Resources
- Infiltrate 2014 – shadow-file.blogspot.com
Here are some additional resources of Zach Cutlip that may have mentioned in his Infiltrate 2014 presentation. - BlueHat Security Briefings: Fall 2013 Sessions – channel9.msdn.com
The 2013 BlueHat Security Briefings took place on the Microsoft campus in December 2013. Here are the list of talks and discussions.
Tools
- mimikatz 2.0 alpha 20140519 – github.com
You can download this new release of Mimikatz 2.0 alpha from here. Pass-The-eKeys now also working on Windows 7/8 if KB2871997 installed. - Tastic RFID Thief – Proximity Badge Released – bishopfox.com
The Tastic RFID Thief is a silent, long-range RFID reader that can steal the proximity badge information from an unsuspecting employee as they physically walk near this concealed device. You can download the tool from here.
Techniques
- What Did Microsoft Just Break with KB2871997 and KB2928120 – pwnag3.com
Microsoft recently released two patches that will likely impact your future pentests. In this blog post, Craig’ll walk through his testing and validation of these patches from his lab. - Obtaining Passwords from Cisco Wireless LAN Controllers – blog.ptsecurity.com
if we have the configuration file of a Cisco WLC device, we can obtain and restore all encrypted passwords. Watch yourself!
Vendor/Software patches
- Microsoft to fix two major attack methods for hackers – trustedsec.com
Microsoft is apparently fixing Two issues with the recently released update. A Metasploit module was released after an attack method was publicly disclosed and makes the process extremely simple.
Vulnerabilities
- Significant portion of HTTPS Web connections made by forged certificates – arstechnica.com
Computer scientists have uncovered direct evidence that a small but significant percentage of encrypted Web connections are established using forged digital certificates that aren’t authorized by the legitimate site owner. - Exposure of Critical Information Via SNMP Public Community String – community.rapid7.com
This report details three critical information disclosure vulnerabilities. The vulnerabilities were discovered while Matthew Kienow and Deral Heiland were researching information disclosure issues in SNMP on embedded appliances for a talk at CarolinaCon.- Embedded Devices Leak Authentication Data Via SNMP Community String -threatpost.com
Researchers have discovered previously unreported problems in SNMP on embedded devices where devices such as secondary market home routers and a popular enterprise-grade load balancer are leaking authentication details in plain text.
- Embedded Devices Leak Authentication Data Via SNMP Community String -threatpost.com
Leave A Comment