Week 44 in Review – 2012

Event Related

  • Hashdays
    • Hashdays Wrap-up Day #1 – blog.rootshell.be
      I’m in Luzern for a few days but the Hashdays security conference started today! w00t! This is the first edition for me. A very nice opening session performed by the defcon-switzerland group which organises this event.
    • Hashdays Wrap-Up Day #2 – blog.rootshell.be
      Yesterday evening, I went with friends to a traditional Swiss restaurant then we passed by the party to have a few drinks. Thanks to the sponsor for the open bar! That’s why it was difficult to wake up this morning…
  • Toorcon – xysec.com
    Directory listing for toorcon.
  • Hack in the Box – conference.hackinthebox.org
    Hack in the box conference 2012 materials.
  • Pumpcon 2012 Review – Blueray Hacking and BacNet – infosecalways.com
    My first time at Pumpcon and it was quiet educational and fun. Nothing like being with a small group of smart people drinking and talking about computers.
  • Advanced Persistent Pentesting – blog.pentestify.com
    This is a talk on pentesting given at Hacker Halted 2012 by Jonathan Cran and Jason Malley.


  • Ending the Love Affair with ExploitShield – blog.trailofbits.com
    ExploitShield has been marketed as offering protection “against all known and unknown 0-day day vulnerability exploits, protecting users where traditional anti-virus and security products fail.”
  • Hacking SVN, GIT and MERCURIAL – resources.infosecinstitute.com
    We all know that when programming with a small or large team, having a revision control in place is mandatory. We can choose from a number of revision control systems. The following ones are in widespread use worldwide.
  • x86 Assembly Language Applicable To Reverse Engineering: The Basics – Part 2 – resources.infosecinstitute.com
    We saw in the first article an introduction to the most common x86 assembly instructions seen when it comes to disassembling and analyzing programs. We talked about registers, the stack / pile, flags , conditional jumps and the instruction of comparison CMP.
  • Deep Inside a DNS Amplification DDoS Attack – blog.cloudflare.com
    A few weeks ago I wrote about DNS Amplification Attacks. These attacks are some of the largest, as measured by the number of Gigabits per second (Gbps), that we see directed toward our network.
  • Mobile Penetration Testing: There’s An App For That – mobileprivacy.org
    When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network from a remotely.
  • Q: A Collection of Metasploit Modules – resources.infosecinstitute.com
    I guess we all know what Metasploit is, so we don’t really need to present to the reader the basics of Metasploit. But it’s still useful if we present the type of modules the Metasploit has. Metasploit has the following types of modules.
  • iOS Security: Objective-C and nil Pointers – blog.ioactive.com
    iOS devices are everywhere now. It seems that pretty much every other person has one…an iPhone, iPad or iPod touch – and they’re rivaled in popularity only by Android devices.
  • IT Threat Evolution: Q3 2012 – securelist.com
    During Q3 2012, over 9,000 new malicious .dex files were added to our malware collection. This is 5,000 files fewer than last quarter but 3,500 more than in Q1 2012.
  • Crypto for Pentesters – securityhorror.blogspot.com
    Cryptography (or cryptology; from Greek κρυπτός, kryptos, “hidden, secret”; and γράφω, gráphō, “I write”, or -λογία, -logia, respectively) is the practice and study of hiding information.
  • Defeating Windows Driver Signature Enforcement #1: default drivers – j00ru.vexillium.org
    One of the obvious things about the Windows operating system for anyone actively working on its kernel security is that the Driver Signature Enforcement (DSE in short) is not effective and can be bypassed with relative ease by any determined individual.


  • WinRM
    • Weekly Metasploit Update: WinRM Part One, Exploiting Metasploit, and More! – community.rapid7.com
      For the last couple weeks, Metasploit core contributor David @TheLightCosine Maloney has been diving into Microsoft’s WinRM services with @mubix and @_sinn3r. Until these guys started talking about it, I’d never heard WinRM.
    • Exploiting Trusted Hosts in WinRM – netspi.com
      Windows Remote Management (WinRM) is a SOAP based protocol that can be used to remotely administer machines over the network. This is a handy tool for network admins that can also be used to automate tasks securely across multiple machines. However, it is fairly easy to misconfigure the service and/or abuse the service with legitimate account access.
  • Finding Admin Access – room362.com
    You’ve got shell, and a set of credentials but you’re coming up empty on what you can do with those credentials. This is especially problematic when you can’t get past UAC as you are either in a AlwaysNotify situation or not a local admin.
  • Windows Deployment Services Clear Text Domain Creds – rewtdance.blogspot.com
    Dave, Rel1k, Kennedy’s talk ‘Owning One To Rule Them All’ at Defcon 20 Las Vegas opened my eyes to using a client’s PXEBoot service, normally Windows Deployment Services, to infiltrate their network. The gist of the attack is simple, network boot a computer, retrieve the corporate image, and use that to gain information/credentials for the corporate domain.
  • New Security Assertions in “Windows 8″ – alex-ionescu.com
    Anyone reversing “Windows 8″ will now find a non-familiar piece of code, whenever a list insertion operation is performed on a LIST_ENTRY.


  • Jigsaw – github.com
    Jigsaw.rb is a simple ruby script for enumerating information about a company’s employees. It is useful for Social Engineering or Email Phishing Collaborative project between Royce Davis (R3dy) and humble-desser.
  • Burp Suite Free Edition v1.5 released – blog.portswigger.net
    Burp Suite Free Edition v1.5 is now available to download. This is a significant upgrade with a wealth of new features added since v1.4. The most notable of these are described below.
  • Introducing Responder-1.0 – blog.spiderlabs.com
    Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name Resolution) and Netbios Name Service (NBT-NS) queries.


Vendor/Software Patches

  • for loops! Bash One-liners to Validate Vulnerabilities on Multiple Hosts – blog.opensecurityresearch.com
    This is a quick blog post on one-liners. Recently I was working on manually validating vulnerabilities for a customer with a very large Internet presence.
  • CA ARCserve – CVE-2012-2971 – offensive-security.com
    On a recent penetration test, we encountered an installation of CA ARCserve Backup on one of the target systems that piqued our interest. Like most “good” enterprise applications, ARCserve has processes that are running as SYSTEM so naturally, we went straight to work looking for vulnerabilities.

Other News

Leave A Comment