Week 32 In Review

Events Related

• BlackHat 2011
  Leftover notes and resources.
• Defcon/BlackHat Slides, Whitepaper, Tools – mcgrewsecurity.com
• BlackHat According to Twitter – blog.thinkst.com
• BlackHat Twitter Feed port 4848 – twitter.com
• BlackHat Twitter Feed Ws-attacks.org – twitter.com
• BlackHat Twitter Feed Tools For Soap – twitter.com
• Bit-squatting, DNS Hijacking Without Exploitation – nakedsecurity.sophos.com
• New Free Tool Helps Gather Attacker’s Footprints – darkreading.com
• Hacking medical devices for fun and insulin – nakedsecurity.sophos.com
• Post-Exploitation techniques from BlackHat 2011 – blogs.cisco.com
• BlackHat 2011 Highlight: Spy Drone for WiFi
  Launch your personal, specially equipped WASP drone — short for Wireless Aerial Surveillance Platform — to fly overhead and sniff his Wi-Fi network, intercept his cellphone calls, or launch denial-of-service attacks with jamming signals.
• DIY Spy Drone  Sniffs WiFi – wired.com
• DIY aerial drone monitors WiFi, GSM networks – theregister.co.uk
• BlackHat 2011 Highlight: Mac security flaw
  Apple may have built its most secure Mac operating system yet, but a prominent security consultancy is advising enterprise clients to steer clear of adopting large numbers of the machines.
• Beware of Macs in enterprise, security consultants say – theregister.co.uk
• iOS 4 Security Evaluation – trailofbits.com
• DIY cable to build better iOS exploits – scmagazine.com.au
• DefCon 19
  Debriefings on DefCon
• Hackers get hacked! – seclists.org
• DefCon lockpickers open card and code government locks in seconds – forbes.com
• Hackers can do a lot of damage via broadband power lines – venturebeat.com
• Nelhage’s exploit from BlackHat/DefCon 2011 – github.com/nelhage/virtunoid#readme
• DefCon Roundup: The Good, the bad, and the underage – threatpost.com
• CSET 11 4th Workshop on Cybersecurity and Experimentation and Test – usenix.org
  Schedule breakdown and abstracts from San Francisco conference.
• 20th Usenix Security Symposium – usenix.org
  Schedule breakdown, video files, mp3s,  and abstracts from San Francisco conference.
• Woot 11 5th Usenix Workshop on Offensive Technologies – usenix.org
  Schedule breakdown and abstracts from San Francisco conference.
• HotSec 11 Sixth Usenix Workshop on Hot Topics in Security – usenix.org
  Schedule breakdown and abstracts from San Francisco conference.

Resources

• Recon 2011 Hardware Stuff for Software People – archive.org/details/HardwareStuffForSoftwarePeople
  This talk will be an introduction to doing “hardware stuff” stuff, for people accustomed to plying their trade against software. I will discuss how to build tools (and use existing tools) to sniff/spy on a variety of hardware communications channels from UART Serial (the kind in your computer) to the very ubiquitous SPI/I2C serial busses used in virtual everything (from EEPROM in your portable DVD player to the HDMI/VGA cables between your computer and monitor).
• Welcome to WS-Attacks.org! – clawslab.nds.rub.de
  WS-Attacks.org is not a new web service standard by the OASIS Group or W3C; instead it presents the flaws of today’s web service standards and implementations in regard to web service security! WS-Attacks.org aims at delivering the most comprehensive enumeration of all known web service attacks.
• GFIRST 2011 Presentation Slides, Code, and Thoughts – chrissanders.org
  I’m sitting in my hotel room after just finishing my last session at US-CERT GFIRST in Nashville, TN. This was my first time at GFIRST both as an attendee and presenter, and I really had a great time. Where I’m originally from in Kentucky isn’t too far from Nashville so I am familiar with the area and the venue choice, the Gaylord Opryland Hotel, is a beautiful facility and top-notch for this kind of conference.

Tools

• UPDATE: BeEF v0.4.2.8-alpha! – code.google.com/p/beef/downloads/list
  BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
• Oracle query support in Nmap – cqure.net
  I’ve just committed an updated version of the TNS library to Nmap, adding support for running Oracle database queries from Nmap scripts. I’ve put a considerable amount of work into trying to understand how the protocol works, due to the lack of documentation, and think that I’ve finally succeeded.
• I’ve ported mbenum to Nmap – cqure.net
  Thank’s to some great effort put into the smb libraries by the folks over at nmap-dev, porting mbenum to Nmap wasn’t as hard as I’ve imagined. A first version has been committed to subversion a while ago but I forgot to publish this blog post at the time. Feel free to try it out! If you haven’t used mbenum before it’s a tool that allows you to get a good picture of a network by querying a single system.
• MoonSols Dumpit released…for free! – isc.sans.edu
  The people over at MoonSols have made their amazing one-click memory dump tool Dumpit available for free download. Dumpit vastly simplifies memory acquisition. Effectively Dumpit combines win32dd and win64dd into one tool and is so simple to use even a non-technical user could do acquisition from a USB key. The dump can then be analyzed using conventional tools such as Redline or Volatility.
• FireCat 2.0 Released – firecat.fr/download.html
  FireCAT: Firefox Catalog of Auditing exTensions version 2.0 has just been released. It contains 90 addons divided in 7 categories further subdivided in 19 sub-categories. A new Protection subcategory (in Misc) has been added to protect Navigation with TrackMeNot, NoScript, cookieSafe, TrackerBlock and Adblock Plus.
• Kinectasploit – Metasploit Hacking using Kinect in Blender 3D Environment – kinect.dashhacks.com
  The idea is to hack into your own systems while in a 3D, first person shooter style environment that interfaces with the Kinect sensor. The game engine was built using blender and looks to be one of the most pleasing ways of uncovering your own systems architectural/networking vulnerabilities.
• Wfuzz 2.0 released! – edge-security.blogspot.com
  After Christian presentation at BlackHat/2011 Tools Arsenal, I’m pleased to announce  a new version of WFuzz! It is now more flexible, dynamic and extensible than ever! Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections, bruteforce Forms parameters (User/Password), Fuzzing,etc.

Vendor/Software Patches

• Windows Patch Tuesday
  Microsoft today released 13 software updates to fix at least 22 security flaws in its Windows operating systems and other software. Two of the flaws addressed in the August patch batch earned Microsoft’s most dire “critical” rating, meaning that attackers can exploit them to break into systems without any help from users.
• 22 reasons to Patch Your Windows PC – krebsonsecurity.com
• Microsoft Patch Tuesday – symantec.com
• Patch Tuesday August 2011 13 updates, 22 vulnerabilities – nakedsecurity.sophos.com

Vulnerabilities

• Blackberry PNG and TIFF image vulns
  Research in Motion (RIM) has issued an advisory to warn of the risk of remote code execution attacks on the BlackBerry Enterprise Server.The company shipped a patch that covers a total of five documented vulnerabilities that could be exploited via PNG or TIFF images.
• RIM warns of Blackberry code execution security flaws – zdnet.com
• Blackberry Enterprise Server Critical Update – isc.sans.edu
• More Blackberry image problems: RIM warns of BES security vulnerabilities – nakedsecurity.sophos.com
• Severe remote flaw fixed in Blackberry Enterprise Server – threatpost.com

Other News

• GPRS Hack
  A cryptographer has devised a way to monitor cellphone conversations by exploiting security weaknesses in the technology that forms the backbone used by most mobile operators.
• Hackers Crack Crypto For GPRS Networks mobile networks – theregister.co.uk
• GPRS hacked – schneir.com
• Security Flaws In Feds’ Radios Make For Easy Eavesdropping – blogs.wsj.com
  While studying the technology, researchers from the University of Pennsylvania overheard conversations that included descriptions of undercover agents and confidential informants, plans for forthcoming arrests and information on the technology used in surveillance operations.
• Office equipment open to hacker attacks – usatoday.com
  Researchers from Web security firm Zscaler ran a simple search and easily located 118,194 Hewlett-Packard printer-scanners, 9,431 Cannon photocopiers and 3,554 D-Link webcams equipped as Internet-connected Web servers.
• Hacking Water Meters Is Easier Than It Should Be – venturebeat.com
  The smarter water meters become, the easier they’re getting to hack. Like many things in electronics, water meters become easier for hackers to break into and misuse when they are upgraded to include wireless and computer technology.
• Fuzzing at Google – googleonlinesecurity.blogspot.com
  One of the exciting things about working on security at Google is that you have a lot of compute horsepower available if you need it. This is very useful if you’re looking to fuzz something, and especially if you’re going to use modern fuzzing techniques.
• Attacks on open-source web apps growing – theregister.co.uk
  An attack targeting sites running unpatched versions of the osCommerce web application kept growing virally this week, more than three weeks after a security firm warned it was being used to install malware on the computers of unsuspecting users.