Week 32 In Review – 2014


  • Introducing LiveDump.exe – crashdmp.wordpress.com
    Microsoft has added back the ability to dump physical memory to disk (in the form of a dump file) from user mode via NtSystemDebugControl. Sippy wrote a quick proof-of-concept tool and generated what appears to be a 250mb kernel bitmap dump.
  • About the USB Descriptor Collection – usbdescriptors.com
    This site tries to build a collection of all the USB descriptors (extern) from all USB devices out there. This sounds like a though goal and it is.
  • Breaking Antivirus Software – twitter.com
    Jeremiah Grossman twitted this SYScan360, 2014 presentation about breaking antivirus software by Joxean Koret. amazing quotes!
  • BSides Las Vegas 2014 Videos – irongeek.com
    These are the videos from the BSides Las Vegas conference. You can watch and download the videos from here.
  • Q&A on the Reported Theft of 1.2B Email Accounts – krebsonsecurity.com
    Security consultancy Hold Security dropped the news that a Russian gang has stolen more than a billion email account credentials. Rather than respond to each of these requests in turn, Brian Krebs has added a bit of perspective here in the most direct way possible: The Q&A.
  • Black Hat USA 2014 materials – blackhat.com
    Here is the Black Hat USA 2014 presentations and white papers archive.

  • PoC||GTFO 0x05
    [.pdf] – defuse.ca
    The PDF contains executable code. If you let it finish loading, it loads Quake into memory and lets you play it in your browser.


  • EICARgen: An Arms Race – blog.didierstevens.com
    If you subscribed to Didier’s videos, you saw this video and had early access to his new version of EICARgen.
  • Service Permission Checker (service-perms.exe) – hackwhackandsmack.com
    Ben slightly updated his program to show a few extra bits of information about the service. Firstly it now shows whether that user can stop and start the service, including the running state. Here is the link to the tool.
  • HoneyDrive 3 – The Premier Honeypot Linux Distro – hack-tools.blackploit.com
    HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed.
  • Snoopy v2.0 – github.com
    Snoopy v2.0 – modular digital terrestrial tracking framework. Snoopy is a distributed, sensor, data collection, interception, analysis, and visualization framework. It is written in a modular format, allowing for the collection of arbitrary data from various sources via Python plugins.

Vendor/Software patches

  • Samba Patches Heap Overflow Bug in Current Versions – threatpost.com
    The keepers of Samba, an open source software package that provides Windows operability for Linux and UNIX systems, have patched a serious heap overflow vulnerability in all 4.x.x versions of the software.

    • Patches for Recent or Unsupported Releases -samba.org
      In order to better support the Samba community, this page contains recommended patches for the most recent production releases. These patches have been integrated into the main Samba development trees for the next version of Samba.


Other News

2017-03-12T17:39:30-07:00 August 12th, 2014|Security Tools, Security Vulnerabilities, Week in Review|0 Comments

Share This Story, Choose Your Platform!

Leave A Comment