Week 39 In Review – 2013

Events Related

• BruCON 0×05 Wrap Up -blog.rootshell.be
  Here is Xavier’s quick wrap-up of  BruCON 0×05. Actually it’s not a wrap-up about the talks. He gives some statistics about the visitors.

Resources

• One Weird Trick for Finding More Crashes – www.cert.org
  CERT Vulnerability Analysis Team announced the release of updates to both of their fuzzing tools, the CERT Basic Fuzzing Framework (BFF) version 2.7 and the CERT Failure Observation Engine (FOE) version 2.1. In this blog entry they described some of the major changes with these tools.
• Ruxcon Mc’Gavin – youtube.com
  All Ruxcon 2012 videos have been posted here.
• H1 2013 Threat Report – f-secure.com
  F-secure’s H1 2013 Threat Report is now online and a pdf download link is available.
• SSL/TLS Deployment Best Practices – ssllabs.com
  SSL/TLS is a deceptively simple technology. It is easy to deploy but it turns out that it is not easy to deploy correctly. To ensure that SSL provides the necessary security, users must put more effort into properly configuring their servers.This document is a first step toward addressing that problem.
• Characters, Symbols and the Unicode Miracle – Computerphile – youtube.com
  Representing symbols, characters and letters that are used worldwide is no mean feat, but unicode managed it – how? Tom Scott explains how the web has settled on a standard.
  • interesting conversation around it – reddit.com
• DerbyCon Keynote Presentation – Kinetic Pwnage – pen-testing.sans.org
  This morning, Ed Skoudis had the honor of presenting at DerbyCon. His talk focused on the ability to cause physical impact through hacking computers and networks. Download the DerbyCon keynote slides from here.
• Welcome to Project Sonar! – community.rapid7.com
  Project Sonar is a community effort to improve security through the active analysis of public networks. This includes running scans across public internet-facing systems, organizing the results, and sharing the data with the information security community.

Tools

• Kvasir: Penetration Test Data Management – github.com
  Kurt Grutzmacher created a new open source tool called Kvasir. Download it from here.
  • Kvasir: Penetration Data Management for Metasploit and Nexpose – community.rapid7.com
    As a penetration tester with Cisco’s Advanced Services, kgrutzma created a new open source tool called Kvasir that integrates with Metasploit Pro, Nexpose, and a bunch of other tools he used regularly to aggregate and manage the data he needed. In this blog post, kgrutzma would like to give you a quick intro what Kvasir does – and to invite you to use it with Metasploit Pro.
  • Introducing Kvasir – blogs.cisco.com
• Nccgroup/scenester – github.com
  Scenester is a simple Java application to discover different web application front ends based on web browser user-agents. Download the tool from here.
  • Scenester a Small Tool for Cross-Platform Web Application – nccgroup.com
    What is Scenester? What can Scenester do? Take a screenshot from nccgroup’s blog post.

Techniques

• Cracking WatchGuard passwords – funoverip.net
  WatchGuard firewall appliances use the (good old) NTLM algorithm to protect the Firebox-DB passwords. Foip did a Good job reversing the hashing algorithm.
• Change the Theme, Get a Shell: Remote Code Execution with MS13-071 – community.rapid7.com
  Recently Security street team have added an exploit for MS13-071 to Metasploit. Rated as “Important” by Microsoft, this remote code execution, found by Eduardo Prado, for Windows XP and Windows 2003 environments is achieved by handling specially crafted themes. In this blog post they would like to discuss the vulnerability and give some helpful tips for exploiting it from Metasploit.
• Blind SQLi -> SQLi -> Command Execution -> Meterpreter – Based On A True Story – breenmachine.blogspot.com
  In a recent test, Stephen Breen took the extra time to take it all the way to a Meterpreter shell manually and would like to document that process here. It involved one new trick he hadn’t seen before, so here we go.

Vulnerabilities

• Data Broker Giants Hacked by ID Theft Service – krebsonsecurity.com
  An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.
• Chaos Computer Club breaks Apple TouchID – www.ccc.de
  The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple’s TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
  • iPhone Fingerprint Scanner Hacked; Should You Care? – forbes.com
    A group called the Chaos Computer Club has posted a video in which they demonstrate what appears to be the ability to fool the fingerprint sensor in Apple’s new iPhone 5S. While the method is a bet convoluted, the fact is that it doesn’t involve any special technology.

Other News

• UK to create new cyber defence force – www.bbc.co.uk
  The UK is to create a new cyber unit to help defend national security, the defence secretary has announced.
• Barclays Bank Branch Bugged In £1.3m Breach – techweekeurope.co.uk
  Crooks managed to tap into a Barclays Bank machine to make off with £1.3 million, using a remarkably crude yet highly effective method. Barclays said no customers had suffered financial loss as a result of the hack.