Week 40 in Review – 2012

Event Related

• Derbycon 2012 Videos – irongeek.com
  Hope you enjoyed the con! Here are the videos from Derbycon 2012. We had a few recording SNAFUs, but all in all it went very well. For the descriptions of the talks click a talk link below or go to the Derbycon page. Feel free to link or embed elsewhere, but I’d appreciate it if you link back to the Derbycon and Irongeek.com sites.
• EnergySec 2012 Wrapup – digitalbond.com
  Last week was EnergySec’s 2012 Symposium. EnergySec is a group with a lot of great energy. The conference was attended by a mix of hackers, former phone phreaks, energy sysadmins, auditors, and executives.
• Impressions from Ekoparty – blog.ioactive.com
  Another ekoparty took place in Buenos Aires, Argentina, and for a whole week, Latin America had the chance to meet and get in touch with the best researchers in this side of the world.
• Hakin9 – Spam Kings – digininja.org
  This blog post goes with a lightning talk I gave at BruCon 2012, here are my slides.
• EUSecWest Mobile Pwn2Own 2012 Recap – dvlabs.tippingpoint.com
  Carnage. Pwnage everywhere. Empty streets, wailing widows, and the smoking remains of a hotel where the sign is barely visible, hanging from a shattered chain and swinging in the wind — NH Amsterdam Centre Hotel. Something black catches my eye — it’s just a rag, caught on a broken base station arm.

Resources

• Dirty Little Secrets They Didn’t Teach You in Pentest Class – Part 2 (video) – room362.com
  This is the part 2 of the video.
• Exploits 2: Windows – youtube.com
  This is the playlist for the videos of Exploits 2: Windows.
• Bypassing SEH Protection: A Real-Life Example – resources.infosecinstitute.com
  Before starting any kind of exploiting, if you are not familiar with buffer overflow, assembler, or how the operating system works, I strongly recommend reading the content from the links below.
• Elcomsoft, UPEK and more – blog.crackpassword.com
  Elcomsoft has announced that certain versions of fingerprint software named Protector Suite made by UPEK (now part of Authentec) stores your Windows password in a ‘scrambled’ format in registry.
• Scythe Framework – blog.c22.cc
  After a short hiatus I finally got back into the swing of things. Unsurprisingly for me it was a new project that got me out of my slump and back in-front of the computer. Over the last month or so I’ve been working on a framework (modular) for account enumeration.
• Defeat the Hard and Strong with the Soft and Gentle Metasploit RopDB – community.rapid7.com
  Data Execution Prevention (DEP) has always been a hot topic in modern software exploitation. This is a security feature implemented in most popular operating systems, designed to prevent a program from executing in a non-executable memory location.
• Meet “Q” – Free Metasploit Exploit Pack – room362.com
  This repository / exploit pack was created for the sole purpose to house modules, scripts and resource files that would otherwise not be accepted into the Metasploit trunk.
• SQL Injection through SQLMap Burp Plugin – resources.infosecinstitute.com
  SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application.

Techniques

• James Bond’s Dry Erase Marker: The Hotel PenTest Pen – blog.spiderlabs.com
  I’m not going to get into the technical details of how this hack works, or why it works. Cody does a great job on his own site over at http://demoseen.com/bhpaper.html. So if you have any questions about the hack itself or the details, it is best to ask him, as he is the one who discovered this. I only made the device smaller. 🙂
• Three Ways to Defeat a ReverseMe – resources.infosecinstitute.com
  A “ReverseMe” as its name says, is a little piece of code compiled to produce one or more protections, and the whole is designed to be “reversed”, which means designed to be a target for practicing reverse code engineering and studying software protections without any risk regarding laws and intellectual properties.
• Unhosing APKs – intrepidusgroup.com
  Recently, there has been some discussion in the press about a tool named “HoseDex2Jar”, which claims to prevent wily hackers from being able to decompile Android APK files back into Java class files.

Vendor/Software Patches

• OllyDbg 2.01 Update – ollydbg.de
  OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis make it particularly useful in cases where source is unavailable.
• Searching For That Adobe Cert – blog.didierstevens.com
  You probably know by now that Adobe will revoke a compromised code signing certificate in a couple of days. As we seem to have more code signing related security incidents recently, I started to develop a couple of new tools.
• Volatility 2.2 Update – code.google.com
  The Volatility Framework is completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
• ERPScan’s SAP Pentesting Tool Update – erpscan.com
  ERPScan’s SAP Pentesting Tool is a freeware tool that is intended for penetration testers and security officers for vulnerability assessment of SAP systems using Black Box testing methodologies. It means that you do not need to know any information about the target system or have a legal account in it. All the information will be collected by SAP Pentesting tool.
• The Social-Engineer Toolkit (SET) v4.1 “Gangnam Style” has been released – trustedsec.com
  We are proud to release the latest version of the Social-Engineer Toolkit (SET) version 4.1 codename “Gangnam Style” (you have to do the dance when using SET now). This version has a number of new enhancements including the ability to natively use Apache with the multiattack combining the Java Applet Attack and the Credential Harvester.
• The Sleuth Kit 4.0.0 Update – sourceforge.net
  The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.

Vulnerabilities

• The Tale of 1001 ADSL Modems
• How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes – nakedsecurity.sophos.com
  Assolini described in his presentation, entitled “The tale of 1001 ADSL modems: Network devices in the sights of cybercriminals”, how at some Brazilian ISPs, more than 50% of users were reported to have been affected by the attack.
• The tale of one thousand and one DSL modems – securelist.com
  This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems
• SRP easily bypassed – wilderssecurity.com
  Well it seems that was a false sense of security. You can completely bypass SRP with no password or anything.
  If you have an executable that can’t execute where it is because of SRP, simply using “runas /trustlevel:”Unrestricted”” will allow it to run.
• ‘FakeInstaller’ Leads the Attack on Android Phones – blogs.mcafee.com
  Android.FakeInstaller is a widespread mobile malware family. It has spoofed the Olympic Games Results App, Skype, Flash Player, Opera and many other top applications.

Other News

• White House thwarts hacker attack on unidentified computer system – thehill.com
  The White House confirmed on Monday that it thwarted an attempted cyber attack but declined to discuss where it originated from after a media report identified China as the culprit.
• Security Flaw Lets Hackers Steal Twitter Accounts – buzzfeed.com
  “People should be changing their passwords,” says a victim whose account was hacked — and even put up for sale.
• Could your phone be secretly taking pictures right now? How hackers could hijack your camera to spy on you (and even read your chequebook) – dailymail.co.uk
  A new app can ‘virtually steal’ from your home – by turning on your phone’s camera and beaming images back to thieves.
• Some WordPress Themes, Thousands of Sites Open to XSS Vulnerability – threatpost.com
  A number of WordPress themes being distributed by the developer Parallelus are vulnerable to cross-site scripting (XSS) attacks, reports said.
• Your tax dollars at work: local cops now paid with federal money to troll IRC – arstechnica.com
  In a speech before an assembled crowd of law enforcement officials in Maryland this week, Attorney General Eric Holder announced the winners of a new federal grant that will send hundreds of thousands of dollars to 13 agencies in an effort to step up enforcement of copyright and trademark laws.