Week 39 In Review

Events Related

  • Ekoparty aftermath
    Miscelaneous material on the recent Ekoparty
  • Post #BruCon Network Analysis – blog.rootshell.be
    BruCON is over! As usual, when I attended a security conference, I’m trying to write a small wrap-up for me followers. With BruCON, it’s completely different: I’m on the other side of the stage. For the “0×03” edition, I was again involved in the “bits & bytes” stuff.

Resources

  • Top 10 Risks At AppSec USA
    The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation.
  • Collected 1st and 2nd Level Domains – remote-exploit.org
    After having the files on my disk without being used too much lately, I decided to put second-level-subdomain-transfers.txt.tgz up on our website ready for download.
  • Announcing BSIMM3 – cigital.com
    Since the first BSIMM interview in October 2008, we’ve progressed from nine to 30 to 42 firms (and more, at this point). We’ve also measured 11 firms twice—about 19 months between measurements on average—and that has provided the BSIMM community with some unique insight on how software security initiatives change over time.
  • Password Secrets of Popular Windows Applications – securityxploded.com
    In today’s Internet driven world, all of us use one or other applications starting from browsers, mail clients to instant messengers. Most of these applications store the sensitive information such as user name, password in their private location using proprietary methods. This prevents hassle of entering the credentials every time during the authentication.

Tools

  • oclHashcat-plus v0.06 – hashcat.net
    I am really proud to release this new version 0.06 of oclHashcat-plus to public. It contains a lot of new features, improvements, changes and bugfixes. As you may already know, the highlight is the new WPA/WPA2 kernel. This new oclHashcat-plus was faster than every other WPA cracker in every configuration i had tested.
  • EPPB: Now Recovering Blackberry Device Passwords – blog.crackpassword.com
    Before you get too excited, there is a catch. The new feature requires Media Card encryption to be switched on and set to either “Security Password” or “Device Password” mode.
  • Share-point-ing hash with friends – cOntext.blogspot.com
    So I set up a SharePoint 2010 box and had a play to try finding where the issue was. Remembering about the same issue I found in SOAP which allowed gaining an SMB challenge, thought it should be possible to use with this bug too. So, set up meterpreter on a box and added a UNC path in to the XML file uploaded to SharePoint.
  • Websecurity 0.9 is out – blog.websecurify.com
    Websecurify 0.9 is de facto not only the first web application security testing software ever created for iOS, Android, Blackberry and others, but it is also the very first fully functional integrated web application security testing solution which can run straight from your web browser.

Techniques

  • SSL/TLS (Part 3) – isc.sans.edu
    The paper is an interesting read. To me it outlined the weakness in using CBC very nicely and the attack is well described.  Certainly one of the more readable crypto papers I’ve come across. I will suggest you read it whilst well fed, and rested.
  • mysql.com hacked, infecting visitors with malware – blog.armorize.com
    Our HackAlert 24×7 Website malware monitoring platform today indicated that mysql.com has been hacked and is currently serving malware.
  • File Disclosure Browser – digininja.org
    I was reading the blog post “DirBuster -> Burp, the Missing Link” By Tim Tomes (LaNMaSteR53) on the PaulDotCom blog. The article discusses running DirBuster through Burp to populate Burp with any content found by DirBuster.
  • Don’t Upgrade Your Software – securepla.net
    What does this mean to you? Lets say your software tries to go look for an update and instead of downloading the correct update, you man-in-the-middle the connection and send them a malicious update instead.
  • WPScan and Metaslploit’s Meterpreter – ethicalhack3r.co.uk
    Video demonstrating the PoC of WPScan using Metasploit’s meterpreter to exploit a vulnerable WordPress plugin.
  • CSAW CTF: Inchbinge Writeup – isisblogs.poly.edu
    No credentials were provided as a hint for this challenge, so we’ll have to brute force them. Some common combinations to try are administrator:123456, user:qwerty, admin:password, etc. It just so happens that the 3rd is the correct one.
  • Post Exploitation Shellbag ‘ing – securityaegis.com
    When you start to massively own a network via pass the hash or some rampant vulnerability, you accumulate a lot of shells. If the target computer or network names don’t give a hint as to what that system does in specific, sometimes you don’t pay enough attention to the right boxes.
  • Puttering Around With Blackberry Forensics-Part 2 – chirashi.zenconsult.net
    Okay then. It apparently takes me a while between posts. I’ve been keeping a bit busy with several projects and it has been difficult to find the time to conduct much research or write blog posts. I do have an upcoming white-paper that I will release somewhere in November. It includes source code to the toolkit that I will release as well.
  • ncrack with domain creds – carnalOwnage.attackresearch.com
    “little post on using ncrack to brute/check domain creds”

Vendor/Software Patches

  • Microsoft releases fix-it tools for SSL/TLS vulnerability – h-online.com
    For this purpose, the vendor has released two fix-it tools that enable TLS 1.1 in Internet Explorer and on Windows servers. Only TLS 1.0 is enabled by default, although programs such as Internet Explorer do support TLS 1.1 and TLS 1.2.
  • Cisco Patches Slew of IOS Bugs – threatpost.com
    The most serious of the flaws in IOS, the company’s ubiquitous network operating system, is a bug in the way that the Smart Install application works on some Cisco Catalyst switches. The problem can allow an attacker to run arbitrary code on the switch.
Vulnerabilities
  • Diebold e-voting systems vulnerable to hack – h-online.com
    The e-voting system hack can be completed with “just $10.50 in parts and an 8th grade science education”; for another $15 worth of parts, a wireless RF remote control can be added to start and stop the attacks.

Other News

  • Mark Russinovich on his novel Zero Day – threatpost.com
    Dennis Fisher talks with Mark Russinovich of Microsoft about his novel Zero Day, the idea of a coordinated cyber attack by terrorists and the difficulty of writing a technical novel for a mainstream audience.

Leave A Comment