Week 52 in Review – 2012

Event Related

• Bootcamp – pentesterlab.com/bootcamp
  Bootcamp provides a learning path to get into security and especially web penetration testing.

Resources

• Automated Open Source Intelligence (OSINT) Using APIs – raidersec.blogspot.com
  The first step to performing any successful security engagement is reconnaissance. How much information one is able to enumerate about given personnel (for social engineering engagements) or systems can often impact the effectiveness of the engagement.

Tools

• THC-IPV6 – attacking the IPV6 protocol suite – thc.org
  A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.
• Topera – code.google.com
  Topera is a brand new TCP port scanner under IPv6, with the particularity that these scans are not detected by Snort.

Techniques

• Hacking the Wiegand Serial Protocol – blog.opensecurityresearch.com
  “Wiegand” is used to describe a number of different things used within access control systems such as the format in which data is stored on a card, the protocol which is used to transmit the data, and different types of access cards that leverage it.
• Scraping LinkedIn Public Profiles for Fun and Profit – blog.ikotler.orgReconnaissance and Information Gathering is a part of almost every penetration testing engagement. Often, the tester will only perform network reconnaissance in an attempt to disclose and learn the company’s network infrastructure (i.e. IP addresses, domain names, and etc), but there are other types of reconnaissance to conduct, and no, I’m not talking about dumpster diving.
• Exploiting and mitigating Java exploits in Internet Explorer – greyhathacker.net
  This year we’ve seen a number of 0 day Java exploits surfacing and various mitigating steps mentioned in various sites that could be taken to prevent us from being compromised.

Vendor/Software Patches

• Internet Explorer
  • Microsoft Release Security Advisory for CFE Internet Explorer 0day – eromang.zataz.com
    Microsoft release a security advisory MSA-2794220 for the Internet Explorer 0day (CVE-2012-4792) used against Council on Foreign Relations (CFR.org).
  • New vulnerability affecting Internet Explorer 8 users – blogs.technet.com
    Today, the MSRC released Security Advisory 2794220 alerting customers to limited, targeted attacks affecting customers using Internet Explorer 6, 7, and 8. Internet Explorer 9 and Internet Explorer 10 users are safe.
  • Critical zero-day hole in Internet Explorer – Update – h-online.com
    While analysing a compromised web page, security experts from FireEye discovered malware that exploits a previously unknown security hole in Internet Explorer.
  • Attack and IE 0day Informations Used Against Council on Foreign Relations – eromang.zataz.com
    Details on the attack and the potential Internet Explorer 0day used in a targeted attack against Council on Foreign Relations (cfr.org).
• Microsoft Security Bulletin MS12-078 – Critical – technet.microsoft.com
  This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker’s website.

Vulnerabilities

• WordPress
  • WordPress Remote Exploit – W3 Total Cache – seclists.org
    The most complete WordPress performance framework. Recommended by web hosts like: MediaTemple, Host Gator, Page.ly and WP Engine and countless more.
  • WordPress W3 Total Cache Misconfiguration Leaves Some Blogs Vulnerable – threatpost.com
    An apparent misconfiguration exists in W3 Total Cache (W3TC), a popular plugin for the WordPress blogging platform, that could allow an attacker to browse and download password hashes and other database information. W3 Total Cache (W3TC) is a framework for WordPress that helps speed up blogs by caching content.
• Nvidia
  • Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines – threatpost.com
    A low-risk zero-day vulnerability has been discovered in Nvidia Display Driver Service that could escalate an attacker’s privileges with local or remote access to Windows domain machines.
  • NVidia Display Driver Service (Nsvr) Exploit – Christmas 2012 – packetstorm.wowhacker.com
    Here is an exploit for an interesting stack buffer overflow in the NVidia Display Driver Service.
• EE-K! DMing your password is NEVER a good idea – troyhunt.com
  EE is over in the UK and they’re “the new network for your digital life” who brings you “4G and Fibre Broadband”. A quick look at All My Tweets and it seems that requesting passwords through Twitter is a standard operating procedure. So what’s wrong with all this? Let’s count the ways.