Week 22 in Review – 2012

Event Related

• HITB Security Conference 2012 Amsterdam – Materials – conference.hitb.org
  The Materials of HITB Security Conference 2012 – Amsterdam has been published.

Resources

• iOS
• iPhone Forensics Analysis of iOS 5 backups : Part 2 – resources.infosecinstitute.com
  In the first part of this article, we discussed the techniques to read iTunes backups. The following article discloses the procedure to extract protection class keys from the Backup Keybag and covers the techniques & the tools to decrypt the protected backup files and the encrypted backups.
• iOS Application Security: Review of Top 50 Free iPad Apps
  [Part 2 of 2] – SpiderLabs Anterior – spiderlabs.com
  The scope of this blog post is related to mobile application security only and does not refer to the platform’s security – all data is anonymised.
• Apple Details iOS Security Features in New Guide – threatpost.com
  Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture.

Tools

• Webapp-Exploit-Payloads v1.0 Released – github.com
  Webapp-Exploit-Payloads is a collection of payloads for common webapps. For example Joomla and WordPress.
• Cisc0wn Cisco SNMP Script – commonexploits.com
  I have created a new script that you might find useful. Cisc0wn is simply a bash script that pulls various tools and enumeration into one simple command for ease, so is not really a tool in itself.

Techniques

• From LOW to PWNED [12] Trace.axd – carnal0wnage.attackresearch.com
  “Trace.axd is an Http Handler for .Net that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order, where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file.”
  http://www.ucertify.com/article/what-is-traceaxd.html
• We Have the Port Scans, what now? – pentesticles.com
  It’s been a while, I hope you’re good. I’m fine thanks, busy as sin but isn’t that always the way? So where did we leave off? From reading back through my previous post, we’d scanned our little guts out and pulled a list of all ports that were open and all the services that can be interacted with. Boy haven’t we been busy!
• Yes, you can have fun with downloads – lcamtuf.blogspot.com
  It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs; in more limited circumstances, even individual frames can be targeted. I discuss the consequences of this behavior in The Tangled Web – and several months ago, I shared this amusing proof-of-concept illustrating the perils of this logic.
• Tiny 64-bit ELF executables – blog.markloiseau.com
  A while back, Brian Raiter wrote an excellent guide to ELF executables called “A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux.” It outlines some of the things that contribute to overhead in ELF executables, and goes to great lengths to make the smallest-possible ELF program.

Vulnerabilities

• Flame
• Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers – wired.com
  A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.
• Defeating Flame String Obfuscation with IDAPython – SpiderLabs Anterior – spiderlabs.com
  Like many other security research firms, SpiderLabs Research has been actively investigating the Flame (a.k.a. sKyWIper) malware that was revealed earlier this week.

Other News

• NIST Issues Long-Awaited Cloud Guidance – bankinfosecurity.com
  NIST has published its long-awaited cloud computing guidance, Special Publication 800-146: Cloud Computing Synopsis and Recommendations, that addresses risk management and other security matters.