Week 32 In Review – 2014

Resources

• Introducing LiveDump.exe – crashdmp.wordpress.com
  Microsoft has added back the ability to dump physical memory to disk (in the form of a dump file) from user mode via NtSystemDebugControl. Sippy wrote a quick proof-of-concept tool and generated what appears to be a 250mb kernel bitmap dump.
• About the USB Descriptor Collection – usbdescriptors.com
  This site tries to build a collection of all the USB descriptors (extern) from all USB devices out there. This sounds like a though goal and it is.
• Breaking Antivirus Software – twitter.com
  Jeremiah Grossman twitted this SYScan360, 2014 presentation about breaking antivirus software by Joxean Koret. amazing quotes!
• BSides Las Vegas 2014 Videos – irongeek.com
  These are the videos from the BSides Las Vegas conference. You can watch and download the videos from here.
• Q&A on the Reported Theft of 1.2B Email Accounts – krebsonsecurity.com
  Security consultancy Hold Security dropped the news that a Russian gang has stolen more than a billion email account credentials. Rather than respond to each of these requests in turn, Brian Krebs has added a bit of perspective here in the most direct way possible: The Q&A.
• Black Hat USA 2014 materials – blackhat.com
  Here is the Black Hat USA 2014 presentations and white papers archive.
  • Interesting comments about this -reddit.com
• PoC||GTFO 0x05
  [.pdf] – defuse.ca
  The PDF contains executable code. If you let it finish loading, it loads Quake into memory and lets you play it in your browser.

  • Interesting comments about this -reddit.com

Tools

• EICARgen: An Arms Race – blog.didierstevens.com
  If you subscribed to Didier’s videos, you saw this video and had early access to his new version of EICARgen.
• Service Permission Checker (service-perms.exe) – hackwhackandsmack.com
  Ben slightly updated his program to show a few extra bits of information about the service. Firstly it now shows whether that user can stop and start the service, including the running state. Here is the link to the tool.
• HoneyDrive 3 – The Premier Honeypot Linux Distro – hack-tools.blackploit.com
  HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed.
• Snoopy v2.0 – github.com
  Snoopy v2.0 – modular digital terrestrial tracking framework. Snoopy is a distributed, sensor, data collection, interception, analysis, and visualization framework. It is written in a modular format, allowing for the collection of arbitrary data from various sources via Python plugins.

Vendor/Software patches

• Samba Patches Heap Overflow Bug in Current Versions – threatpost.com
  The keepers of Samba, an open source software package that provides Windows operability for Linux and UNIX systems, have patched a serious heap overflow vulnerability in all 4.x.x versions of the software.
  • Patches for Recent or Unsupported Releases -samba.org
    In order to better support the Samba community, this page contains recommended patches for the most recent production releases. These patches have been integrated into the main Samba development trees for the next version of Samba.

Vulnerabilities

• Watch This Wireless Hack Pop a Car’s Locks in Minutes – www.wired.com
  Shims and coat hangers are the clumsy tools of last century’s car burglars. Modern-day thieves, if they’re as clever as Silvio Cesare, may be able to unlock your vehicle’s door without even touching it.
• IIS Short File Name Disclosure is back! Is your server vulnerable? – soroush.secproject.com
  After a few years of finding IIS Short File Name Disclosure vulnerability/feature, Soroush Dalili discovered a new method that can work on the latest versions of IIS. Test your IIS server and see if it is vulnerable!
• XML Quadratic Blowup Attack Blows Up WordPress & Drupal – darknet.org.uk
  It’s an XML Quadratic Blowup Attack that affects both WordPress and Drupal and is quite serious as rather than just crashing the software, it can take down the whole server.

Other News

• New Site Recovers Files Locked by Cryptolocker Ransomware – krebsonsecurity.com
  Two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware called CryptoLocker.