Week 33 In Review – 2014

Events Related

• Def Con 22
  • DEFCON 22: The Con That Keeps on Giving – lunalindsey.com
    Luna Lindsey is redefining the conference experience. She had an amazing time this year, as always. But as a neophile, she crave new experiences.
  • Def Con: the ‘Olympics of hacking’ – www.ft.com
    Welcome to Def Con, the Olympics of hacking, where for 21 years computer hackers have been gathering to compete, share their knowledge and, perhaps most of all, meet like-minded people in the real, offline world. A festival atmosphere fills the hallways as delegates greet old friends, addressing each other by online nicknames.

Resources

• Get STIX Reports from ICS Honeypot Conpot – honeynet.org
  The team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github.
• The Blackhat USA 2014
  • Blackhat Fake ID talk material and follow-up – bluebox.com
    The final presentation material on the fake ID vulnerability is now available online for download/viewing.
  • Blackhat USA Multipath TCP Tool Release & Audience Challenge – labs.neohapsis.com
    Neohapsis labs have posted the tools and documents mentioned in the talk. At the end of the talk they invited participants to explore MPTCP in a little more depth via a PCAP challenge.
  • Black Hat USA 2014 materials – www.blackhat.com
    The Black Hat USA 2014 presentations and white papers archive is available. You can read and download these docs from here.
  • Black Hat USA 2014 videos – youtube.com
    The Black Hat USA 2014 talk and presentation videos are available now. You can watch and download the videos from here.
  • GUI Security-Black Hat USA 2104 slides – mulliner.org
    GUI Security-Black Hat USA 2104 slides, tools and other stuffs are available. Download them from here.
• Def Con 22
  • Presentations & Workshops-Speaker Workshops at DEF CON – wallofsheep.com
    DEF Con Presentations and workshops slides are available here.
  • NSA Playset: SLOTSCREAMER, HALIBUTDUGOUT, and ALLOYVIPER for PCIe and Thunderbolt DMA attacks – securinghardware.com
    The open hardware and software framework was presented and released at DEFCON 22. The talk along with updated progress is available now.
  • Defcon Wireless Village 2014 (Defcon 22) Videos – irongeek.com
    These are the videos from the Defcon Wireless Village 2014 (Defcon 22). You can watch and download the videos from here.
  • DEFCON 22 Badge Challenge – potatohatsecurity.tumblr.com
    Jason, Brett, and Jon recently went to DEFCON and completed the Badge Challenge put together by 1o57. Here is the entire adventure as they experienced it with all of the puzzles, their solutions, and the steps to solve them.
  • DEFCON 22 Badge Contest – elegin.com
    This writeup is not for the weak of heart or the ill of will. It is for those who nestle in a bed of crazy and snuggle with a layer of insane.
  • Files included on the DEFCON 22 CD – soldieroffortran.org
    Here is the description and story behind each of the files included on the DEFCON 22 CD. Usage examples and descriptions are included as well as some background. Each section contains a download link to that specfic file.
  • Soldier of Fortran – mainframed767.tumblr.com
    Talkin’ about mainframe security, links to articles and general items. Brought to you by COBOL on COGS.
• New Metasploit 4.10: Credentials Are the New Exploits – community.rapid7.com
  The Metasploit team have given credentials a new boost with Metasploit 4.10. It’s now easier to manage, reuse and report on credentials as part of a penetration test.

Tools

• Sysmon v1.0 – technet.microsoft.com
  Sysinterals SysMon is available now. System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.
  • Useful comments about this tool -reddit.com
• ZigTools: An Open Source 802.15.4 Framework – github.com
  ZigTools is a Python framework, which was developed to reduce the complexity in writing additional functionality in communicating with a Freakduino (a low cost Arduino based 802.15.4 platform).You can download it from here.
• SamuraiSTFU – samuraistfu.org
  The home of the Samurai Project’s Security Testing Framework for Utilities (SamuraiSTFU). Download the latest release here.

Techniques

• Intercepting Native iOS Application Traffic – netspi.com
  In this blog, you will go through proxying an iOS application which uses native web sockets to interact with a web server. The blog will help penetration testers who are trying to intercept sensitive data that is being sent by an iOS application in a non-trivial manner over the network because some applications do not respect the iOS proxy settings.
• Scan the Internet & Screenshot All the Things – w00tsec.blogspot.com
  Internet scanning isn’t new anymore and people are still surprised with these results. For this post, Bernardo Rodrigues will share some techniques he commonly use to map and screenshot several Internet services during pentest engagements.

Vendor/Software patches

• Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
  Adobe and Microsoft today each independently released security updates to fix critical problems with their products. Adobe issued patches for Adobe Reader/Acrobat, Flash Player and AIR, while Microsoft pushed nine security updates to address at least 37 security holes in Windows and related software.

Vulnerabilities

• WordPress and Drupal Denial Of Service Vulnerability Full Disclosure – www.breaksec.com
  This post concerns the XML Denial of Service, which was detected in both WordPress and Drupal. This phenomenon is predicated on a well-known cyber attack, known as the XML Quadratic Blowup Attack.
• NSA/GCHQ: The HACIENDA Program for Internet Colonization – www.heise.de
  In this article, Julian Kirsch along with the team will describe a new port knocking variant that uses the nation-state adversary model, and thus offers some protections against the HACIENDA program, thereby possibly stopping the spy agencies at the reconnaissance stage.

Other News

• The lie behind 1.2 billion stolen passwords – youarenotpayingattention.com
  Earlier this week, Alex Holden of Hold Security announced to the NYT that he had discovered Russian hackers had stolen over 4 billion usernames and passwords. After running a duplication check, that narrowed to 1.2 billion and, while not often reported, that list was further whittled down to around 500 million individual users via unique email addresses.
  • Interesting comments about this -reddit.com
• Meet the Puzzle Mastermind Who Designs Def Con’s Hackable Badges – www.wired.com
  Def Con is one of the world’s biggest hacker conventions where security experts come to Las Vegas to learn about the latest computer vulnerabilities and exploits, show off their skills, and hack or crack anything that can be hacked and cracked—including the conference badges.
• How Gaps in Pen Testing and Intrusion Detection Paved the Path to Continuous Monitoring – tenable.com
  Imagine a scenario where, rather than starting at a place of health, your systems are under constant attack. This is the situation with networks. And it’s even more complex as our networks now encompass not only on-premises systems but virtual, cloud and mobile environments.
• What caused today’s Internet hiccup – www.bgpmon.net
  You may have noticed some instability and general sluggishness on the Internet this week. In this post BGPmon will take a closer look at what happened, including some of the BGP details!