Week 19 In Review – 2014

Resources

• Web security tricks – bugscollector.com
  Bugs Collector is a database of web security breaches and tricks collected from all over the world. Tricks are available here.
• ShowMeCon 2014 Videos – irongeek.com
  These are the videos of ShowMeCon 2014. You can watch and download all the videos from here.
• LayerOne 2013 – layerone.org
  Archives of the videos of Los Angeles’ premiere security conference 2013. You can watch all the videos from here.
• Nmap Class for Hackers For Charity – irongeek.com
  This is the Nmap class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin, Martin Bos and @irongeek_adc.
• Jacob I. Torrey: From Kernel to VMM – youtube.com
  This presentation provides a cohesive overview of the Intel VT-x virtualization extensions from the perspective of a kernel developer. It finishes by outlines AIS, Inc.’s DARPA CFT MoRE effort.

Tools

• MagicTree v1.3 Available For Download – Pentesting Productivity – darknet.org.uk
  MagicTree is a pentesting productivity tool. You can download MagicTree here.
• Pwnstaller 1.0 – harmj0y.net
  Pyinstaller, for those of you who aren’t aware, is a useful program that “converts (packages) Python programs into stand-alone executables”. Pwnstaller is a tool to generate and compile a dynamically-obfuscated version of the Pyinstaller runw.exe loader.
• RedoWalker Beta Version Released – databaseforensics.com
  RedoWalker dumps Oracle redo logs to an XML format; it specifically dumps redo entries fro DDL, INSERTs, UPDATEs, DELETEs and associated UNDO records. This software is still in beta.
• DepDep v1.0 – github.com
  Depdep is a merciless sentinel which will seek sensitive files containing critical info leaking through your network.
• Parsero v0.71 – Attacking Robots.txt Files Released – github.com
  Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries.
• Inception v0.3.5 Beta – Attacking FireWire Devices Released – github.com
  Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to.
• IPv6 Toolkit v1.5.3 Released – si6networks.com
  A security assessment and troubleshooting tool for the IPv6 protocols.
• ITool Release: You’ll Never (Ever) Take Me Alive! – isecpartners.github.io
  You’ll Never Take Me Alive — a tool that helps protects Full Disk Encrypted Windows computers from DMA and cold boot attacks.

Techniques

• Network Proxy and Protocol Responder – hackwhackandsmack.com
  This blog will allow you to re-create or replay a management station type scenario with a client and opens a whole load of new attack scenarios.
• Android Hacking and Security, Part 5: Debugging Java Applications Using JDB – resources.infosecinstitute.com
  This article walks the readers through debugging Java programs using a command line tool called JDB. Though this article doesn’t touch Android concepts, this is a prerequisite to understand the next article coming in the series.
• Plesk 10 & 11 SSO XXE/XSS – makthepla.net
  This blog post is about complete failure that resulted in a win.
• Executing Code via SMB / DCOM Without PSEXEC – www.room362.com
  PSEXEC has been a staple for Windows post exploitation pivoting and system administration for a long while.The basic premise of how all “psexec” tools work is described here.
• Beefing up Windows End Station Security with EMET – isc.sans.edu
  After Rob VandenBrink post last week on things a System Administrator can do to protect against zero days in the browser, operating systems and applications, one of the biggies for Windows is to deploy EMET.This is a really high level description of how you’d deploy EMET in a typical Windows shop.
• Moar Shellz! – trustedsec.com
  Larry Spohn shared one more method that he recently discovered, using the Metasploit “psexec_command” module, created by Royce Davis (@r3dy__), from Accuvant LABS.

Vendor/Software patches

• Dropbox patches shared links security flaw – zdnet.com
  Dropbox has now patched a security vulnerability which could give third parties access to server data without authorization.

Vulnerabilities

• 300k servers vulnerable to Heartbleed one month later – blog.erratasec.com
  It’s been a month since the Heartbleed bug was announced. Robert Graham thought he’d rescan the Internet (port 443) to see how many systems remain vulnerable.
• [POC] CVE-2014-0196: Linux kernel pty layer race condition memory corruption (local root exploit) – bugfuzz.com
  The vulnerability should be exploitable all the way from v2.6.31-rc3, however relevant changes to the TTY subsystem were made in.

  • Interesting comments about this – reddit.com
• AVG Remote Administration Multiple critical vulnerabilities  – sec-consult.com
  “AVG Remote Administration” allows the network administrator to remotely install, update, and configure AVG across the computer network. Attackers can connect to the AVG Admin Server and manage clients just like a legitimate administrator with full privileges using a modified version (checks removed using binary patch) of AVG Admin Console.
• Heartbleed, IE Zero Days, Firefox vulnerabilities – What’s a System Administrator to do? – isc.sans.edu
  It’s great to say “Defense in Depth” and “The 20 Critical Controls”, but that’s easy to say and not so easy to do when you are faced with a zero day in the browser that your business application must have to run. What can you do that’s quick and easy, that offers some concrete protection for your community of 20, 200, 2,000 or 20,000 workstations?
• New iPhone lock screen flaw gives hackers full access to contact list data – zdnet.com
  iPhone users are vulnerable to a lock-screen flaw that allows a hands-on hacker to gain full access to a user’s contacts list.
• R7-2013-19.2 Disclosure: Yokogawa CENTUM CS 3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782) – community.rapid7.com
  Last March 8th, @julianvilas and Juan Vazquez spoke at RootedCON about their work with the Yokogawa CENTUM CS3000 product, and disclosed three of the vulnerabilities they found on March 10 on this blog.
• Bitly hackers stole user credentials from offsite database backup – welivesecurity.com
  Bitly has shed a little more light on the serious security breach it suffered last week.As you may recall, the URL-shortening service announced last week that it believed the account credentials of Bitly users could have fallen into the hands of hackers, but it fell short of answering how it determined customer privacy had been breached, how securely passwords had been stored, or – indeed – what had actually gone wrong.

Other News

• Penetration Testing Has Come Of Age – Now It’s Time to Move On – mandiant.com
  Today it’s hard to find an organization that operates without penetration tests. Vivek Chudgar think this is the right time to pause and ask a few questions.