Week 7 in Review – 2013

Event Related


  • Cybersecurity Executive Order
  • Defending our work – Part 2. The Exploit Lab Rip-off continues. – blog.exploitlab.net

    It has been a difficult week for us. First, the news of Exploit Laboratory’s class material being ripped off and used in a paid webinar.

  • automatic password rule analysis and generation – thesprawl.org

    The purpose of this research is to help advance the field of password cracking by developing password rule analysis techniques and deliver tools to help enhance rule-based password cracking attacks.

  • 2013 Threat Report: More than Scary Stats and Chilling Charts
    – community.websense.com

    The 2013 Threat Report from the Websense® Security Labs (WSL) is now available. The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read.

  • FROST: Forensic Recovery Of Scrambled Telephones – informatik.uni-erlangen.de

    At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks.

  • Symantec Intelligence Report: January 2013 – symantec.com

    In this month’s report, we find that the email malware rate has dropped significantly since December, where only one in 400 emails containing a virus in January. This is the lowest virus rate we’ve seen since 2009.

  • Owning Windows Networks With Responder Part 2 – blog.spiderlabs.com

    One of the great things about working within SpiderLabs is that we prefer to use our own tools whenever possible. The biggest advantage to using your own toolset is lot more control over what’s happening during the testing process; helping to avoid any nasty side effects.

  • Ruby on Rails Cheatsheet – owasp.org

    This article intends to provide quick basic Ruby on Rails security tips for developers. The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, those unfamiliar with the inner-workings of Rails, likely need a basic set of guidelines to secure fundamental aspects of their application. The intended purpose of this doc is to be that guide.


  • theHarvester v2.2a Released – code.google.com

    theHarvester is a tool for gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

  • About PunkSPIDER – hyperiongray.com

    PunkSPIDER is a global web application vulnerability search engine powered by PunkSCAN. What that means is that we have built a scanner and architecture that can handle a massive number of web application vulnerability scans, set it loose on the Internet, and made the results available to you.

  • SI6 Networks’ IPv6 Toolkit – si6networks.com

    The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets.

  • thomhastings/mimikatz-en – github.com

    This is an English language localisation of mimikatz. Mimikatz uses admin rights on Windows to display passwords of currently logged in users in plaintext. Mimikatz was written by Benjamin “gentilkiwi” Delpy.

  • Artillery version 0.7 Released – trustedsec.com

    The blue team and defensive tool Artillery 0.7 released. This version adds full compatibility for local and remote syslog handlering for POSIX based systems.


  • Pentest Geek Scheduled tasks with S4U and on demand persistence – pentestgeek.com

    I came across an interesting article by scriptjunkie (which you should really read) about running code on a machine at any time using service-for-user. By changing one line in the export XML of a scheduled task you effectively get a scheduled task that can run whether or not a user is logged in, whether or not the system reboots, whether or not you have the user’s password, run as a limited user, and doesn’t require bypassing UAC!

  • Poking Around in Android Memory – sensepost.com

    The technique that has given me most joy is memory analysis. Each application on android is run in the Dalvik VM and is allocated it’s own heap space. Android being android, free and open, numerous ways of dumping the contents of the application heap exist. There’s even a method for it in the android.os.

  • MySQL madness and Rails – phenoelit.org

    A pretty common technique for password resets in web applications is to send out a token via email to the user. This token lets the user reset the password right away.

  • Atmel SAM7XC Crypto Co-Processor key recovery – adamsblog.aperturelabs.com

    The problem with crypto is that it is processor intensive (i.e. slow), so it’s common, these days, to offload these functions to a dedicated hardware co-processor which will leave the main processor free to do whatever it is that it’s supposed to be doing and not faffing about with crypto.

  • Unpacking, Reversing, Patching – resources.infosecinstitute.com

    This article is an introduction of packing, how to unpack, to reverse an exe and finally patching it. I have chosen to show reversing of a sample exe file and how to patch it.

  • Command Execution on Shoretel Mobility Router:II – blakhal0.blogspot.com

    I managed to get shell, capture, and reveal the root password, which I will be sharing with you here since I’m 99.999% sure it’s the same on all the Shoretel Mobility Routers, but lets start where we left off.

  • Using a Custom VDB Debugger for Exploit Analysis – mandiant.com

    Analyzing an exploit and understanding exactly how the exploit lands can take a long time due to inadequate analysis tools. One way to speed up understanding how an exploit behaves is to use Vtrace and VDB. In this post I explain how to create a custom VDB debugger in order to detect, analyze, and prevent execution of an exploit payload.

Vendor/Software Patches

  • Microsoft Security Updates
    • Assessing risk for the February 2013 security updates – blogs.technet.com
      Today we released twelve security bulletins addressing 57 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
    • MS13-018: Hard to let go – blogs.technet.com

      MS13-018 addresses a potential denial-of-service condition in the Windows TCP/IP stack. This vulnerability could be leveraged by an attacker in certain circumstances to exhaust a server’s non paged pool, preventing it from making new TCP connections.

  • Fat Patch Tuesday – krebsonsecurity.com

    Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework.


Other News

Leave A Comment