Week 2 In Review – 2014

Events Related

  • Why we have to boycott RSA – blog.erratasec.com
    The reason isn’t that Robert Graham is upset at RSA, or think that they are evil. He thinks RSA was mostly tricked by the NSA instead of consciously making the choice to backdoor their products.

Resources

  • Stupid IDN Tricks: Unicode Combining Characters – blog.dinaburg.org
    Safari will display Unicode combining diacritical marks in the URL bar. It is possible to register domains with these marks. Some of these domains will look much like legitimate domains (e.g. apple.com vs. apple͢.com).
  • McAfee Security Report Suggests 2014 Will Be a Rough Years – www.computerworld.com
    McAfee’s comprehensive 2014 security report, released at the end of December, goes beyond rehashing the same set of threats in ever-increasing volume to instead reflect the impact of digital currencies, NSA leaks and social media. Going through the report, one thing becomes eminently clear: We are in no way prepared for what’s coming in 2014.
  • Exploit Database Hosted on GitHub – offensive-security.com
    Offensive-security have recently completed some renovations on their Exploit Database backend systems and have taken this opportunity to transition their SVN server to an EDB repository hosted on GitHub. This means that it’s now easier than ever to copy, clone, or fork the whole repository.
  • tcpflow 1.4.4 and some of its most Interesting Features – isc.sans.edu
    The latest version can of course reconstruct TCP flows but also has some interesting feature such as being able to carve files out of web traffic (zip, gif, jpg, css, etc) and reconstruct webpages. Another nice feature is the fact it provides a summary PDF report of the pcap file processed by tcpflow.
  • Stefan Esser – iOS 7 Security Overview/Crashcourse – echo360.rub.de
    Here is the video of Stefan Esser’s talk about overview of iOS 7 security features and mitigation’s.

Tools

  • Kali Linux 1.0.6 Released – kali.org
    Here is Kali Linux 1.0.6 with a new Kernel 3.12, LUKS nuke, Amazon AMI / Google Compute images and more! This release is really heavily laden with goodness.
  • Pinpoint Tool Released – kahusecurity.com
    Pinpoint works like wget/curl in that it just fetches a webpage without rendering any script. You can find the tool here.
  • NAC-bypass (802.1x) or Beagle in the Middle – shellsherpa.nl
    This is Jan Kadijk’s little project. It implements a layer2 and layer3 NAT and MitM (now also known as Beagle-in-the-Middle) built by information gathered in the passive network reconaissance stage.

  • Announcing the Release of RtspFuzzer – isecpartners.github.io
    iSEC Partners is pleased to announce the release of RtspFuzzer, an open-source fuzzer for the real-time streaming protocol (RTSP). RTSP is a text-based protocol that facilitates media streaming.

  • iOS 7 tool updates – isecpartners.github.io
    With the availability of the evasi0n7 jailbreak and the subsequent release two days ago of Cydia Substrate with support for iOS 7 and ARM64, a full-blown iOS 7 penetration testing environment can now be setup.

Techniques

  • Metasploit Meterpreter and NAT – www.corelan.be
    In this small post by corelan team, You’ll look at how to correctly configure Meterpreter payloads and make them work when your audit box is behind a NAT device.
  • Piercing SAProuter with Metasploit – community.rapid7.com
    In this article by Morrisson, you’ll see how it is possible to exploit weak saprouter configurations that can allow access to internal hosts all the way from the Internet, all this using only metasploit’s support for pentesting SAP systems. This article can help shed light on both the risks associated with saprouter deployments, as well as SAP security in general.

Vendor/Software patches

Vulnerabilities

  • Unsafe DLL Loading Vulnerabilities – blog.opensecurityresearch.com
    A common issue we see in applications is the order in which they import DLLs at runtime. This is referred to as a Load Order Vulnerability that can result in local privilege escalation. In this blog post Muralidharan will dissect the vulnerability, exploitation scenarios, and how to fix it.
  • WordPress Plugins Exploitation Through the Big Data Prism – blogs.akamai.com
    In June 2013, Checkmarx, a source code analysis vendor released a very thorough and interesting whitepaper on the topic of WordPress Plugins Security, listing the most vulnerable plugins. While reading Checkmarx’s whitepaper, and going through the long list of vulnerable WordPress plugins, Ory Segal felt that a few critical questions were still left unanswered.
  • Is XXE the new SQLi? – isc.sans.edu
    Here we can see a typical problem with untrusted input – since an attacker can control anything on the client side he can impact integrity of the XML document that is submitted to the server. Generally this should not be a problem unless the following happens.
  • The Internet of Things Is Wildly Insecure — And Often Unpatchable – wired.com
    We’re at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself — as with the Internet of Things. These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them.
  • Hackers gain ‘full control’ of critical SCADA systems – www.itnews.com.au
    Researchers have found vulnerabilities in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. The findings follow the discovery of separate serious vulnerabilities in Siemens industrial ethernet switches that allowed attackers to run administrative tasks and hijack web sessions.

Other News

  • Hackers Steal Card Data from Neiman Marcus – krebsonsecurity.com
    Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards.
  • Yikes! Target’s data breach now could affect 110M peoples – news.cnet.com
    Target’s data breach is much broader than once believed. The retailer now says that information taken in December’s security lapse includes names, phone numbers, and postal and e-mail addresses, and could affect up to one-third of the US population.
  • Cyber-security: Small satellite dish systems called ripe for hacking – csmonitor.com
    The small dish systems, VSATs, transmit often-sensitive data from far-flung locations for critical industries. A cyber-security report found thousands with ‘their digital front doors wide open.’
  • VSAT terminals are opened for targeted cyber attacks – intelcrawler.com
    Security researchers from IntelCrawler, a Los-Angeles based cyber intelligence company, announced that very-small-aperture terminal (VSAT) used for satellite communications are exposed to external cyber attacks, especially, on distributed critical infrastructures and network environments.

Leave A Comment