Week 52 In Review – 2013

Resources

• Adobe CQ Pentesting Guide – Part 1 – resources.infosecinstitute.com
  This post deals with the step-by-step security testing guidelines for Adobe CQ installation. Adobe CQ is Adobe’s new Web Experience Management software portfolio which provides easy-to-use web apps for creating, managing and delivering online experiences to its users.
• SkyDogCon 2013 Videos – www.irongeek.com
  Here are the videos from SkyDogCon 2013 (The south’s premier hacker/maker conference).
• Creating a iOS7 Application Pentesting Environment – carnal0wnage.attackresearch.com
  This is just the basics. Once you get all of these utilities and tools installed you’re pretty much waiting on substrate to be working for iOS 7.

Tools

• Creepy v1.0 – Codename “diskbråck” – github.com
  Long-awaited and long-overdue creepy v1.0 is finally here. Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
• Kacak v0.1 released – github.com
  Kacak is a tool that can enumerate users specified in the configuration file for windows based networks. It uses metasploit smb_enumusers_domain module in order to achieve this via msfrpcd service.
• shodan-python – github.com
  The official Shodan-Python API Documentation code is hosted on GitHub.

Techniques

• geohot presents an evasi0n7 writeup – geohot.com
  This writeup takes place from the perspective of evasi0n7 by geohot(@tomcr00se). Note that this writeup doesn’t help Apple, he got this by reversing the public evasi0n binary, which they can, and do.
• Getting Started with WinDBG – Part 2 – blog.opensecurityresearch.com
  This is a multipart series walking you through using WinDBG – OpenSecurity Research have gotten you off the ground with their last blog post, and now they’ll focus on it’s core functionality so that you can start debugging programs!
• 12 Days of HaXmas: Apple Safari Makes Password Stealing Fun and Easy? Yes, Please! – community.rapid7.com
  This post is the second in a series, 12 Days of HaXmas, where Wei Chen take a look at some of more notable advancements in the Metasploit Framework over the course of 2013.
• Using Burp Suite to Test Web Services with WS-Security – fishnetsecurity.com
  During a recent engagement 6Labs team ran into a web service endpoint that was using WS-Security for authentication, specifically it was using the “Username Token” profile. In order to make a successful request to the web service, you need to provide the following items.
• Decrypting IOS Apps – www.infointox.net
  Devin Ertel is going to walk through the steps it takes to decrypt an iOS app. This post doesn’t talk about the reversing process once you get the app to IDA but what you need to do to start reversing an app in IDA and what you need to do to get the reversed app running on the phone again.
• A chain is only as strong as its weakest link – DNS Hijack Monitoring – www.corelan.be
  It doesn’t really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced. Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business.

Vulnerabilities

• Researcher Says Samsung Knox Container is Vulnerable – threatpost.com
  An Israeli security researcher from the Ben-Gurion University of the Negev’s Cyber Security Labs claims to have uncovered a serious security flaw in Samsung Knox. Mordechai Guri, a Ph.D. student at BGU, discovered the flaw in Samsung’s flagship Galaxy S4 device.
  • BGU Security Researchers discover Vulnerability in Samsung’€™s Secure Software on the Company’€™s Flagship Device Galaxy S4 –in.bgu.ac.il
    Security researchers at BGU’s Cyber Security Labs have identified a critical vulnerability in highly secure Samsung mobile devices which are based on the Knox architecture.
  • Samsung Phone Studied for Possible Security Gap – online.wsj.com
• On Hacking MicroSD Cards –bunniestudios.com
  At the Chaos Computer Congress (30C3), xobs and Bunnie disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution — on the memory card itself. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else.
• 12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks –community.rapid7.com
  Several weeks ago, Egor Homakov wrote a blog post pointing out a common info leak vulnerability in many Rails apps that utilize Remote JavaScript. The attack vector and implications can be hard to wrap your head around, so in this post Joev will explain how the vulnerability occurs and how to exploit it.

Other News

• Surprise! It’s Super Easy to Identify People From Metadata – gizmodo.com
  When the NSA’s phone tracking was revealed, the agency was quick to point out that it’s not listening to phone conversations. But the agency is tracking who you call, when, and for how long — your metadata.
• Researchers publish Snapchat code allowing phone number matching after exploit disclosures ignored – www.zdnet.com
  Snapchat’s previously undocumented API and code for two exploits have been published, allowing mass name/phone number matching, and mass creation of bogus accounts.