Week 47 In Review – 2014

Resources

• SHack3rcon 5 Videos – irongeek.com
  Here are the videos from Hack3rcon^5. You can watch and download the videos from here.
• Let’s Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools – motherboard.vice.com
  Last August, at Defcon, the hacker conference in Las Vegas, engineer and security researcher named Michael Ossmann stood on the stage of a lecture hall, about to detail a stunning new set of tools designed for spying on a wealth of electronic devices. He explained to the audience just how he had engineered the kind of surveillance devices that, six months earlier, only a select group of spies had even known were possible.
• Android malware samples – androidsandbox.net
  6.8 Gbs of Android malware samples! Here are all of the links from Androidsandbox.
• Backdoors in pirated WP/Joomla/Drupal plugins (PDF) – foxitsecurity.files.wordpress.com
  An analysis of a hidden threat inside popular CMS by FOX-IT Security Research team. You can read the analysis from here.
  • Interesting comments about this -reddit.com
• Trusting Your Cloud Provider. Protecting Private Virtual Machines – Armin Simma – blog.c22.cc
  The talk is first and foremost about secrets. In this talk Armin wants to show that it is possible to protect secrets (VM of the cloud customer) running on the providers host system using Trusted Computing technology.
  • A Myth or Reality – BIOS-based Hypervisor Threat – Mikhail Utin -blog.c22.cc
    The talk is a status report of BIOS-based hypervisor research. This research was performed on systems that did not support hardware virtualization support.
  • Addressing the Skills Gap – Colin McLean -blog.c22.cc
    It is evident that there is a world-wide cyber-security skills shortage but what can be done about it? This talk focuses on the experiences of running the course and examines how the cyber security skills shortage can be addressed.
  • The Measured CSO – Alex Hutton -blog.c22.cc
    This talk discusses one method to help a Security Department build a better understanding of historically amorphous goals like “effectiveness, efficiency, secure, and risk” using data and models.
  • Advanced Powershell Threat: Lethal Client Side Attacks using Powershell -blog.c22.cc
    APT – A buzzword which refuses to die. Lets have some fun with it, lets move it to powershell. This talk would focus on using powershell for Client Side Attacks.
• 44Con 2014: GreedyBTS – Hacking Adventures in GSM -blog.c22.cc
  At 44CON in September 2014, MDSec presented “GreedyBTS: Hacking Adventures in GSM” where discussed our research of 2.5G network attacks against mobile devices. We outlined many existing known weaknesses in the GSM protocol, discussed in detail how to build a safe simulation environment of 2.5G for security research and presented an overview of GreedyBTS.

Tools

• Yubikey-Trammell Hudson’s Projects – trmm.net
  The Yubico Yubikey-Neo and Neo-N USB tokens are a neat (and cheap) way to keep your keys locked in a hardware device rather than stored as a file on your harddrive. All of the public-key cryptography happens inside the tamper-proof device, so your secret key is never decrypted in the memory nor stored on disk of your machine.
• Retire.js – github.com
  The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities. Download the tool from here.
• Firing Range – github.com
  Firing Range is a test bed for web application security scanners, providing synthetic, wide coverage for an array of vulnerabilities. It can be deployed as a Google App Engine application.
• Capstone-Version 3.0 – capstone-engine.org
  Capstone is excited to announce version 3.0 of Capstone disassembly framework! Download now.
• ExploitRemotingService – github.com
  ExploitRemotingService is a tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.
• ExploitRemotingService – github.com
  ExploitRemotingService is a tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.
• Detekt – github.com
  Detekt is a Python tool that relies on Yara, Volatility and Winpmem to scan the memory of a running Windows system (currently supporting Windows XP to Windows 8 both 32 and 64 bit and Windows 8.1 32bit).
• Android IMSI-Catcher Detector – secupwn.github.io
  Android-based project to detect and avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Detect and avoid IMSI-Catcher attacks!
• NSC14 Hardware Workshop – github.com
  NSC14 Hardware Workshop materials are available now. You can download from here.

Techniques

• Reverse Engineer a Verisure Wireless Alarm part 1 – Radio Communications – funoverip.net
  Verisure is a supplier of wireless home alarms and connected services for the home. This post is the first part of FoIP’s Verisure story and aims to observe radio communications between the multiple devices of the alarm. In other words, They will translate the radio communication into binary messages.

Vendor/Software patches

• Triggering MS14-066 – blog.beyondtrust.com
  Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed. This vulnerability promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce. Here is fix of that.

Vulnerabilities

• Additional information about CVE-2014-6324 – blogs.technet.com
  Microsoft released update MS14-068 to address CVE-2014-6324, a Windows Kerberos implementation elevation of privilege vulnerability that is being exploited in-the-wild in limited, targeted attacks. The goal of this blog post is to provide additional information about the vulnerability, update priority, and detection guidance for defenders.
  • Microsoft Security Bulletin MS14-068 – Critical -technet.microsoft.com
    This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers.
• WordPress 3 persistent script injection -seclists.org
  A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don’t require authentication by default.

Other News

• State Department Targeted by Hackers in 4th Agency Computer Breach – nytimes.com
  The State Department on Sunday became the fourth government agency to announce a breach of its computer systems in recent weeks, after an infiltration forced the agency to temporarily shut down its unclassified email system and public websites.
• Feminist Hacker Barbie Is Just What Our Little Girls Need – wired.com
  It’s a perfect example of the way women and girls are perceived to ‘understand’ the tech world, and how frustrating it can be when nobody believes this is how they’re treated.