Week 4 in Review – 2013

Event Related

Resources

  • Security Assessment of Blackberry Applications – resources.infosecinstitute.com
    Development of mobile applications have picked up really fast in the last couple of years. Much has been written about the security assessment of iOS & Android applications, however much information is not available for the security assessment of blackberry applications.
  • Swann Song – DVR Insecurity – blogspot.com
    “Swan song” is a metaphorical phrase for a final gesture, effort, or performance given just before death or retirement. This post serves as the “swan song” for a whole slew of DVR security systems.
  • Advanced Round-trip Engineering – resources.infosecinstitute.com
    This article is only a part of a whole, and it aims to go deeper into IL assembly language exploited in reversing non-obfuscated (until now) dot NET assemblies and modules. (Managed dot NET applications are called assemblies and managed dot NET executables are called modules; a managed dot NET application can be a single module assembly or a multi-module assembly)
  • Wireless “Deauth” Attack using Aireplay-ng, Python, and Scapy – raidersec.blogspot.com
    A couple of days ago I received my order of a nifty Alfa AWUS036H and decided it’d be a perfect time to explore a few common wireless attacks. This post will explore how to perform a common “Deauthentication Attack” both the “easy” way using a fantastic tool called aireplay-ng, as well as writing our own tool in Python to perform the attack for us using the extremely powerful Scapy module.

Tools

  • ronin-sql 1.0.0 released – ronin-ruby.github.com
    After six years of development and neglect, ronin-sql has been refactored and version 1.0.0 has finally been released! ronin-sql is a library for encoding/decoding SQL data. It also includes a Ruby Domain Specific Language (DSL) for crafting complex SQL Injections (SQLi).
  • The Recon-ng Framework – Official Release – pauldotcom.com
    Recon-ng is a true framework whose interface is modeled after the very popular and powerful Metasploit Framework. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
  • Owning Windows Networks with Responder 1.7 – blog.spiderlabs.com
    Responder has several rogue authentication servers listening on several UDP and TCP ports. If you want more information on LLMNR &NBT-NS poisoning
  • The Social-Engineer Toolkit 4.4 and Artillery 0.6.6 released – trustedsec.com
    The Social-Engineer Toolkit (SET) version 4.4 Codename: “The Goat” has been released. This version is a large leap forward on the java applet side of the house with a newly designed payload delivery system as well as the new multi-pyinjector supporting a dynamic cipher key exchange for AES 256 encryption.

Techniques

Vendor/Software Patches

  • New Java Modules in Metasploit… No 0 days this time – community.rapid7.com
    Last year Security Explorations published some awesome research, exploring the security state of the Java SE from Oracle, and disclosing different vulnerabilities and exploit vectors in this software. In fact, some of the last Java exploits found in the wild have been using techniques from the mentioned research.

Vulnerabilities

Other News

2017-03-12T17:39:42-07:00 January 28th, 2013|Security Tools, Security Vulnerabilities, Week in Review|0 Comments

Share This Story, Choose Your Platform!

Leave A Comment