Week 7 in Review – 2012

Event Related


  • Secunia Yearly Report 2011 – secunia.com
    Download the Secunia Yearly Report 2011
  • MS12-013: Vulnerability in C Run-Time Library could allow remote code execution Exploit Shop – exploitshop.wordpress.com
    Update (Feb 16): Confirmed PoC is working. You can download compiled .exe file, which is dynamically linked with msvcrt.dll. Tested on Windows 7 32bit and 64bit. Download ms12-013poc.exe.
  • Attack Surface Reduction – Chapter 4 – resources.infosecinstitute.com
    This is Chapter 4 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.”
  • Is the iPhone really Malware Free? – anti-virus-rants.blogspot.com
    Friday morning mikko hypponen posted a tweet about the folks behind flexispy changing the look of their site, and i took the opportunity to pose a question to him about iphone malware. you see, flexispy is (or was) a piece of mobile malware that f-secure posted about about 6 years ago.
  • Should we be focusing on vulnerabilities or exploits? – zdnet.com
    This post was inspired by a recent ZDNet article “Offensive security research community helping bad guys” and this ThreatPost interview after the Kaspersky security analyst summit, in which Adobe security chief Brad Arkin explains his (Adobe’s) philosophy on addressing software vulnerabilities.
  • CVE-2010-0842 Java MixerSequencer Vulnerability Metasploit Demo – eromang.zataz.com
    Timeline :Vulnerability reported to ZDI by Peter VreugdenhilVulnerability reported to the vendor by ZDI the 2009-12-10Coordinated public release of the vulnerability the 2010-04-05Details of the vulnerability and first PoC disclosed the 2010-05-21Metasploit PoC provided the 2012-02-15PoC
  • Pass the iOS Privacy Salt Hashing Does NOT Guarantee Privacy. – neohapsis.com
    There has been a lot of concern and online chatter about iPhone/mobile applications and the private data that some send to various parties.


  • WordPress Security: Plugins and Vulnerability Scanning Tools – resources.infosecinstitute.com
    So in this article we will cover some tools and plug-ins to audit WordPress software for security holes and vulnerabilities. We will also discuss the possible ways and tools that an attacker might use to hack into WordPress, and some of the best way(s) to secure a WordPress blog.


  • Dumping Cleartext Credentials with Mimikatz – pauldotcom.com
    Ever have that moment where hashes just aren’t good enough? Where you don’t have time or power to brute force a 15 character NTLM password? Well, if you were able to dump hashes in the first place, then you’ve already achieved the necessary pre-requisites to dump the passwords in clear text. Yes… you read that correctly, clear text.
  • Shreeraj’s security blog: CSRF with upload XHR-L2, HTML5 and Cookie replay – shreeraj.blogspot.com
    XHR level 2 calls embedded in HTML5 browser can open a cross domain socket and deliver HTTP request. Cross Domain call needs to abide by CORS.
  • Exploiting Sudo format string vunerability – vnsecurity.net
    In this post we will show how to exploit format string vulnerability in sudo 1.8 that reliably bypasses FORTIFY_SOURCE, ASLR, NX and Full RELRO protections.
  • Nessus 5 Making My Pentesting WorkflowEasier – darkoperator.com
    With the recent release of Nessus 5 it comes with several improvements like better filtering in policy creation, analysis, reporting and a faster lighter engine for scanning.
  • Virtualization Security: Hacking VMware with VASTO – resources.infosecinstitute.com
    With the advancement of the technology in the field of computers, requirement for hybrid setups has also escalated. Nowadays every company is using a heterogeneous infrastructure for its variety of tasks.
  • Bypassing Web Application Firewalls with SQLMap Tamper Scripts – r00tsec.blogspot.com
    The focus of the tamper scripts is to modify the request in a way that will evade the detection of the WAF (Web Application Firewall) rules. In some cases, you might need to combine a few tamper scripts together in order to fool the WAF.
  • Hunting & Exploiting Directory Traversal – carnal0wnage.attackresearch.com
    In cktricky’s last post he provided a great outline on the ins and outs of leveraging burp’s built in support for directory traversal testing. There are two questions, however, that should immediately come to mind once you are familiar with this tool: How do I find directory traversal & what should I look for if I do?
  • Using Metasm To Avoid Antivirus Detection (Ghost Writing ASM) – pentestgeek.com
    It seems that more and more these days I find myself battling head to head against my client’s Antivirus Software. Payloads I encoded to successfully bypass one solution get picked up by another.
  • Feb 9 CVE-2011-1980 MSOffice DLL Loading vulnerability + Trojan Nflog – contagiodump.blogspot.com
    On February 9, 2012 Symantec disclosed that the previously patched MS Office insecure library loading vulnerability was exploited in the wild. DLL loading vulnerabilities were used in targeted attacks at least with two other exploits in 2011 and they did not reach epidemic proportions like it happend with CVE-2010-3333 RTF or some of the Adobe PDF exploits.

Vendor/Software Patches


  • Horde Groupware backdoor
    • Horde Groupware contains backdoor – h-online.com
      Unknown perpetrators infiltrated a backdoor into several installation packages during an attack on groupware provider Horde’s FTP server. Horde 3.3.12, Groupware 1.2.10 and the webmail edition of the groupware product are all affected.
    • CVE-2012-0209 Horde backdoor analysis – eromang.zataz.com
      The 13/02 Horde team has release a security alert concerning their products. An unknown intruder has hack the FTP server of Horde since minimum November 02 2011 and has manipulate three Horde releases to allow unauthenticated remote PHP execution.
  • Southwest Airlines iPhone app vulnerable to hackers – blogs.denverpost.com
    Southwest Airlines’ iPhone app leaves a user’s information vulnerable to hackers, according to a recent study by a University of Colorado at Colorado Springs master’s student.
  • Ticketmaster warns of hacked mailing list, Adobe Reader spams sent out – sophos.com
    The UK branch of the ticketing firm Ticketmaster has warned its online customers that they might have received a series of unauthorised emails after its TicketWeb subsidiary’s mailing list system was compromised.

Other News

Leave A Comment