Week 5 In Review – 2014

Resources

• BLE Fun With Ubertooth: Sniffing Bluetooth Smart and Cracking Its Crypto – blog.lacklustre.net
  Ubertooth is an open source platform for Bluetooth research. It has a powerful ARM microcontroller connected to a reconfigurable radio chip, the TI CC2400. Although it was originally built to monitor classic Basic Rate (BR) Bluetooth, it serves as an excellent platform for building a BLE sniffer.
• Se* and you – labs.portcullis.co.uk
  The following is a brief analysis of the threats associated with each Se* privilege. To be clear, the context of this analysis is the case where you land in a service account that has one or more of these privileges.
• Damn Vulnerable IOS Application (DVIA) – damnvulnerableiosapp.com
  Damn Vulnerable IOS App (DVIA) is an IOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their IOS penetration testing skills in a legal environment.
• NIST 800-53r4 controls with related documentation, privacy controls, videos, assessment procedures, and SANS 20 Critical Security Controls Version 4.1 – webbrain.com

Tools

• iker – labs.portcullis.co.uk
  ker is a Python tool to analyse the security of the key exchange phase in IPsec based VPNs. Download link is available here.
• SecUpwN / Android-IMSI-Catcher-Detector – github.com
  This is an android-based project to detect and avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Sounds cool and security is important to you?
• wifijammer – github.com
  Wifijammer continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card.
• mass-deauth – github.com
  This is Mass-Deauth script for 802.11 pwnage. Download this script from here.
• DependencyCheck – github.com
  Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency.

Techniques

• Reversing the WRT120N’s Firmware Obfuscation – devttys0.com
  It was recently brought to Craig’s attention that the firmware updates for the Linksys WRT120N were employing some unknown obfuscation. He thought this sounded interesting and decided to take a look.

Vulnerabilities

• Revisting XXE and abusing protocols – www.corelan.be
  The basic premise behind the vulnerability is that when a user authenticates with a site using OpenID, that site does a ‘discovery’ of the user’s identity. To accomplish this the server contacts the identity server specified by the user, downloads information regarding the identity endpoint and proceeds with authentication.

Other News

• How I Lost My $50,000 Twitter Username – krebsonsecurity.com
  A story of how PayPal and GoDaddy allowed the attack and caused Naoki Hiroshima to lose his $50,000 Twitter username.