Week 43 in Review – 2012

Event Related

  • ToorCon
    • ToorChat – github.com
      A Chat Program for use with the ToorCon 2013 badge.
    • ToorCon Presentation – brightmoonsecurity.com
      Thanks for attending my Toorcon Presentation. Below are links to my presentation and the references I mentioned in the talk. Please let me know if you have any recommendations on course materials.
    • ToorCon Presentation – ciphersuites.com
      This is the landing page for the research done by tecknicaltom for the ToorCon presentation by tecknicaltom titled HTTPS in the Real World: Screw-ups, Trends, and Outliers.
  • Hack.lu 2012
    • Hack.lu 2012 Wrap-Up Day #1 – blog.rootshell.be
      Last week, I was in Luxembourg for my day-to-day job and this week, I’m back for more fun (and some business too . It’s time for a new edition of hack.lu. This is already myfourth edition, time flies!
    • Hack.lu 2012 Wrap-Up Day #2 – blog.rootshell.be
      Here we go for the wrap-up of the second day! After a short night and some 0xC0FFEE, the schedule started with a keynote by Sharon Conheady about the “future of social engineering“. Sharon is a specialist in social extreme engineering (read: with physical access to facilities).
    • Hack.lu 2012 Wrap-Up Day #3 – blog.rootshell.be
      The 2012 edition of hack.lu is already over for a few minutes. Here is my wrap-up posted just before driving back to $HOME! Yesterday, we had a nice dinner with Belgian friends.
  • RuxCon Breakpoint
    • RuxCon Breakpoint Slides – ruxconbreakpoint.com
      Check out the presentation of each speaker for the RuxCon Breakpoint.
    • RuxCon Slides – ruxcon.org.au
      Check out the presentation of each speaker for the RuxCon.
  • SkyDogCon 2012 Videos – irongeek.com
    Here are the videos from SkyDogCon. Thanks to all of the SkyDogCon crew, especially SeeBlind for running the cameras.



  • Introducing the USB Stick of Death – j00ru.vexillium.org
    Several months back we have been playing with different file systems on various system platforms, examining the security posture and robustness of numerous device drivers’ implementations.
  • AXFR for DNSSEC: DNSSEC Walker – room362.com
    DNSSEC Walker traverses a domain’s DNSSEC records to locate it’s regular DNS records.
  • Testing Applications for DLL Preloading Vulnerabilities – netspi.com
    DLL preloading (also known as sideloading and/or hijacking) is a common vulnerability in applications. The exploitation of the vulnerability is a simple file write (or overwrite) and then you have an executable running under the context of the application.
  • Hacking KeyLoggers – blog.opensecurityresearch.com
    Our forensics investigations often result in us having to identify odd devices left over by attackers. So when we recently had to investigate a suspicious USB device connected between the keyboard and USB port on the rear chassis of a senior executive’s desktop computer, my job (I chose to accept it) was to discover what the device was and if it was evil.
  • Demystifying Dot NET Reverse Engineering, Part 1: Big Introduction – resources.infosecinstitute.com
    This, and all upcoming parts, are made with a strict and pure educational purpose just to gain insights into dot NET programs. What you’re going to do with this and all upcoming parts is your own responsibility. I will not be held responsible for your eventual action and use of this.
  • Hacking PDF: util.printf() Buffer Overflow: Part 1 – resources.infosecinstitute.com
    One of the first things we need to do is to remove the PDF Reader we currently have installed and reinstall the old version of PDF Reader.
  • Strategies to Mitigate Targeted Cyber Instructions – dsd.gov.au
    Australian computer networks are being targeted by adversaries seeking access to sensitive information.
  • Fuzzing the Iceberg: Finding Vulnerabilities in Third Party Software – securetheinterior.blogspot.de
    Since 2005, the number of vulnerabilities revealed annually has been generally consistent, between 7,000-9,000
  • Creating an Offline-Version of O2 – diniscruz.blogspot.com
    If you are going to use O2 in a location without a good network connection or if you have some corporate proxy that prevents the download of some of O2 external dependencies (that happen on first use/compile of some O2 Scripts), the best thing to do is to create an Offline Copy of O2.


  • TrueCrypt Head
    • TCHead – TrueCrypt Password Cracking Tool – toolsyard.thehackernews.com
      TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers (preboot authentication).
    • Attacking TrueCrypt – h-online.com
      The open source TrueCrypt disk encryption tool is considered the to be the software of choice for systematically encrypting data. It is able to encrypt individual drives, such as USB Flash drives, and even entire hard drives. A small utility called TCHead is, however, able to tackle data encrypted using TrueCrypt.
  • Atlasutils Release – atlas.r4780y.com
    Latest atlasutils downloadable here.
  • Introducing Responder-1.0 – blog.spiderlabs.com
    Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name Resolution) and Netbios Name Service (NBT-NS) queries.
  • DVCS-Pillage – github.com
    I thought it would be useful to automate some other techniques I found to extract code, configs and other information from a git,hg, and bzr repo’s identified in a web root that was not 100% cloneable. Each script extracts as much knowledge about the repo as possible through predictable file names and known object hashes, etc.
  • Updates to CERT Fuzzing Tools (BFF 2.6 & FOE 2.0.1) – cert.org
    In the past, our two fuzzing frameworks had been based on related code but developed separately. Beginning with the release of BFF 2.5 in April and FOE 2.0 in July, we began to converge these code bases back together.
  • IDAscope a great SwissKnife for reversers – marcoramilli.blogspot.com
    Today I’d like to introduce a great tool made by Daniel Plohmann and Alexander Hanel from University of Bohn and Fraunhofer FKIE called IDAscope. IDAscope is an IDAPro extension for easier (malware) reverse engineering: it offers three main functionalities.
  • Kautilya 0.4.0 – reliable payload execution and more – labofapenetrationtester.blogspot.com
    Kautilya 0.4.0 would be more reliable than ever (at least I intended so). There has been a major change in the architecture thanks to this awesome post by the Offensive Security guys. Large parts of code have been copied from the Peensy standalone.
  • NOWASP (Mutillidae) – sourceforge.net
    NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiast to pen-test a web application.

Vendor/Software Patches

  • SE-2012-01] Challenging Oracle (in a different way) – seclists.org
    On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update [1], which incorporated fixes for 19 security issues that we
    reported to the company earlier this year. This included a fix for a serious Issue 32 [2] found shortly after the out-of-band patch was
    released by Oracle on Aug 30, 2012.


  • Security Flaws in the TSA Pre-check System and the Boarding Pass Check System – puckinflight.wordpress.com
    The problem is, the passenger and flight information encoded in barcode is not encrypted in any way. Using a web site I decoded my boarding pass for my upcoming trip.
  • Broadcom DoS on BCM4325 and BCM4329 devices – coresecurity.com
    This vulnerability was discovered by Andres Blanco. The Proof of Concept and additional research was made by Andres Blanco and Matias Eissler from Core Impact team. The publication of this advisory was coordinated by Fernando Miranda from Core Advisories Team.

Other News

  • Research Shows Serious Problems With Android App SSL Implementations – threatpost.com
    There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information.
  • Spam with .gov URLs – symantec.com
    Traditionally, .gov URLs have been restricted to government entities. This brings up the question of how spammers are using .gov URLs in spam messages.
  • Researchers find not all EC2 instances are created equal – theregister.co.uk
    Researchers from Deutsch Telekom Laboratories and Finland’s Aalto University have claimed it is possible to detect the CPUs of servers powering at Amazon Web Services’ (AWS’) Elastic Compute Cloud (EC2), and that the fact the cloudy giant uses different kit in different places means users can select more powerful servers at the same cost charged for lesser hardware.
  • Researchers Find Flaws In Android Apps That Leave Millions Vulnerable To Password, Online Banking Credentials, And Email Data Theft – forbes.com
    Android apps that have been downloaded by as many as 185 million users have been found to contain vulnerabilities that can expose passwords, emails, and even online banking credentials.
  • Hackers steal customer data from Barnes & Noble keypads – news.cnet.com
    Hackers broke into keypads at more than 60 Barnes & Noble bookstores and made off with the credit card information for customers who shopped at the stores as recently as last month.
  • How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole – wired.com
    It was a strange e-mail, coming from a job recruiter at Google, asking Zachary Harris if he was interested in a position as a site-reliability engineer.
  • Sony faces setback as hackers release PlayStation 3 decryption keys – arstechnica.com
    Sony faced a setback in its campaign to control what software can run on its PlayStation 3 after hackers published one of the cryptographic keys that forms the core of the security scheme locking down the game console.
  • Jailbreaking now legal under DMCA for smartphones, but not tablets – arstechnica.com
    The Digital Millennium Copyright makes it illegal to “circumvent” digital rights management schemes. But when Congress passed the DMCA in 1998, it gave the Librarian of Congress the power to grant exemptions. The latest batch of exemptions, which will be in force for three years, were announced on Thursday.
  • Leading Tech Companies Form Cyber Security Research Alliance – xbitlabs.com
    Advanced Micro Devices, Honeywell, Intel Corp., Lockheed Martin and RSA/EMC announced the creation of the Cyber Security Research Alliance (CSRA), a private, non-profit research consortium formed in response to the growing need for increased public-private collaboration to address complex problems in cyber security.
  • New Project Basecamp Tools for CoDeSys, 200+ Vendors Affected – digitalbond.com
    Reid Wightman provided one last set of Project Basecamp tools before leaving for ioActive. This latest release are two tools for PLC’s running the CoDeSys ladder logic runtime, which is a list of 261 vendors.
  • DHS realigns cyber office into five divisions – federalnewsradio.com
    The Homeland Security Department’s Office of Cybersecurity and Communications is expanding to five divisions from three and creating a performance-management office.
  • How do penetration testers work in teams? – reddit.com
    Like the title says, how do you put the “team” in penetration testing team? What different roles/tasks can different testers do to cooperate in a pentest? What are the benefits to having more people besides simply having a broader skill-set on hand? Hollywood always shows one guy in the van, another at the switchboard in the basement, one in the elevator shaft, and the two most attractive people doing SE on the main floor. How’s it work in real life?
  • South Carolina reveals massive data breach of Social Security Numbers, credit cards – computerworld. com
    Approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers belonging to South Carolina taxpayers were exposed after a server at the state’s Department of Revenue was breached by an international hacker, state officials said Friday.
  • Cash-Strapped States Under Siege – darkreading.com
    Most state chief information security officers say that a lack of funding is the biggest challenge in their cybersecurity efforts, and 70 percent of state CISOs have reported a data breach this year.
2017-03-12T17:39:44-07:00 October 29th, 2012|Security Conferences, Security Tools, Security Vulnerabilities, Week in Review|0 Comments

Share This Story, Choose Your Platform!

Leave A Comment