Week 49 In Review

Events Related

• PacSec 2011 Presented Material – pacsec.jp
  English/Japanese versions of PacSec 2011 Tokyo event last month.
• @OWASP Tokyo Webservices: Attack, defenses, and hardening – twitter.com
• Archives for ClubHack 2011 Videos – clubhack.tv
• MalCon 2011 YouTube Channel – youtube.com

Resources

• Opensecuritytraining.info Welcome Message – opensecuritytraining.info
  New open source, creative commons powered teaching portal on computer security.
• Free Commercial Security Products? – reddit.com
  I just found out that ArcSight Logger is free for personal/home use (within some reasonable log size limits), and I’m wondering what other commercial enterprise security products are also free for personal use. I don’t mean trial/eval licenses that limit the user to 15 or 30 days, I’m looking for full blown, feature-full enterprise software that is free for personal use within reasonable limits.

Tools

• Router Audit Tool (RAT) – gse-compliance.blogspot.com
  The Router Audit Tool or RAT was designed to help audit the configurations of Cisco routers quickly and efficiently. RAT tests Cisco router configurations against a baseline. After performing the baseline test, it not only provides a list of the potential security vulnerabilities discovered but also a list of commands to be applied to the router in order to correct the potential security problems discovered.
• UPDATE: Cain & Abel v4.9.43! – www.oxid.it/downloads/ca_setup.exe
  Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of  passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
• UPDATE: Ettercap 0.7.4! –  sourceforge.net/projects/ettercap/files/ettercap/0.7.4-Lazarus/
  Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. It is a suite for man-in-the-middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
• Cookie Decoder: F5 BIG-IP – blog.taddong.com
  I still remember with excitement the first time I found my first F5 BIG-IP load balancer persistent cookie, disclosing the network details of the internal hosts: IP address and TCP port. Although it was a few years ago during a pen-test, still today is very common to find them on lots of target environments.
• Announcing SQL Invader – manvswebapp.com
  Today, we announced SQL Invader, a new free GUI-based tool that enables testers to easily and quickly exploit a SQL Injection vulnerability, get a proof of concept with database visibility and export results into a csv file. In just a few clicks, users will be able to view the list of records, tables and user accounts on the back-end database.
• CSRF Scanner v1.0 Released – vulnerabilitydatabse.com
  CSRFScan is a tool designed to find CSRF security flaws on forms. The tool uses a static analysis of pages to determine if the form is protected or not. It is written in Python and published under GPL v3. This tool analyse only forms present in an authenticated session, so it needs authenticated cookies to perform the analysis.

Techniques

• VLAN Hacking How To
  In Virtual LAN or VLAN is a group of hosts communicate with each other, even thoughthey are in different physical location. Virtual LAN provides location independence to the users, able to save the bandwidth, manage the device, cost effective for the organization are some of the facilities provided by the Virtual LAN.
• VLAN Hacking – resources.infosecinstitute.com
• Reddit Thread on VLAN Hacking – reddit.com

• Shellcode Detection Using Python – dvlabs.tippingpoint.com
  DVLabs has been collecting a large number of documents and files that are flagged as malicious and we’re trying to decrease the number that we have to do a full manual analysis on. One of the methods we’re using to aid in this is shellcode detection.
• Path of Least Resistance – fishnetsecurity.com
  I (Tim Medin) do a good number of internal penetration tests, and I have found one particular series of techniques that tend to be very quick and efficient at gaining Domain Administrator-level access. Of course, the viability of this depends on the environment and the configurations, and since this technique depends on default configurations, it is usually very effective because defaults aren’t usually changed.
• Aggressive Mode VPN — IKE-Scan, PSK Crack, and Cain – carnal0wnage.attackresearch.com
  In IKE Aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a vpn client that wants to establish an IPSec Tunnel (Hash_R). This hash is not encrypted. It’s possible to capture these packets using a sniffer, for example tcpdump and start dictionary or brute force attack against this hash to recover the PSK.
• Understanding Firefox and SQLite Tables For Computer Forensics – resources.infosecinstitute.com
  I was showing off a trick to export Firefox SQLite tables to a spread sheet, and while she is a forensics person, she had never ever heard of this trick. It is neat enough to know when working off an image to pull the entire history of a Firefox user by using the SQLite table manager Firefox plugin. You can also find this plugin for Chrome that makes things just as easy. This article though will focus on SQLite and Firefox.
• SQLMap — Searching Databases for Specific Columns/Data & Extracting from Specific Columns – carnal0wnage.attackresearch.com
  So assuming we have some sort of SQL Injection in the application (Blind in this case) and we’ve previously dumped all the available databases (–dbs), we now want to search for columns with ‘password’ in them.

Vendor/Software Patches

• Microsoft Updates
  With the release of the security bulletins for December 2011, this bulletin summary replaces the bulletin advance notification originally issued December 8, 2011. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
• Microsoft Security Bulletin Summary for 2011 – technet.microsoft.com
• Microsoft Unveils new Windows Defender Offline Tool – threatpost.com

Vulnerabilities

• Adobe, Acrobat Attacks
  Malicious hackers are targeting a previously unknown security hole in Adobe Reader and Acrobat to compromise Microsoft Windows machines, Adobe warned today.
• Attackers Hit New Adobe Reader, Acrobat Flaw – krebsonsecurity.com
• New Zero-Day Adobe Attack Under Way – darkreading.com
• Newest Adobe Flash 11.1.102.55 And Zero Day Update – isc.sans.edu

Other News

• The Carrier IQ Controversy
  Security researchers who have investigated the inner workings of the Carrier IQ software and its capabilities say that the application has some powerful, and potentially worrisome capabilities, but that as it’s currently deployed by carriers it doesn’t have the ability to record SMS messages, phone calls or keystrokes.
• Researchers Say Carrier IQ Not Logging Texts or Emails, But Has Some Worrisome Capabilities – threatpost.com
• How to find out if Carrier IQ is installe din your phone with one tap – bgr.com
• All Your Shreds Belong To Us – shredderchallenge.com
  Today’s troops often confiscate the remnants of destroyed documents in war zones, but reconstructing them is a daunting task. DARPA’s Shredder Challenge called upon computer scientists, puzzle enthusiasts and anyone else who likes solving complex problems to compete for up to $50,000 by piecing together a series of shredded documents.
• Google Researchers Propose Way Out Of The SSL Dilemma – h-online.com
  In a paper entitled Certificate Authority Transparency and Auditability, Google researchers Adam Langley and Ben Laurie have proposed new measures for improving the trustworthiness of the public key infrastructure (PKI) underpinning HTTPS. The researchers’ idea is based on a public list of all certificates ever issued by certificate authorities.