Week 4 in Review – 2013

Event Related

• University Courses on Reverse Engineering and Malware Analysis – f-secure.com
  Today marks the commencement of the first lecture for our spring 2013 semester Reverse Engineering Malware course for the Aalto University (Espoo campus) in Finland.

Resources

• Security Assessment of Blackberry Applications – resources.infosecinstitute.com
  Development of mobile applications have picked up really fast in the last couple of years. Much has been written about the security assessment of iOS & Android applications, however much information is not available for the security assessment of blackberry applications.
• Swann Song – DVR Insecurity – blogspot.com
  “Swan song” is a metaphorical phrase for a final gesture, effort, or performance given just before death or retirement. This post serves as the “swan song” for a whole slew of DVR security systems.
• Advanced Round-trip Engineering – resources.infosecinstitute.com
  This article is only a part of a whole, and it aims to go deeper into IL assembly language exploited in reversing non-obfuscated (until now) dot NET assemblies and modules. (Managed dot NET applications are called assemblies and managed dot NET executables are called modules; a managed dot NET application can be a single module assembly or a multi-module assembly)
• Wireless “Deauth” Attack using Aireplay-ng, Python, and Scapy – raidersec.blogspot.com
  A couple of days ago I received my order of a nifty Alfa AWUS036H and decided it’d be a perfect time to explore a few common wireless attacks. This post will explore how to perform a common “Deauthentication Attack” both the “easy” way using a fantastic tool called aireplay-ng, as well as writing our own tool in Python to perform the attack for us using the extremely powerful Scapy module.

Tools

• ronin-sql 1.0.0 released – ronin-ruby.github.com
  After six years of development and neglect, ronin-sql has been refactored and version 1.0.0 has finally been released! ronin-sql is a library for encoding/decoding SQL data. It also includes a Ruby Domain Specific Language (DSL) for crafting complex SQL Injections (SQLi).
• The Recon-ng Framework – Official Release – pauldotcom.com
  Recon-ng is a true framework whose interface is modeled after the very popular and powerful Metasploit Framework. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
• Owning Windows Networks with Responder 1.7 – blog.spiderlabs.com
  Responder has several rogue authentication servers listening on several UDP and TCP ports. If you want more information on LLMNR &NBT-NS poisoning
• The Social-Engineer Toolkit 4.4 and Artillery 0.6.6 released – trustedsec.com
  The Social-Engineer Toolkit (SET) version 4.4 Codename: “The Goat” has been released. This version is a large leap forward on the java applet side of the house with a newly designed payload delivery system as well as the new multi-pyinjector supporting a dynamic cipher key exchange for AES 256 encryption.

Techniques

• Automating Screenshots with PowerShell – obscuresecurity.blogspot.com
  There are applications that can take screenshots for you at regular intervals and in the past I used an AutoIt macro to printscreen and save.
• Command Execution on Shoretel Mobility Router – blakhal0.blogspot.com
  One of the reasons that this device peaked my interest is the way that it’s designed to run, it’s intended to sit with one interface on the DMZ and another interface on the internal network.
• Attacking the Windows 7/8 Address Space Randomization – kingcope.wordpress.com
  The following text is what looks like an attempt to circumvent windows 7 and windows 8 memory protections in order to execute arbritrary assembly code.
• Windows 7, Administrative Shares and Metasploit PSExec Working in Harmony – Rebootuser – rebootuser.com
  How to remotely enable administrative shares on Windows 7/2008 and make successful remote connections via the Metasploit PSExec module.
• Scorched Earth – How to REALLY Disable Certificate Verification on iOS – intrepidusgroup.com
  Some days, you are just going about your life, happily reversing and tearing apart software, which developers spent hundreds of hours to build, when certificate pinning happens.

Vendor/Software Patches

• New Java Modules in Metasploit… No 0 days this time – community.rapid7.com
  Last year Security Explorations published some awesome research, exploring the security state of the Java SE from Oracle, and disclosing different vulnerabilities and exploit vectors in this software. In fact, some of the last Java exploits found in the wild have been using techniques from the mentioned research.

Vulnerabilities

• [Full-disclosure] SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products – archives.neohapsis.com
  Several undocumented operating system user accounts exist on the appliance. They can be used to gain access to the appliance via the terminal but also via SSH.
• PSA: Dont upload your important passwords to GitHub – arstechnica.com
  It’s akin to warning someone not to brush her teeth with a brick or to dry her hair with a blow torch, but based on numerous links circulating on Twitter Thursday morning, it bears saying: don’t post sensitive account credentials to GitHub, or any other code repository.

Other News

• ‘Cyber 9/11 imminent’ warns DHS chief; suggests CISPA-like laws – zdnet.com
  Homeland Security Secretary Janet Napolitano suggested Congress should pass legislation similar to CISPA, in order to avoid a calamitous end to American civilization.
• DHS Secretary Warns of Potential Cyber Attacks – threatpost.com
  DHS secretary Janet Napolitano says that there is an urgent need for better cybersecurity legislation to avoid a cyber 9/11.