Week 17 in Review – 2012

Event Related

• Our CanSecWest 2012 slides on passive DNS and Picviz – picviz.blogspot.fr
  Alexandre Dulaunoy from CIRCL.LU and Sebastien Tricaud from Picviz Labs have been talking at CanSecWest 2012 in Vancouver, Canada, on how to scrutinize a country using passive DNS and Picviz.
• SyScan 2012 Singapore slides – www.xchg.info
  Conference and slides of SyScan 2012 Singapore

Resources

• Big ideas from Daniel Geer on digital security and the role of humans – geer.tinho.net
  Everything about cyberspace is now in a positive feedback loop or, should I say, the positive feedback loop in cyberspace is creating a positive feedback loop within all cutting edge science. That loop includes cybersecurity.
• Acquiring volatile memory from Android based devices with LiME Forensics, Part I – blog.opensecurityresearch.com
  Up until now, most of the Android forensics research has been focused on areas like the acquisition and analysis of the internal flash NAND memory, SD Cards, understanding the YAFFS2 file system and scrutinizing APK files for malware analysis, among others.
• Hack In The Box Magazine Issue #8 has been released – professionalsecuritytesters.org
  Hello readers and welcome to issue #8. It’s been a while since the release of the last issue and no, we are not dead yet.
• [Full-disclosure] RuggedCom – Backdoor Accounts in my SCADA network? You don’t say… – lists.grok.org.uk
  RuggedCom is one of a handful of networking vendors who capitalize on the market for “Industrial Strength” and “Hardened” networking equipment.
• CVSS Vulnerability Scoring Gone Wrong – labs.neohapsis.com
  If you have been in the security space for any stretch of time you have undoubtedly run across the Common Vulnerability Scoring System (CVSS).
• Presentation: PowerShell for Pen Testers – pen-testing.sans.org
  Tim “My Shell Makes Your Shell Cry Like a Little Baby” Medin did a presentation at SANS Orlando called “PowerShell for Pen Testers”. It’s really good. It starts out with an overview of PowerShell for the uninitiated, and then quickly jumps to some really effective use cases of PowerShell for penetration testers and ethical hackers.
• Security Implications of IPv6 on IPv4 Networks – tools.ietf.org
  This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on “IPv4-only” networks, and describes possible mitigations for the aforementioned issues.

Tools

• OWASP
• OWASP ZAP SmartCard Project – blog.taddong.com
  OWASP ZAP (Zed Attack Proxy) has become THE open-source web application interception proxy and security auditing tool, replacing well known open-source players in this field we have been using all over the last decade, such as Paros, WebScarab, or AndiParos.
• WebGoat 5.4 Released – owasp.blogspot.com
  WebGoat 5.4 was released today. Thanks to all of those who sent comments and helped get this release out the door.
• Kautilya v0.2.2 payloads for Teensy Released – code.google.com
  Kautilya is a toolkit which provides various payloads for Teensy device which may help in breaking in a computer. The toolkit is written in Ruby.
• PdfStreamDumper version 0.9.320 update – sandsprite.com
  PdfStreamDumper is a free tool for the analysis of malicious PDF documents. It also has some features that can make it useful for PDF vulnerability development.
• Exploring Symbol Type Information with PdbXtract – blog.mandiant.com
  Mandiant is introducing a new free tool today, PdbXtract™, which allows you to browse and search PDB-type information.
• Inception – breaknenter.org
  Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost any machine you have physical access to.
• Plown Security Scanner v0.3 for Plone CMS released – github.com
  Plown is a security scanner for Plone CMS. Although Plone has the best security track record of any major CMS and is considered highly secure, misconfigurations and weak passwords might enable system break-ins. Plown has been developed to ease the discovery of usernames and passwords, and act as an assistant to system administrators to strengthen their Plone sites.
• ERPScan has released ERPScan Security Scanner for Sap 2.0 – professionalsecuritytesters.org
  ERPScan has released ERPScan Security Scanner for SAP 2.0 – a complex solution to continuously monitor all areas of SAP security, from vulnerability assessment and misconfigurations to ABAP code review and analysis of business-critical privileges.
• psychomario/ntlmsspparse – github.com
  Parses ntlmssp netlm[v2] hashes out of a pcap file for use with a password cracker.

Techniques

• Appsec Testing Tips: Edge Cases & Tool Chaining Security Aegis – securityaegis.com
  At BruCon 2011 I gave a talk called The Web Application Hackers Toolchain. In this talk i outlined several non-standard additions and aides to web pentesters. One section in particular was leveraging tool chaining for better application mapping.

Vendor/Software Patches

• 64-bit Process Replacement in Powershell – exploit-monday.com
  For those of you who follow me on Twitter, you may have noticed that I posted a few teasers related to replacing processes in Powershell. Without further ado, I am releasing Replace-x64-Process.
• Metasploit 4.3 Released: Task Chains, Email Reports, Upgrades, and More Modules – community.rapid7.com
  It’s been a fun and challenging month for the Metasploit team, and we’re happy to announce that Metasploit 4.3 is ready and available for you to download. Metasploit 4.3 ships with 33 new exploits, 20 new auxiliary modules, 11 new post-exploitation modules, 4 new payloads, and some nifty new features on the Metasploit Pro side. That’s a lot of new stuff, so let’s just cover the highlights for this release.
• VoIP Hopper version 2.04 – sourceforge.net
  VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop security test.
• WooThemes WooFramework exploit: Execute any shortcode as an unauthenticated visitor – gist.github.com
  WooThemes has now bumped their version number and fixed the update bug so please click “Update Framework” inside of the WordPress Admin to grab and install the latest version which patches this bug.

Vulnerabilities

• Microsoft MSN Hotmail
• Hotmail Password Reset Bug Exploited in Wild – threatpost.com
  Microsoft has issued a temporary permanent fix for a previously undisclosed bug in its MSN Hotmail Web email service that could have allowed remote attackers to reset account passwords.
• Microsoft MSN Hotmail – Password Reset & Setup Vulnerability – vulnerability-lab.com
  Hotmail (also known as Microsoft Hotmail and Windows Live Hotmail), is a free web-based email service operated by
  Microsoft as part of Windows Live.
• Weak Passwords Still Subvert IT Security – computerworld.com
  A recent data breach that exposed the Social Security numbers of more than 280,000 people served as yet another reminder of the well-recognized, but often discounted, risks associated with using weak and default passwords.
• Trojan Uses Motion Sensors To Steal Smartphone Data – techweekeurope.co.uk
  Motion-sensor data from smartphones can be used to effectively guess what keys a user is tapping and steal sensitive data such as PINs and bank details, according to new research (PDF) from Pennsylvania State University (PSU) and IBM.
• Hacker leaks source code of old VMware software – h-online.com
  EMC subsidiary VMware has acknowledged that a hacker has released some of the company’s source code.
• Oracle databases vulnerable to injected listeners – h-online.com
  There is no patch for a serious security hole in almost all Oracle database installations; administrators themselves should therefore take immediate action to protect their systems.

Other News

• Penetration Testing Deception through Vocabulary – netspi.com
  This post is not of the technical nature (I’m the wrong guy) nor is it really about industry trends (maybe a little). I want to use this post to focus on some industry-specific vocabulary.