- Shmoocon 2012
- ShmooCon 2012: Raising The White Flag – blog.c22.cc
Whitelisting is often touted as a replacement for AV. Despite the fact that something better than AV is needed, application whitelisting isn’t the solution. Their purpose seems good, for the execution is lacking. Things are headed in the right direction, but using simple bypass techniques it’s possible to bypass these whitelisting protections.
- ShmooCon 2012: Java backdoors and Cross Framework Abuse – blog.c22.cc
Java has a number of different archive formats. This talk covers the J2SE / J2EE type archives. The goal here is to show how simple it is to add potentially malicious software to three of the most common format.
- Pwn2Own to Offer $150K in Prizes – threatpost.com
The Pwn2Own contest at the CanSecWest conference has become one of the landmark events on the calendar each year, as researchers gather with nervous vendors in a tiny room to see who can own which browser on which platform and how quickly. But this year’s contest will have a much different look than past editions, with participants vying for more than $100,000 in cash by amassing points over the course of three days.
- TEDxMaui – Hack Yourself First – jeremiahgrossman.blogspot.com
Ten years ago if you would have told me that I’d be back living in Hawaii, founder of a fast growing technology company, and a TED speaker — I would’ve said, “What’s a TED?” Preparing for TEDxMaui was extremely difficult.
- First 2012 OWASP Belgium Chapter Meeting Wrap-Up – blog.rootshell.be
A new year started and why change good habits? I’m just back from the first OWASP Belgium Chapter meeting of 2012. Here is my quick wrap-up. The organization remains the same, the first few minutes were dedicated to some news from the OWASP organization given by Seba.
- SOURCE Boston 2011 – blip.tv
SOURCE Boston 2011 session videos now released
- From CVE-2010-0738 to the recent JBoss worm – owasp.org
This presentation is an extended version of a talk delivered during the OWASP Bay Area Chapter Meeting (November 30, 2011)
- NIST Issues Public Cloud Computing Guidance – bankinfosecurity.com
Users – not providers – have ultimate responsibility for the security and privacy of data stored on the public cloud, new guidance from the National Institute of Standards and Technology says.
- rockyou_passpal_0.3_dump – thepasswordproject.com
This report was generated using passpal. 218 lines/unique passwords that were not valid UTF-8 were removed prior to analysis. A few lines seem to be HTML and other web scrapings, especially some of the longer lines, but this is hard to clean up automatically.
- Slides from DoD Cyber Crime Conference – jessekornblum.livejournal.com
As promised, I’ve published the slides and scripts I used during my talks at the 2012 DoD Cyber Crime conference.
- Johnnykv / Heralding – github.com
Simple low interaction honeypot to log login names and password from bruteforce attacks on pop3, imap, telnet and ssh.
- Android Mind Reading – digitalforensicssolutions.com
What We’ll Cover: Live Forensics; Traditional Linux Memory Forensics Overview; Problems with Android; Acquisition Tools (DMD); Volatility; Demo
- Router PWN – routerpwn.com
- SMBShell – Samba Pentesting Tool – theprojectxblog.net
SMBShell is a cross platform java based multi threaded application with minimal smb client shell pentesting tool. This application uses dictionary attack method against remote samba daemon with the capability of spawning an smb client shell with every credential found if the check box ‘spawn shell’ is checked. This will help network/system administrator test the password integrity with the very basic common password attack in your Linux, BSD or Windows box with samba installed.
- Hash-identifier – code.google.com
Software to identify the different types of hashes used to encrypt data and especially passwords.
- Metasploit Pentest Plugin Part 2 – darkoperator.com
This is the second part of my Pentest Metasploit plugin. This part will cover the post exploitation commands this plugin adds. First I would like to cover the thought process of this commands. The commands came from some modules I pushed and then had to pull from the Metasploit Framework around summer of 2011 that sadly did not comply with some of the rules on what modules where supposed to do and the post mixin did not allowed me to do.
- iPhone Forensics – resources.infosecinstitute.com
iPhone forensics can be performed on the backups made by iTunes (escrow key attack) or directly on the live device. This article explains the technical procedure and the challenges involved in extracting data from the live iPhone.
- Psexec fail? Upload and Exec Instead – carnal0wnage.attackresearch.com
I ended up having to use the smb/upload file module on a pentest. I was able to get the local admin hashes but for some reason the psexec module wouldn’t get code execution, it would act like it would work but wasn’t. So we decided to push a binary, use winexe that was modified to pass the hash to exec the binary as needed.
- Exploiting an IP Camera Control Protocol: Redux – spareclockcycles.org
Last May, I wrote about a remote password disclosure vulnerability I found in a proprietary protocol used to control ~150 different low-end IP cameras. The exploit I wrote was tested on the Rosewill RXS-3211, a rebranded version of the Edimax IC3005.
- Kyrus Beta Testing NSRLquery Server – jessekornblum.livejournal.com
Kyrus is beta testing a public NSRLquery server and we invite you try it out! This server allows you to submit file hashes to determine if those files are present in the National Software Reference Library (NSRL).
- Leak Sensor – Pastebin data leakage detection – chaptersinwebsecurity.blogspot.com
As we all know, the cyber war is escalating. Hackers use Trojans and website penetrations to gain access to sensitive data. This includes email addresses, social security numbers, passwords and much more. The hacktivism movements such as Anonymous exploit Pastebin as a platform for anonymous data publishing.
- NetBIOS spoofing for attacks on browser – dsecrg.blogspot.com
Sometime ago during pentest NetBIOS protocol got my attention. Especially, NetBIOS naming and its co-work with DNS.
NetBIOS is an old protocol, distributed world-wide, but it doesn’t have many security mechanisms. And I think that many interesting things are born in different technologies’ interception. So I started a little research and I want to show some results of it.
- “Pass the hash” with Nexpose and Metasploitd – community.rapid7.com
I am proud to announce that Nexpose 5.1.0 now supports “pass the hash”, a technique to remotely authenticate against a Windows machine (or any SMB/CIFS server) with the mere possession of LM/NTLM password hashes, without needing to crack or brute force them. Nexpose is able to use the hashes to perform credentialed scans to produce very detailed scan results of all sorts of local and remote vulnerabilities that may otherwise not be detectable.
- Landing another blow against email phishing – googleonlinesecurity.blogspot.com
Email phishing, in which someone tries to trick you into revealing personal information by sending fake emails that look legitimate, remains one of the biggest online threats. One of the most popular methods that scammers employ is something called domain spoofing. With this technique, someone sends a message that seems legitimate when you look at the “From” line even though it’s actually a fake.
- Dump Windows password hashes efficiently – Part 6 – bernardodamele.blogspot.com
When you login to a network resource like a network share, a proxy server behind NTLM authentication, a database management system, a mail server, etc, you can often instruct your client to save the password, typically by simply ticking the box “Remember my password”.
- UPDATE: Mutillidae 2.1.13! – pentestit.com
“Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
- UPDATE: JavaSnoop 1.1 RC2! – pentestit.com
“JavaSnoop is a tool for testing (re: hacking) Java desktop applications or applets. It is a tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer. JavaSnoop does so by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system.”
- PoC Linux privilege escalation exploits – pentestit.com
POC proof-of-concept exploit code for a recently spotted privilege escalation flaw CVE-2012-0056 ( POC Linux privilege escalation exploits ) in the Linux kernel has left Linux vendors scrambling to push out a patch.
- 10K Reasons to Worry About Infrastructure – wired.com
A security researcher was able to locate and map more than 10,000 industrial control systems hooked up to the public internet, including water and sewage plants, and found that many could be open to easy hack attacks, due to lax security practices.
- CVE-2012-0003 Exploited in the Wild – blogs.iss.net
If for whatever reason you haven’t applied the critical January 2012 security update from Microsoft, now you really need to. Live web based exploitation of the vulnerability we found for handling MIDI in Windows Multimedia Library was reported by Trend Micro.
- Full-nelson.c Linux Kernel local privilege escalation – eromang.zataz.com
This exploit leverages three vulnerabilities to get root, all of which were discovered by Nelson Elhage.
- Symantec Updates
- Security Advisories Relating to Symantec Products – Symantec pcAnywhere Remote Code Execution, Local Access File Tampeing SYM12-002 – symantec.com
Added hotfix information for Symantec pcAnywhere versions 12.0.x and 12.1.x if customers are unable to follow the upgrade recommendations to 12.5.3. Link to Technical White Paper “Symantec pcAnywhere Security Recommendations” Updates to “Affected Products” and “Products Not Affected.”
- Symantec tells customers to disable PCAnywhere – news.cnet.com
Symantec is urging customers to disable PCAnywhere until it issues a software update to protect them against attacks that could result from the theft of the product’s source code.
- Symantec tells users to pull pcAnywhere’s plug – computerworld.com
Symantec this week took the highly unusual step of telling users of its pcAnywhere remote access software to disable or uninstall the software while it fixes an unknown number of bugs.
- Warnings About Windows Exploit, pcAnywhere – krebsonsecurity.com
Security experts have spotted drive-by malware attacks exploiting a critical security hole in Windows that Microsoft recently addressed with a software patch. Separately, Symantec is warning users of its pcAnywhere remote administration tool to either update or remove the program, citing a recent data breach at the security firm that the company said could help attackers find holes in the aging software title.
- Video Conferencing
- Cameras May Open Up the Board Room to Hackers – nytimes.com
One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment.
- Video conferencing mistakes make espionage easy – computerworld.com
Tens of thousands of video conferencing setups, including some in corporate meeting rooms where the most confidential information is discussed, are vulnerable to spying attacks, researchers said this week.
- GPS Tracking/Surveillance
- Supreme Court Court Rejects Willy-Nilly GPS Tracking – wired.com
The Supreme Court said Monday that law enforcement authorities might need a probable-cause warrant from a judge to affix a GPS device to a vehicle and monitor its every move — but the justices did not say that a warrant was needed in all cases.
- Justices rule against police, say GPS surveillance requires search warrant -edition.cnn.com
Police erred by not obtaining an extended search warrant before attaching a tracking device to a drug suspect’s car, the Supreme Court said in a unanimous ruling Monday.
- Decrypt Laptops
- Judge: Americans can be forced to decrypt their laptops – news.cnet.com
American citizens can be ordered to decrypt their PGP-scrambled hard drives for police to peruse for incriminating files, a federal judge in Colorado ruled today in what could become a precedent-setting case.
- Judge Orders Defendant to Decrypt Laptop – wired.com
A judge on Monday ordered a Colorado woman to decrypt her laptop computer so prosecutors can use the files against her in a criminal case.
- Smartcards: Still A Smart Choice? – darkreading.com
Imagine sailing through a checkout line, paying for your groceries simply by swiping your smartphone across a terminal. Or walking into a store and being served reward coupons on your mobile device after a near-field communication (NFC) receiver detects your presence.
- Anonymous Goes After World Governments in Wake of Anti-SOPA Protests – wired.com
Over the last week, Anonymous has launched unprecedented string of attacks on government and business sites around the world, as the anger of the hive that a year ago turned on Egypt’s Mubarak regime turned on governments around the world.
- Chinese Virus Targets DoD Common Access Card – defensenews.com
A Chinese-based cyber attack is targeting the U.S. Defense Department’s Common Access Cards with technology that could steal information from military networks while troops and civilians work at their desks, researchers say.
- Hackers Breached Railway Network, Disrupted Service – wired.com
Hackers attacked computers at an an unidentified railway company, disrupting railway signals for two days in December, according to a government memo obtained by Nextgov.