Week 4 In Review – 2014

Events Related

• Counter-confab TrustyCon to host speakers boycotting RSA Conference – news.cnet.com
  A new conference focusing on issues of “trust” at the intersection of privacy and security will take place during RSA’s annual show.

Resources

• ShmooCon Firetalks 2014 – www.irongeek.com
  These are the videos for the ShmooCon Firetalks 2014.
• Free Tools: The Best Free Tools of 2013? – community.rapid7.com
  This post will cover a few of the best freebies released last year, and how they are used by information security team members, to make their day-to-day lives easier.
• VoIP Attacks: Skype Proof of Concept Released – blog.mdsec.co.uk
  In October 2013, Dominic Chell and Shaun Colley presented their research and proof-of-concept tool for traffic analysis of encrypted VoIP streams. They focused on Skype as a case study.

Tools

• Windbgshark – code.google.com
  This project includes an extension for the windbg debugger as well as a driver code, which allow you to manipulate the virtual machine network traffic and to integrate the wireshark protocol analyzer with the windbg commands.
• SI6 Networks’ IPv6 Toolkit – si6networks.com
  The SI6 Networks’ IPv6 toolkit v1.5.2 is available now. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets.
• Bully – github.com
  Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification.

Techniques

• TrueCrypt Master Key Extraction And Volume Identification – volatility-labs.blogspot.com
  What’s described here is not a vulnerability in TrueCrypt. Volatility Labs don’t intend to cause mass paranoia or discourage readers from using the TrueCrypt software. Their best advice to people seeking to keep data secure and private is to read the TrueCrypt documentation carefully, so you’re aware of the risks.
• Guest Post: Bypassing 3rd-degree profiles in LinkedIn by Osanda Malith – blog.bugcrowd.com
  Osanda Malith wrote up this clever article on how he bypassed 3rd-degree profiles on LinkedIn. Learn more about Osanda and the exploit here.
• Powershell Reconnaissance – trustedsec.com
  This post is a simple introduction to Powershell and a demonstration of a couple of useful ways it can be utilized during the information gathering stages of a pentest.
• Making Your Printer Say “Feed Me a Kitten” and Also Exfiltrate Sensitive Data – community.rapid7.com
  Here Metasploit will just be covering how to use the PoC modules included with the new protocol. let’s get started!
• Fetching JBoss MBean method hashes – forelsec.blogspot.com
  Matasano published one of two canonical papers on JBoss exploitation. While working on a fresh new tool, Drone came across the JMXInvokerServlet technique, which uses serialized Java requests to deploy to remote MBeans. This uses a specific object hash to route the JMX request to the correct MBean.
• Application Whitelist Bypass Using IEexec.exe – room362.com
  In this document you’ll learn that even if a host is in a mode where only trusted approved applications can run. IEexec.exe can be used in certain situations to circumvent a Whitelist, since it is likely a trusted binary, since it is signed by Microsoft.

Vulnerabilities

• Bug Exposes IP Cameras, Baby Monitors – krebsonsecurity.com
  A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device’s Internet address to view live and recorded video footage, KrebsOnSecurity has learned.
• XXE in OpenID: one bug to rule them all, or how I found a Remote Code Execution flaw affecting Facebook’s servers – www.ubercomp.com
  For more than a year Reginaldo Silva, Brazilian computer engineer, thought Facebook was not vulnerable at all, until one day he was testing Facebook’s Forgot your password? functionality. Facebook was indeed vulnerable to that same XXE he had found out more than a year ago.
• Linksys & Netgear Backdoor by The Numbers – skizzlesec.com
  When a major backdoor or ZeroDay starts to make headlines, we think that hundreds of thousands, maybe millions of users, are affected by that vulnerability. With this in mind MaxRoger set out to answer the question, “How bad is it?”

Other News

• Snapchat’s new verification already hacked – news.cnet.com
  Security researcher shows that the service’s new “find the ghost” system to prove that you’re a human and not a bot can be easily tricked.
• No sixth sense: ‘123456’ is worst password of 2013d – news.cnet.com
  The insecurity of our online accounts provides plenty of reason for insecurity about the state of online security, according to a new list of the most common passwords.
• Explaining security issues with healthcare.gov – trustedsec.com
  This blog post was written by David Kennedy – CEO of TrustedSec. He recently testified in front of Congress last week to the House and Science Committee on the issues still plaguing the website.