Week 40 in Review – 2012

Event Related

  • Derbycon 2012 Videos – irongeek.com
    Hope you enjoyed the con! Here are the videos from Derbycon 2012. We had a few recording SNAFUs, but all in all it went very well. For the descriptions of the talks click a talk link below or go to the Derbycon page. Feel free to link or embed elsewhere, but I’d appreciate it if you link back to the Derbycon and Irongeek.com sites.
  • EnergySec 2012 Wrapup – digitalbond.com
    Last week was EnergySec’s 2012 Symposium. EnergySec is a group with a lot of great energy. The conference was attended by a mix of hackers, former phone phreaks, energy sysadmins, auditors, and executives.
  • Impressions from Ekoparty – blog.ioactive.com
    Another ekoparty took place in Buenos Aires, Argentina, and for a whole week, Latin America had the chance to meet and get in touch with the best researchers in this side of the world.
  • Hakin9 – Spam Kings – digininja.org
    This blog post goes with a lightning talk I gave at BruCon 2012, here are my slides.
  • EUSecWest Mobile Pwn2Own 2012 Recap – dvlabs.tippingpoint.com
    Carnage. Pwnage everywhere. Empty streets, wailing widows, and the smoking remains of a hotel where the sign is barely visible, hanging from a shattered chain and swinging in the wind — NH Amsterdam Centre Hotel. Something black catches my eye — it’s just a rag, caught on a broken base station arm.

Resources

  • Dirty Little Secrets They Didn’t Teach You in Pentest Class – Part 2 (video) – room362.com
    This is the part 2 of the video.
  • Exploits 2: Windows – youtube.com
    This is the playlist for the videos of Exploits 2: Windows.
  • Bypassing SEH Protection: A Real-Life Example – resources.infosecinstitute.com
    Before starting any kind of exploiting, if you are not familiar with buffer overflow, assembler, or how the operating system works, I strongly recommend reading the content from the links below.
  • Elcomsoft, UPEK and more – blog.crackpassword.com
    Elcomsoft has announced that certain versions of fingerprint software named Protector Suite made by UPEK (now part of Authentec) stores your Windows password in a ‘scrambled’ format in registry.
  • Scythe Framework – blog.c22.cc
    After a short hiatus I finally got back into the swing of things. Unsurprisingly for me it was a new project that got me out of my slump and back in-front of the computer. Over the last month or so I’ve been working on a framework (modular) for account enumeration.
  • Defeat the Hard and Strong with the Soft and Gentle Metasploit RopDB – community.rapid7.com
    Data Execution Prevention (DEP) has always been a hot topic in modern software exploitation. This is a security feature implemented in most popular operating systems, designed to prevent a program from executing in a non-executable memory location.
  • Meet “Q” – Free Metasploit Exploit Pack – room362.com
    This repository / exploit pack was created for the sole purpose to house modules, scripts and resource files that would otherwise not be accepted into the Metasploit trunk.
  • SQL Injection through SQLMap Burp Plugin – resources.infosecinstitute.com
    SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application.

Techniques

  • James Bond’s Dry Erase Marker: The Hotel PenTest Pen – blog.spiderlabs.com
    I’m not going to get into the technical details of how this hack works, or why it works. Cody does a great job on his own site over at http://demoseen.com/bhpaper.html. So if you have any questions about the hack itself or the details, it is best to ask him, as he is the one who discovered this. I only made the device smaller. 🙂
  • Three Ways to Defeat a ReverseMe – resources.infosecinstitute.com
    A “ReverseMe” as its name says, is a little piece of code compiled to produce one or more protections, and the whole is designed to be “reversed”, which means designed to be a target for practicing reverse code engineering and studying software protections without any risk regarding laws and intellectual properties.
  • Unhosing APKs – intrepidusgroup.com
    Recently, there has been some discussion in the press about a tool named “HoseDex2Jar”, which claims to prevent wily hackers from being able to decompile Android APK files back into Java class files.

Vendor/Software Patches

  • OllyDbg 2.01 Update – ollydbg.de
    OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis make it particularly useful in cases where source is unavailable.
  • Searching For That Adobe Cert – blog.didierstevens.com
    You probably know by now that Adobe will revoke a compromised code signing certificate in a couple of days. As we seem to have more code signing related security incidents recently, I started to develop a couple of new tools.
  • Volatility 2.2 Update – code.google.com
    The Volatility Framework is completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
  • ERPScan’s SAP Pentesting Tool Update – erpscan.com
    ERPScan’s SAP Pentesting Tool is a freeware tool that is intended for penetration testers and security officers for vulnerability assessment of SAP systems using Black Box testing methodologies. It means that you do not need to know any information about the target system or have a legal account in it. All the information will be collected by SAP Pentesting tool.
  • The Social-Engineer Toolkit (SET) v4.1 “Gangnam Style” has been released – trustedsec.com
    We are proud to release the latest version of the Social-Engineer Toolkit (SET) version 4.1 codename “Gangnam Style” (you have to do the dance when using SET now). This version has a number of new enhancements including the ability to natively use Apache with the multiattack combining the Java Applet Attack and the Credential Harvester.
  • The Sleuth Kit 4.0.0 Update – sourceforge.net
    The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.

Vulnerabilities

  • The Tale of 1001 ADSL Modems
    • How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes – nakedsecurity.sophos.com
      Assolini described in his presentation, entitled “The tale of 1001 ADSL modems: Network devices in the sights of cybercriminals”, how at some Brazilian ISPs, more than 50% of users were reported to have been affected by the attack.
    • The tale of one thousand and one DSL modems – securelist.com
      This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems
  • SRP easily bypassed – wilderssecurity.com
    Well it seems that was a false sense of security. You can completely bypass SRP with no password or anything.
    If you have an executable that can’t execute where it is because of SRP, simply using “runas /trustlevel:”Unrestricted”” will allow it to run.
  • ‘FakeInstaller’ Leads the Attack on Android Phones – blogs.mcafee.com
    Android.FakeInstaller is a widespread mobile malware family. It has spoofed the Olympic Games Results App, Skype, Flash Player, Opera and many other top applications.

Other News

Leave A Comment