and pull back the curtain a bit on the methods, tools and motivation for the research he does discovering security exploits.
• Click-jacking is spreading on Facebook – h-online.com
  If your Facebook friends are recommending strange videos to you, they may have become the victims of a new scam.
• RIM: Disable Javascript in BlackBerry Browser – zdnet.com
  Research in Motion (RIM) is urging BlackBerry users to disable JavaScript in the smartphone’s browser to block exploits from a security vulnerability showcased at this year’s CanSecWest Pwn2Own contest.
• PIN skimming possible with chip cards – h-online.com
  At the CanSecWest security conference held in Vancouver last week, four security researchers demonstrated the practicability of chip card skimming attacks.
• Google closes Flash hole faster than Adobe – h-online.com
  Google has once again reacted faster than Adobe itself, which says it will be releasing its update for Flash Player at the beginning of next week.
• Microsoft Conducts Massive Botnet Takedown Action – online.wsj.com
  Microsoft Corp. and federal law enforcement agents seized computer equipment from Internet hosting facilities across the U.S. in a sweeping legal attack designed to cripple the leading source of junk email on the Internet.
• Leader of Hacker Gang Sentenced to 9 years for Hospital Malware – wired.com
  The former leader of an anarchistic hacking group called the Electronik Tribulation Army was sentenced Thursday to 9 years and 2 months in prison for installing malware on computers at a Texas hospital.
• How Did 50 Female Celebrities Get Hacked? – abcnews.go.com
  FBI agents are reportedly closing in on a ring of hackers thought to be responsible for stealing nude photos and videos from at least 50 female celebrities.