Event Related
- DOAG 2012: Best of Oracle Security 2012 – blog.red-database-security.com
Yesterday I gave a presentation ”Best of Oracle Security 2012” at the DOAG 2012 conference in Nürnberg.
Resources
- cfbackdoor – gironsec.com
This is a text file.
Tools
- Util
- Util – Windows Handles Viewer (Simple GUI with REPL) v1.0.exe – diniscruz.blogspot.com
Based on the Util – Windows Handles Viewer (Simple Gui) v1.0.exe tool, here is a bigger version (5Mbs) which contains a C# REPL Script editor (with the detected handle provided as a parameter). - Util – Windows Handles Viewer (Simple Gui) v1.0.exe – diniscruz.blogspot.com
Following my research into Win32 Messaging APIs that allowed me to put both IBM AppScan Source and Standard working side by side and to connect TeamMentor with AppScan Source, here is a pretty sweet Windows Handles Viewer which allows the easy discovery (and in some cases modification) of the Window’s Handle of a particular Win32’s Button, TextBox, Menu, Window, etc… - OllyDbg version 2.01h – ollydbg.de
OllyDbg the 32-bit assembler level analysing debugger for Microsoft Windows has been updated to version 2.01h. - Nishang 0.2.0 – More PowerShell awesomeness – labofapenetrationtester.blogspot.com
Behold world, I give you a new and shiny version of Nishang after a long gap 🙂 I have been using PowerShell more and more by each pen test so expect even more awesomeness.
Techniques
- Disassembling the Woolworths Facebook scam – troyhunt.com
Troy Hunt on observations, musings and conjecture about the world of software and technology - HTTPS via WinAPI – sensepost.com
Hijacking SSL sessions initiated by the browser is a trivial task. The challenge comes when trying to intercept SSL traffic in applications such as Dropbox or Easynote. These apps create additional measures to verify certificates and their integrity, hence not very friendly to perform with Burp.
- Dumping iClass Keys – blog.opensecurityresearch.com
iClass, arguably the second most widely deployed technology in proximity card access systems (the first being the ProxCard II), is a proprietary RFID communications standard and card type. It provides an enhanced level of security over the ProxCard as it encrypts the data stored on the card and leverages a challenge/response form of authentication between the card and the reader.
- Use PowerShell for Network Host and Port Discovery Sweeps – blogs.technet.com
Guest blogger, Niklas Goude, discusses using Windows PowerShell to perform ping sweeps and port scans on a connected network.
Vendor/Software Patches
- CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers – jakoblell.com
Belkin ships many wireless routers with an encrypted wireless network configured by default. The network name (ESSID) and the (seemingly random) password is printed on a label at the bottom of the device.
Other News
- Your Phone Has Been Hacked. Here’s What You Need to Know. – forbes.com
My friend Mike’s Android phone had been acting strangely for awhile. In the middle of the night, the phone would come alive. It would meander down various menu paths, send texts that were gibberish and start playing poker. Was it bug in the operating system? Or had Mike been hacked?
- Apple Finally Fixed the iMessage Bug That Let Stolen iPhones Receive Messages Not Meant for Them – gizmodo.com
iMessage, which can be a fickle bitch sometimes, had an annoying, downright scary flaw that remained unfixed for too long: if your iPhone got stolen, the stolen phone would keep receiving messages sent via iMessage even after a remote wipe out and deactivation. That meant the thief who stole your phone, could see your messages. Apparently, it’s been fixed. Thank God.
- Security researcher found guilty of conspiracy and identity fraud in ‘hackless’ AT&T iPad hack – theverge.com
The trial surrounding Goatse Security’s 2010 collection and disclosure of AT&T iPad users’ emails has come to a close — one that again calls into question the legitimacy of the 1986 Computer.
- Prince William photos accidentally reveal RAF password – nakedsecurity.sophos.com
Prince William gets photographed doing his day job – unfortunately, someone didn’t spot the password pinned to the wall behind him.
Leave A Comment