Week 37 In Review – 2014

Events Related

  • ArchC0n ’14 Report – www.digitalbond.com
    Dale Peterson spoke at the inaugural ArchC0n in St. Louis this Saturday. The main reason he chose to go to this IT security event was they had Richard Bejtlich, Bruce Schneier and Charlie Miller as keynotes. Quite a haul for the first run. Here are some of the items that he wrote down.
  • Inside the Super Bowl of lying – dailydot.com
    This is the 2014 Def Con hacker conference at the Rio Casino in Las Vegas. The people are in one of the tiniest rooms in the casino to see the Super Bowl of lying. Here is the wrap up of the event by Patrick Howell O’Neill.

Resources

  • LiveUSB 3.0 beta – files.ettus.com
    You can test new @EttusResearch LiveUSB 3.0 now. Files are available here.
  • 23rd USENIX security symposium technical sessions – usenix.org
    The full Proceedings published by USENIX for the symposium are available for download here. Individual papers can also be downloaded from the presentation page.
  • Troopers 14 presentations – troopers.de
    Archived Contents and videos from a past Troopers are available here. You can watch the videos and download the papers.
  • Symantec Endpoint Protection 0day – offensive-security.com
    Symantec will be publishing the code for this privilege escalation exploit in the next few days. In the meantime, you can check out their demo video of the exploitation process.

Tools

  • IVRE – github.com
    IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is a network recon framework, including two modules for passive recon (one p0f-based and one Bro-based) and one module for active recon (mostly Nmap-based, with a bit of ZMap).

Techniques

  • Colliding password protected MS office 97-2003 documents – hashcat.net
    Atom recently worked on adding support to oclHashcat in order to crack the different versions of password protected MS Office documents. While he was working on the 97-2003 version he found out that there’s a weakness in the scheme that he want to share here.
  • 15 Ways to Bypass the PowerShell Execution Policy – netspi.com
    By default PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. This can be a hurdle for penetration testers, sysadmins, and developers, but it doesn’t have to be. In this blog Scott Sutherland covered 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.
  • Introducing Gupt: A Backdoor which uses Wireless network names for command execution – labofapenetrationtester.com
    Few weeks back, Nikhil SamratAshok Mittal was playing with his mobile WiFi hotspot and powershell. Using powershell, he was listing the SSIDs created by the mobile hotspot, wondering if it could be exploited some way? It turned out to be a yes but with some help.

  • Hacking iClass Elite with proxmark3 – martin.swende.se
    iClass standard and Elite are on par with Mifare Classic on crack-status. It is interesting to note that any iClass elite system is crackable by only a few seconds of proximity to a legitimate reader, while iClass standard is more difficult to crack.

Vendor/Software patches

Vulnerabilities

  • Home Depot Hit By Same Malware as Target – krebsonsecurity.com
    The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation.
  • Download at your own risk: Bitcoin miners bundled with game repacks – blogs.technet.com
    Recently Donna Sibangan has seen an emerging trend among malware distributors – Bitcoin miners being integrated into installers of game repacks.This type of system hijacking is just one of the many ways to exploit a user by utilizing their system’s computing resources to earn more cash.

Other News

  • Cleaning up after password dumps – googleonlinesecurity.blogspot.com
    One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and passwords on the web. Google are always monitoring for these dumps so they can respond quickly to protect their users. This week, they identified several lists claiming to contain Google and other Internet providers’ credentials.
  • 5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise -tech.slashdot.org
    After first appearing on multiple Russian cybercrime boards , a list of 5 million Google account usernames — are circulating via file-sharing sites. Experts say the information most likely didn’t result from a hack of any given site , including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections.

Leave A Comment