Week 32 in Review – 2013

Event Related

• DefCon
  • #DEFCON Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys – blog.c22.cc
    Despite my fears of freezing on stage and beginning to drool like a moron, I think the presentation went well. Excluding of course the point where Powerpoint decided it would die in a fire rather than show my next slide.
  • Back in London from DefCon and ALL research materials are now available on GitHub – blog.diniscruz.com
    The DefCon presentation on REST Security and Exploitation went great 🙂 The slides and demos worked out ok, there was a good crowd, and there was lots of great iterations/reactions from the attendees
  • Slides for DefCon presentation on “RESTing On Your Laurels will Get YOu Pwned” – blog.diniscruz.com
    Here are the slides for the DefCon talk Me, Abe and Alvaro presented at DefCon 21.
  • Ethical questions for security experts – boingboing.net
    Alex Stamos’s Defcon 21 presentation The White Hat’s Dilemma is a compelling and fascinating look at the ethical issues associated with information security work in the era of mass surveillance, cyberwar, and high-tech extortion and crime.
  • De-Anonymizing Alt.Anonymous.Messages – ritter.vg
    For the past four years I’ve been working on a project to analyze Alt.Anonymous.Messages, and it was finally getting to a point where I thought I should show my work. I just finished presenting it at Defcon, and because a lot of the people I know are interested in this were not able to make it, I’m making the slides, and more importantly the speaker notes, available for download. This kind of kills the chance anyone will actually watch the video, but that’s all right.
  • Wall Of Sheep Hacker Group Exposes NFC’s Risks At Def Con 2013 – forbes.com
    On the final day of Def Con 2013, I had the unique opportunity to interview the hackers behind the Wall of Sheep hacker group. The objective of Wall of Sheep is to spread awareness to computer users around the world about implementing measures to protect their personal data by using simple security measures when they connect to networks.
• BlackHat USA 2013
  • BlackHat USA Arsenal 2013 : Sparty – A FrontPage and SharePoint Security Auditing Tool – zeroknock.blogspot.com
    Last week, I released the first version of Sparty tool at BlackHat USA Arsenal 2013. The tool helps the penetration testers to check standard security flaws in the deployment of FrontPage and SharePoint web software.
  • Blackhat Arsenal USA 2013 Wrap-Up Day 2 – toolswatch.org
    After the first day at Arsenal, the night was very long because of all those parties planned by various vendors to entertain folks.

Resources

• IOS Application Security Part 12 Dumping Keychain Data – resources.infosecinstitute.com
  According to Apple, a Keychain in an IOS device is a secure storage container that can be used to store sensitive infromation like usernames, passwords,network passwords, authentication tokens for different applications.
• Car Hacking: The Content – blog.ioactive.com
  We hope that these items will help others get involved in automotive security research. The paper is pretty refined but the tools are a snapshot of what we had.
• What is HACKME – hack.me
  Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes.

Tools

• Tools To Hack Android Phones Are Getting Easier To Use – forbes.com
  Security research firm Symantec SYMC +0.04% recently highlighted a remote access tool (or RAT) known as AndroRAT being exchanged in underground forums, which together with a new tool called a binder, allow attackers to scrape personal information from an Android phone.
• password analysis and cracking kit – thesprawl.org
  PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.
• Introducing Minion – blog.mozilla.org
  Minion is a platform developed by the Security Automation team at Mozilla to enable integration and adoption of automated security testing that has been under development for the past year.

Techniques

• Episode #169: Move Me Maybe – blog.commandlinekungfu.com
  Carlos IHaveNoLastName writes in asking for a way to move a directory to a new destination. That’s easy, but the directory should only be moved if the the directory (at any depth) does NOT contain a file with a specific extenstion.
• Why is notepad.exe connecting to the internet? – blog.strategiccyber.com
  To the observant network defender, notepad.exe connecting to the internet is a key indicator of compromise. In this blog post, I’d like to explain why attack frameworks inject code into notepad.exe and how you may avoid it in your attack process.
• Playing with the HackRF – Keyfobs – blog.kismetwireless.net
  To start with, I did some searching to find out what frequency they operate at. It turns out Kia runs at 315MHz, while Toyota and Subaru run at 433.847MHz (for many models, at least).
• Lab of a Penetration Tester: (Introducing) Powerpreter and Nishang 0.3.0 : Easy post exploitation using powershell – Part 1 – labofapenetrationtester.blogspot.com
  This post is all about what I was unable to discuss during my talk at Defcon 21 “Powerpreter: Post Exploitation like a boss”. In 45 minutes one can only highlight linmited things, so this and some more posts would try to fill the gaps left during the talk.
• Hacking Transcend WiFi SD Cards – haxit.blogspot.com
  This post is written with the intention of exposing not only the exploits which will allow you to root (or jailbreak) the device, but also the process of discovering and exploiting bugs, some of which are a dead end, while others lead to the holy root B-)

Vendor/Software Patches

• Here’s that FBI Firefox Exploit for You (CVE-2013-1690) – community.rapid7.com
  The vulnerability was originally discovered and reported by researcher “nils”. You can see his discussion about the bug on Twitter. A proof-of-concept can be found here.
• PsExec UAC Bypass – sans.org
  During a recent penetration test, we were trying to figure out how to bypass UAC on a fully patched Windows environment, given that we’d had a limited compromise of one system via phishing. I’d like to share the technique we came up with so you can apply it in your own work.

Vulnerabilities

• BREACH Compression Attack Steals HTTPS Response Secrets – threatpost.com
  A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security.
• SMS to Shell: Fuzzing USB Internet Modems – garage4hackers.com
  Offensively focused research is of high importance mainly because of the increase in no of targeted attacks. This blog focus on an innovative new attacks surface
  [USB Data Modems] that could possibly be a potential target to attacks in the future.
• Researcher Finds Hundreds Of Millions Of Vulnerable SIM Cards – forbes.com
  SIM cards are the tiny computers inside most mobile devices that allow them to communicate with the wireless provider. According to one security researcher, flaws in SIM card technology and implementation make hundreds of millions of mobile devices susceptible to being hacked.

Other News

• CxO Beware: Hacker-Snipers Aiming At You Right Now – forbes.com
  If you’re a CEO or other executive, hackers really are out to get you. You’re a juicy target. An attack could expose your company’s most sensitive secrets, without you suspecting a thing.