Week 15 In Review – 2011

Events Related:

  • OWASP threat modeling project – myappsecurity.blogspot.com
    We are starting an OWASP threat modeling project to standardize a threat modeling approach which can be used by various companies.

Resources:

Tools:

  • RawCap sniffer for Windows released – netresec.com
    We are today proude to announce the release of RawCap, which is a free raw sockets sniffer for Windows.
  • Spooftooph: The Bluetooth Spoofer – sourceforge.net/projects/spooftooph/
    Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Make a Bluetooth device hide in plain site.
  • sqlmap 0.9 – sourceforge.net/projects/sqlmap/
    sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  • hackxor – hackxor.sourceforge.net
    Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc.
  • SVN Digger – Better Wordlists for Forced Browsing – mavitunasecurity.com
    DirBuster ships with several wordlists, these wordlists generated via one big crawler which visited tons of websites, collected links and created most common directory / file names on the Internet.
  • Patriot NG – security-projects.com
    Patriot is a ‘Host IDS’ tool which allows real time monitoring of changes in Windows systems or Network attacks.
  • CVE Checker 3.1 – cvechecker.sourceforge.net
    cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database.
  • OllyDbg 2.01 Alpha 3 – ollydbg.de
    OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
  • Microsoft Pushes Out Two New Security Tools – threatpost.com
    In parallel with its release of 17 bulletins on Patch Tuesday this month, Microsoft also unveiled two new tools that are meant to help make a couple of common exploitation scenarios more difficult for attackers.
  • smooth-sec – bailey.st
    Smooth-Sec is a ready to-go  IDS/IPS (Intrusion Detection/Prevention System) linux distribution based on the multi threaded Suricata IDS/IPS engine and Snorby, the top notch web application for network security monitoring.
  • BodgeIt Store – code.google.com/p/bodgeit/
    The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.
  • Qubes OS – qubes-os.org
    Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.
  • McAfee ShareScan – mcafee.com
    ShareScan is a free utility that enables IT security personnel to identify open Windows file shares available on the internal network. This tool can help administrators identify systems that have wide open permissions or no permissions — potential vulnerabilities that should be remediated.
  • md5deep version 3.8 – jessekornblum.livejournal.com
    This version adds two new features. First, you can now use a file to indicate the input files to process. For example, you can make a file, foo.txt.
  • Common Vulnerability Scoring System Version 2 Calculator – dueyesterday.net
    Allows for the creations of enums. Thanks to norvig.com/python-iaq.html
  • MS10-070: Padding Oracle applied to .NET framework – bernardodamele.blogspot.com
    I followed the research closely and way before vulnerability scanners like Nessus could detect the security vulnerability on .NET applications anonymously and remotely, I coded a small script to test for the flaw based on Juliano Rizzo’s details. You might still find it useful, so I thought about publishing it on GitHub.
  • IEZoneAnalyzer v3 – technet.com
    IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing of settings.

Techniques:

  • Full Disclosure:Barracuda Networks Hacking via SQL Injection – hmsec.tumblr.com/
    The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection.
  • Parsing CDP Packets With Scapy – darkoperator.com
    In this blog post I will cover how to use one of the new parsers  to parse CDP packets included in version 2.2 of scapy. Cisco Discovery Protocol (CDP) is a proprietary Layer 2 Data Link Layer network protocol used to share device information with devices connected on the same subnet.
  • Mozilla Firefox Internals & Attack Strategies – chmag.in
    This paper aims to detail some of the techniques and methods that exist to subvert a fully patched and functioning browser Firefox.
  • BackTrack 5 on a Motorola Xoom – offensive-security.com
    In the past few days we have been toying with some Motorola hardware, and have managed to get a basic build of BackTrack 5 (+ toolchain) on a Motorola Xoom.
  • Things overheard on the WiFi from my Android smartphone – freedom-to-tinker.com
    Today in my undergraduate security class, we set up a sniffer so we could run Wireshark and Mallory to listen in on my Android smartphone. This blog piece summarizes what we found.
  • Execute Metasploit payloads bypassing any anti-virus – bernardodamele.blogspot.com
    Most of the shellcode launchers out there, including proof of concepts part of many security books, detail how to allocate a memory page as readable/writable/executable on POSIX systems, copy over your shellcode and execute it. This works just fine. However, it is limited to POSIX, does not necessarily consider 64-bit architecture and Windows systems.
  • [Video] Playing With Traffic (Squid) – g0tmi1k.blogspot.com
    The attacker installs Squid3 cache proxy via the Operating System (Backtrack 4 R2) repository. Squid is the “backbone” to this attack and after configuring it to work on the Local Area Network (LAN) and to be transparent (the proxy “works” without any configuration to the browser), the attacker chooses which script to first try out (asciiImages.pl is the first one) and adds it to the configuration file.
  • Pulling and finding APKs without root on Android – intrepidusgroup.com
    Since we’re not root, we can’t list the /data/app directory to locate the name of the APK file we want to pull. There’s a few ways you can tackle finding the name of the APK file, but what I find is the quickest way for me is to pull the packages.xml file.
  • Reverse connection: ICMP shell – bernardodamele.blogspot.com
    Allowing traffic only onto known machines, ports and services (ingress filtering) and setting strong egress access control lists is one of these cases. In such scenarios when you have owned a machine part of the internal network or the DMZ (e.g. in a Citrix breakout engagement or similar), it is not always trivial to get a reverse shell over TCP, not to consider a bind shell.
  • KB2506014 kills TDL4 on x64 – eset.com
    Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64) we described a method used by the TDL4 bootkit to load its malicious unsigned driver on 64-bit systems, even though those systems have an enforced kernel-mode code signing policy.
  • Uh Ah! I Happened To Use POP ESP – ragestorm.net
    I had to call a C++ function from my Assembly code and keep the return value untouched so the caller will get it. Usually return values are passed on EAX, in x86 that is. But that’s not the whole truth, they might be passed on EDX:EAX, if you want to return 64 bits integer, for instance.
  • More certs may indicate less security – rdist.root.org
    If a website has a multiple servers with different certs, the browser may often generate spurious errors for that site. But could this be a symptom of a genuine security problem?
  • Filejacking: How to make a file server from your browser (with HTML5 of course) – r00tsec.blogspot.com
    How can a website access user’s files? Traditionally, user has to upload the file. Users commonly share photos, videos upload their files for online conversion tools etc. You could (theoretically) be tricked into uploading a sensitive file into a malicious website (“please submit your private key for checking it’s strength”), but, seriously, who falls for that?
  • Proxmark3/RFID Goodness – zonbi.org
    There are two “types” of RFID in common use. High frequency runs at the 13.56MHz range. The MiFare stuff is in this range, although it’s slightly different to the ISO14443 A and B standard used in the CSC stuff floating around ie. $train card.
  • Padding Oracle Post-Explotation: Abusing ASP.NET Forms Authentication with Burp – beersec.org
    So you found an web site vulnerable to the ASP.NET Padding Vulnerability, used Minded Security’s web.config bruter and now you have the applications web.config file. Now what?
  • Payload bypass AV. with encoding – r00tsec.blogspot.com
    This script and the relevant project files (Makefile and Visual Studio files) allow you to compile the tool once then run your shellcode across different architectures and operating systems.

Vulnerabilities:

  • Another day, another Flash 0-day attack
    Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

  • MSRT April ‘11: Win32/Afcore – technet.com
    Win32/Afcore comprises two components, a dropper and installed malware that runs as a backdoor. The backdoor component is injected into running processes and connects to a remote server to retrieve commands that are executed on the affected system. Commands could include instructions to steal passwords, attack other computers and so on.

Vendor/Software Patches:

Other News:

  • ATM Skimmers: Hacking the Cash Machine – krebsonsecurity.com
    Most of the ATM skimmers I’ve profiled in this blog are comprised of parts designed to mimic and to fit on top of existing cash machine components, such as card acceptance slots or PIN pads. But sometimes, skimmer thieves find success by swapping out ATM parts with compromised look-alikes.
  • SSL Issues: Solutions, Opinions and News
    What lies ahead for SSL? The recent Comodo hack taught us that what we thought was a robust security protocol is nothing but a house of cards.

  • Apple’s AirTunes/AirPlay private key extracted and published – h-online.com
    Developer James Laird has extracted the AirTunes/AirPlay private key from an Apple Airport Express, opening the way for third-party applications to play back iTunes streams.
  • BREAKING NEWS: Sony’s War On Hackers, Tinkerers And Innovators “Settlement In George Hotz Case” – blog.makezine.com
    Sony Computer Entertainment America (“SCEA”) and George Hotz (“Hotz”) today announced the settlement of the lawsuit filed by SCEA against Hotz in federal court in San Francisco, California. The parties reached an agreement in principle on March 31, 2011. As part of the settlement, Hotz consented to a permanent injunction.
  • How Phishers Will Use Epsilon Data Against You – threatpost.com
    There has been a lot of online venting and hand-wringing in the week since customers of email services provider Epsilon began informing millions of individuals in North America and Europe that their name and e-mail address had  been stolen in a massive data breach.
  • USPS.gov Website Infected with Blackhole Exploit Kit – research.zscaler.com
    As we’ve discussed previously, the Blackhole Exploit kit, a commercial exploit kit developed by Russian hackers, is being seen in an increasing number of attacks.
  • Milw0rm and inj3ct0r Merge Into 1337day.com – greyhat-security.com
    Less than an hour ago, a message was sent out via the Milw0rm.com Facebook group, announcing both a merger for milw0rm.com and inj3ct0r.com, and simultaneously, a move for inj3ct0r.com into a new domain, 1337day.com.
  • Government Agrees With Microsoft: Google Wasn’t Certified [Update] – readwriteweb.com
    Today, the U.S. government agreed with Microsoft’s accusation that Google had provided misleading information about whether or not its Google Apps for Government is certified under the Federal Information Security Management Act (FISMA).
  • DOJ gets court permission to attack botnet – itworld.com
    The U.S. Department of Justice and U.S. Federal Bureau of Investigation have obtained a temporary restraining order allowing them to disrupt a computer virus that created an international botnet controlling more than 2.3 million computers as of early 2010, the DOJ announced Wednesday.
2017-03-12T17:39:58-07:00 April 18th, 2011|Security Conferences, Security Tools, Security Vulnerabilities, Vendor News|1 Comment

Share This Story, Choose Your Platform!

One Comment

  1. […] Week 15 In Review – 2011 (infosecevents.net) […]

Leave A Comment