Week 22 in Review – 2013

Event Related

• CONFidence 2013 and the x86 quirks – gynvael.coldwind.pl
  Another week, another conference. Just a few days ago, Gynvael and I had the pleasure to attend and present at the CONFidence 2013 infosec conference traditionally held in Cracow, Poland.
• [Announcement] Blackhat Arsenal USA 2013 Selected Tools – toolswatch.org
  I’m pleased to announce the selected tools for the next coming session of Arsenal that will take place in Las Vegas Nevada in July 31-August 1, 2013 | 10:00-18:00

Resources

• Six Reasons Why Attackers Successfully Exploit the Security Gap – mandiant.com
  Earlier this month, our CEO, Kevin Mandia testified before the Senate Judiciary Subcommittee on Crime and Terrorism on cyber threats and the release of our APT 1 report.

Tools

• The Social-Engineer Toolkit (SET)
  • The Social-Engineer Toolkit v5.1 Released – trustedsec.com
    The Social-Engineer Toolkit (SET) version 5.1 codename “Name of the Doctor” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit.
  • The Social-Engineer Toolkit (SET) v5.1 Name of the Doctor Released | ToolsWatch.org – The Hackers Arsenal Tools | Repository for vFeed and DPE Projects – toolswatch.org [likely need proper link discovery] The Social-Engineer Toolkit (SET) version 5.1 codename “Name of the Doctor has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit.
• AirCrack-NG Updated after 3-Year Hiatus – novainfosec.com
  Seems older tools are getting updates recently. A few weeks ago it was Cain & Abel after two years … and now we have the popular Aircrack-ng suite with their 1.2 beta 1 release after three years.
• savon-noir/python-libnmap – github.com
  libnmap is a python library to run nmap scans, parse and diff scan results. It’s wonderful.
• John the Ripper 1.8.0 – openwall.com
  I’ve just released John the Ripper 1.8.0, available from the usual place.
• WCE v1.4beta released – hexale.blogspot.com
  WCE v1.4beta released. Includes several bug fixes and support for Windows 8.
• PenQ Security Testing Browser Bundle – qburst.com
  PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox.

Techniques

• Anatomy of a hack: How crackers ransack passwords like qeadzcwrsfxv1331 – arstechnica.com
  In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes.
• Poshing the hashes part 2 – Dump Windows password hashes with PowerShell – labofapenetrationtester.blogspot.com
  There is a powershell script available in metasploit framework called powerdump which could be used to dump hashes from a Windows machine using powershell. It is written by David Kennedy. Lets see it in action.
• Veil – A Payload Generator to Bypass Antivirus – christophertruncer.com
  Researching methods to bypass antivirus solutions has been an interest of mine on and off for the past 6 months. About two months ago I started to take a more serious look in how I could take my recent research and turn it into something that more usable and useful.

Vendor/Software Patches

• Security and Networking – Blog – DNSRecon 0.8.6 isOut! – darkoperator.com
  Just updated DNSRecon to check if it can pull the Bind Version by doing a query for the TXT Record version.bind and it will now check if the RA Flag is set in responses from each of the NS servers it detects. If the server has recursion enabled it could be used for DDoS attacks and for performing Cache Snooping.

Vulnerabilities

• Under The Hood: Linksys Remote Command Injection Vulnerabilities – SpiderLabs Anterior – blog.spiderlabs.com
  Several models in the Linksys E-Series WiFi routers running their respective current firmwares are prone to remote OS command injection vulnerabilities. In this article, we’ll take a look at two of these vulnerabilities that exist due to improper validation of system command parameters passed via the stock Linksys web administration interface.

Other News

• Drupal.org resets login credentials after hack exposes password data – arstechnica.com
  Passwords for almost one million accounts on the Drupal.org website are being reset after hackers gained unauthorized access to sensitive user data.