Events Related
- Ekoparty aftermath
Miscelaneous material on the recent Ekoparty - Ekoparty presentation: Cloud and Control – blog.gdssecurity.com
- Bypassing code signing policy – blog.eset.com
- Post #BruCon Network Analysis – blog.rootshell.be
BruCON is over! As usual, when I attended a security conference, I’m trying to write a small wrap-up for me followers. With BruCON, it’s completely different: I’m on the other side of the stage. For the “0×03” edition, I was again involved in the “bits & bytes” stuff.
Resources
- Top 10 Risks At AppSec USA
The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation. - Top 10 Risks Slide Deck – intrepidusgroup.com
- Top 10 Risks slideshare resource – slideshare.com
- OWASP Mobile Security Project – owasp.org
- Collected 1st and 2nd Level Domains – remote-exploit.org
After having the files on my disk without being used too much lately, I decided to put second-level-subdomain-transfers.txt.tgz up on our website ready for download. - Announcing BSIMM3 – cigital.com
Since the first BSIMM interview in October 2008, we’ve progressed from nine to 30 to 42 firms (and more, at this point). We’ve also measured 11 firms twice—about 19 months between measurements on average—and that has provided the BSIMM community with some unique insight on how software security initiatives change over time. - Password Secrets of Popular Windows Applications – securityxploded.com
In today’s Internet driven world, all of us use one or other applications starting from browsers, mail clients to instant messengers. Most of these applications store the sensitive information such as user name, password in their private location using proprietary methods. This prevents hassle of entering the credentials every time during the authentication.
Tools
- oclHashcat-plus v0.06 – hashcat.net
I am really proud to release this new version 0.06 of oclHashcat-plus to public. It contains a lot of new features, improvements, changes and bugfixes. As you may already know, the highlight is the new WPA/WPA2 kernel. This new oclHashcat-plus was faster than every other WPA cracker in every configuration i had tested. - EPPB: Now Recovering Blackberry Device Passwords – blog.crackpassword.com
Before you get too excited, there is a catch. The new feature requires Media Card encryption to be switched on and set to either “Security Password” or “Device Password” mode. - Share-point-ing hash with friends – cOntext.blogspot.com
So I set up a SharePoint 2010 box and had a play to try finding where the issue was. Remembering about the same issue I found in SOAP which allowed gaining an SMB challenge, thought it should be possible to use with this bug too. So, set up meterpreter on a box and added a UNC path in to the XML file uploaded to SharePoint. - Websecurity 0.9 is out – blog.websecurify.com
Websecurify 0.9 is de facto not only the first web application security testing software ever created for iOS, Android, Blackberry and others, but it is also the very first fully functional integrated web application security testing solution which can run straight from your web browser.
Techniques
- Notes on BEAST
Please note that BEAST does not do any harm to remote servers. In fact, no packet from BEAST has ever been sent to any servers. We chose PayPal because they do everything right when it comes to server-side SSL, and that is good to demonstrate the power of BEAST, which is a client-side SSL attack. - BEAST exploits demo – vnhacker.blogspot.com
- An overview of the BEAST – blog.g-sec.lu
- Security impact of the BEAST attack – educatedguesswork.org
- Browsers Tackle the BEAST Web Security Problem – news.cnet.com
- SSL/TLS (Part 3) – isc.sans.edu
The paper is an interesting read. To me it outlined the weakness in using CBC very nicely and the attack is well described. Certainly one of the more readable crypto papers I’ve come across. I will suggest you read it whilst well fed, and rested. - mysql.com hacked, infecting visitors with malware – blog.armorize.com
Our HackAlert 24×7 Website malware monitoring platform today indicated that mysql.com has been hacked and is currently serving malware. - File Disclosure Browser – digininja.org
I was reading the blog post “DirBuster -> Burp, the Missing Link” By Tim Tomes (LaNMaSteR53) on the PaulDotCom blog. The article discusses running DirBuster through Burp to populate Burp with any content found by DirBuster. - Don’t Upgrade Your Software – securepla.net
What does this mean to you? Lets say your software tries to go look for an update and instead of downloading the correct update, you man-in-the-middle the connection and send them a malicious update instead. - WPScan and Metaslploit’s Meterpreter – ethicalhack3r.co.uk
Video demonstrating the PoC of WPScan using Metasploit’s meterpreter to exploit a vulnerable WordPress plugin. - CSAW CTF: Inchbinge Writeup – isisblogs.poly.edu
No credentials were provided as a hint for this challenge, so we’ll have to brute force them. Some common combinations to try are administrator:123456, user:qwerty, admin:password, etc. It just so happens that the 3rd is the correct one. - Post Exploitation Shellbag ‘ing – securityaegis.com
When you start to massively own a network via pass the hash or some rampant vulnerability, you accumulate a lot of shells. If the target computer or network names don’t give a hint as to what that system does in specific, sometimes you don’t pay enough attention to the right boxes. - Puttering Around With Blackberry Forensics-Part 2 – chirashi.zenconsult.net
Okay then. It apparently takes me a while between posts. I’ve been keeping a bit busy with several projects and it has been difficult to find the time to conduct much research or write blog posts. I do have an upcoming white-paper that I will release somewhere in November. It includes source code to the toolkit that I will release as well. - ncrack with domain creds – carnalOwnage.attackresearch.com
“little post on using ncrack to brute/check domain creds”
Vendor/Software Patches
- Microsoft releases fix-it tools for SSL/TLS vulnerability – h-online.com
For this purpose, the vendor has released two fix-it tools that enable TLS 1.1 in Internet Explorer and on Windows servers. Only TLS 1.0 is enabled by default, although programs such as Internet Explorer do support TLS 1.1 and TLS 1.2. - Cisco Patches Slew of IOS Bugs – threatpost.com
The most serious of the flaws in IOS, the company’s ubiquitous network operating system, is a bug in the way that the Smart Install application works on some Cisco Catalyst switches. The problem can allow an attacker to run arbitrary code on the switch.
Vulnerabilities
- Diebold e-voting systems vulnerable to hack – h-online.com
The e-voting system hack can be completed with “just $10.50 in parts and an 8th grade science education”; for another $15 worth of parts, a wireless RF remote control can be added to start and stop the attacks.
Other News
- Mark Russinovich on his novel Zero Day – threatpost.com
Dennis Fisher talks with Mark Russinovich of Microsoft about his novel Zero Day, the idea of a coordinated cyber attack by terrorists and the difficulty of writing a technical novel for a mainstream audience.
Leave A Comment