Week 3 in Review – 2013

Event Related

• Offensive Defense – blog.ioactive.com
  I presented before the holiday break at Seattle B-Sides on a topic I called “Offensive Defense.” This blog will summarize the talk. I feel it’s relevant to share due to the recent discussions on desktop antivirus software (AV)
  [1], [2],[4], [3]

Resources

• Red October
  • The “Red October” Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies – securelist.com/blog
    A few weeks ago, I had the opportunity to test various printer models in order to better understand how they function. The tests revealed some interesting bugs worth sharing.
  • “Red October” – part two, the modules – Securelist – securelist.com
    Today we are publishing part two of our research, which comprises over 140 pages of technical analysis of the modules used in the operation.
• Federal Continuous Monitoring Requirements – mandiant.com/blog
  I recently read a Gartner report, Dealing With Federal Continuous Monitoring Security Requirements, that addresses concerns with the August 2009 Revision 3 update to NIST 800-53.
• Intro to WhiteChapel – room362.com
  I made a slide deck to kind of explain my latest project. Basically I got fed up with having dictionaries, passwords, and cracking tools but no way to really do better collaboration in a team format as well as just better management for myself.

Tools

• 
  pyreshark -A Wireshark plugin providing a simple interface for writing dissectors in Python. – Google Project Hosting – google.com
  Pyreshark is a plugin for Wireshark with the purpose of allowing other plugins to be written with Python, Ease, Efficiency
• SSLyze v0.6 released – nabla-c0d3.blogspot.com
  A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it.

Techniques

• BeEF Live – The quick and easy way to get your BeEF – blog.beefproject.com
  By far the most common queries or issues our users encounter is how to get BeEF dependencies running with a minimum of hassle on their systems. While our installation guide includes instructions for most *Nix distributions, we also put together a LiveCD which includes a working install or BeEF, Metasploit and sqlmap.
• Exploiting printers via Jetdirect vulnerabilities – viaforensics.com
  A few weeks ago, I had the opportunity to test various printer models in order to better understand how they function. The tests revealed some interesting bugs worth sharing.
• Pwning Through HTTP Headers Manipulation Scenarios – Part1 – pentesterlab.ir/blog
  Edition and manipulation of HTTP headers values in a penetration test help us for get access quickly and implemented in a different platform, so in this article we talking about some scenarios that formed in header based attacks.
• Hacking like it’s 1985: Rooting the Cisco Prime LAN Management Solution -community.rapid7.com
  On January 9th Cisco released advisory cisco-sa-20130109 to address a vulnerability in the “rsh” service running on their Cisco Prime LAN Management Solution virtual appliance. The bug is as bad as it gets – anyone who can access the rsh service can execute commands as the root user account without authentication.
• Heap Layout Visualization with mona.py and WinDBG – corelan.be
  Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG. A lot of work has been done on mona.py in the meantime.

Vendor/Software Patches

• Confirmed: Java only fixed one of the two bugs. – immunityproducts.blogspot.com
  One of things we tend to do when preparing our Java exploitation training as part of the INFILTRATE master class, is to analyze the past and the present in order to not only teach the specifics of exploitation but to build in our students their offensive “intuition”.
• Hard coded encryption keys and more WordPress fun – pentestgeek.com
  The vulnerability was recently fixed before the new year (12/27/12), via an auto-update in the Razer Synapse software but we figure there are probably at least a few configuration files still sitting out there.
• Security update: Hotfix available for ColdFusion – adobe.com
  Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
• Update to the Metasploit Updates and msfupdate – community.rapid7.com
  In order to use the binary installer’s msfupdate, you need to first register your Metasploit installation. In nearly all cases, this means visiting https://localhost:3790 and filling out the form.
• MySQL File System Enumeration – UPDATED – pauldotcom.com
  The scenario goes like this. I found a Windows 7 machine running a MySQL database configured with a username of “root” and a password of “root”.

Other News

• The FBI Needs Hackers, Not Backdoors – wired.com
  Just imagine if all the applications and services you saw or heard about at CES last week had to be designed to be “wiretap ready” before they could be offered on the market. Before regular people like you or me could use them.
• Request for Comments: Identifying a minimal competency standard for Information Security and Assurance students – reddit.com
  I’m currently writing an academic article trying to identify a minimum set of knowledge required for Information Security and Assurance students to be employable in a corporate environment.