Week 43 In Review – 2013

Events Related

• Hack.lu 2013 Wrap-Up
  Xavier wrapped-up the event of Hack.Lu 2013-Luxembourg 9th edition. As usual, the event started with a bunch of interesting workshops, talks. These talks went really deep and finally, Shift closed the schedule with “Interactive Deobfuscation“; A very very technical session.
  • Hack.lu 2013 Wrap-Up Day #1 – blog.rootshell.be
  • Hack.lu 2013 Wrap-Up Day #2 – blog.rootshell.be
  • Hack.lu 2013 Wrap-Up Day #3 – blog.rootshell.be

Resources

• GrrCON 2013 – youtube.com
  Here are the presentation videos shown by speakers at the GrrCON 2013 Information Security & hacker conference in DeVos Place.
• Routerpwn.com – routerpwn.com
  Routerpwn.com is a web application that helps you in the exploitation of vulnerabilities in residential routers. It is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all “smart phones” and mobile internet devices.
  • Comments are going on about this – www.reddit.com
• The Appsec Program Maturity Curve 1 of 4 – veracode.com
  Veracode found in a recent study that 70% of CIOs already understand the need for application security. However, the majority of them still will not move to increase their investment in securing the software that runs their business without a triggering event, such as a data breach.

Tools

• Nccgroup / WindowsDACLEnumProject – github.com
  A collection of tools to enumerate and analyse Windows DACLs. Released as open source by NCC Group Plc.
• Volatility 2.3 Released! (Official Mac OS X and Android Support) – volatility-labs.blogspot.com
  The Volatility Foundation is thrilled to announce the official release of Volatility 2.3! While the main goal of this release was Mac OS X (x86, x64) and Android Arm support, also includeded a number of other exciting new capabilities!
• Update: Suspender V0.0.0.4 – blog.didierstevens.com
  Suspender is a DLL that suspends all threads of a process. This new version adds an option to suspend a process when it exits.
• Smbexec 2.0 released – pentestgeek.com
  Pentest Geek released smbexec version 2.0 a few days ago and it comes with some rather large differences from previous versions. For one thing it was completely rewritten in Ruby, for another it now supports multi-threading.

Techniques

• Automated Social Engineering Recon Using Rapportive – jordan-wright.github.io
  When performing a social engineering engagement, recon is key. In a previous post, Jordan wright demonstrated a few ways in which we could automate the recon process. However, the methods he showed were simply ways to find the profiles of people that might belong to a particular organization.
• Better support for importing Burp Suite Log and Export files in IronWASP v0.9.7.2 – blog.ironwasp.org
  IronWASP has always had support to import Burp Suite log files, But with the new version import the Burp Suite export files as well. You can export Burp Suite logs to an XML file using the options shown in the images here.
• Netgear Root Compromise via Command Injection – shadow-file.blogspot.com
  Previously, Zach Cutlip talked about the net-cgi executable in the wndr3700’s firmware. net-cgi is a multi-call binary, a little like busybox. As such it has a lot of functionality baked in. One of its more interesting functions is called cmd_ping6(). Here’s what it looks like.
• New “Restricted Admin” feature of RDP 8.1 allows pass-the-hash – labs.portcullis.co.uk
  This post describes the new “Restricted Admin” feature, the security benefits it brings and a potential downside of the feature: Pass-the-Hash attacks. Portcullis labs will briefly recap what Pass-the-Hash attack are and demonstrate such an attack against a Windows 2012 R2 server.

Vulnerabilities

• Apple’s iCloud cracked: Lack of two-factor authentication allows remote data download – www.zdnet.com
  Notorious Russian hacker Vladimir Katalov released findings showing Apple’s iCloud vulnerable to unauthorized download access, with iCloud data stored on Microsoft and Amazon servers. ZDNet has contacted Apple for comment and will update this article if Apple responds.
• Mozilla Lightbeam Add-On Shows Risk of Third Party Sites – taosecurity.blogspot.com
  The slide inside shows an experiment that Richard Bejtlich just conducted using the Lightbeam addon with NoScript. He recommend installing Lightbeam with NoScript to try for yourself.

Other News

• I challenged hackers to investigate me and what they found out is chilling – pandodaily.com
  It’s Adam L. Penenberg’s first class of the semester at New York University. He was discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, his computer freezes. What he learned is that virtually all of us are vulnerable to electronic eavesdropping and are easy hack targets.