Week 41 In Review – 2013

Resources

• Louisville Infosec 2013 Videos – www.irongeek.com
  Here are the videos from Louisville Infosec 2013 conference.
• BruCON talks – youtube.com
  BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Here are the videos from BruCON talks.
• Scanning Targets for PHP My Admin Scans – stateofsecurity.com
  Here are an updated list of the common locations where web scanning tools in the wild are checking for PHPMyAdmin. You should check to make sure your site does not have a real file in these locations or that if it exists, it is properly secured.
• Defcon 21 Materials – defcon.org
  Here are the links of DEFCON 21 Hacking Conference updated CD, DVD’s and Presentations etc.

Tools

• Nmap Cheat Sheet 1.0 – pen-testing.sans.org
  Over the last couple of days, the folks at Counter Hack and eskoudis have put together an Nmap cheat sheet covering some of the most useful options of everyone’s favorite general-purpose port scanner, Nmap. And, with its scripting engine, Nmap can do all kinds of wonderful things for security professionals.

Techniques

• Exploiting Integer Based SQL Injection In Nested SQL Queries – blog.gdssecurity.com
  In this post Sasha Zivojinovic will be talking you through exploiting what turned out to be an interesting SQL Injection variation – SQL injection involving nested queries and arithmetic evaluation.
• SNMP Process Sniper – Kill Windows Processes With SNMP Write Access – www.hackwhackandsmack.com
  On a recent test, DOUG came across SNMP write access on a Windows box and he really wanted to use it to lower the security posture of the server however at the time the only attacks that he could come up with were Denial of Service (change IP, name etc) or Pointless POC’s (writing a contact etc).
• Proxmark3 – Adding Ultralight Support – penturalabs.wordpress.com
  The Proxmark3 appeared to be missing Mifare Ultralight support. The ability to identify Ultralight cards was present within the ‘hf 14a reader‘ command. A simple ‘svn update‘ will update any current repository. Else use the following command to grab the repository.
• Veil AV Bypass on Kali – cyberarms.wordpress.com
  One of the common hurdles of security and penetration testers is bypassing anti-virus on target systems. Veil uses a Metasploit like interface to create a remote shell program that will bypass most Anti-Virus programs. In this article Cyber arms will discuss how to install and run Veil on Kali Linux.

Vendor/Software patches

• Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
  Adobe and Microsoft each issued software updates in this week to fix critical security issues in their products. Microsoft released eight patch bundles to address 26 different vulnerabilities in Windows and other software – including not just one but two zero-day bugs in Internet Explorer. Adobe’s patches fix a single critical vulnerability present in both Adobe Acrobat and Reader.
  • The October 2013 security updates -blogs.technet.com
  • Assessing risk for the October 2013 security updates -blogs.technet.com
  • MS13-080 addresses two vulnerabilities under limited, targeted attacks -blogs.technet.com
    Microsoft released MS13-080 which addresses nine CVEs in Internet Explorer. This bulletin fixes multiple security issues, including two critical vulnerabilities that have been actively exploited in limited targeted attacks, which they will discuss in details in this blog entry.
  • Security updates available for Adobe Reader and Acrobat -www.adobe.com
• Weekly Update: Refreshing the ROPDB – community.rapid7.com
  Remember last week when Metasploit shipped that unpatched MSIE exploit? Yeah, good times. Well, first off, it’s patched now.

Vulnerabilities

• Bitsquatting Explained
  Bitsquatting is a relatively new term derived from combining the phrases “bit flipping” and “cybersquatting,” and it’s a more common problem than you might expect. Cyveillance blog discussed this topic in three-part blog series. Below are the Part 1 and Part 2 of the series.
  • Bitsquatting Explained in 900 Words or Less: Part I –blog.cyveillance.com
  • Bitsquatting Explained in 900 Words or Less: Part II – blog.cyveillance.com

Other News

• Feds Arrest Alleged Top Silk Road Drug Seller – krebsonsecurity.com
  Federal authorities last week arrested a Washington state man accused of being one of the most active and sought-after drug dealers on the online black market known as the “Silk Road.” The BBC reported that four men had been arrested in the U.K. for alleged drug offenses on the Silk Road.
  • Four UK men arrested over Silk Road links -bbc.co.uk
• Phony order faxed to registrar leads to Metasploit defacement – threatpost.com
  A pro-Palestine hacker collective went old-school in its takedown of the Metasploit and Rapid7 websites today. Metasploit creator and HD Moore confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com.