Week 4 In Review – 2015

Events Related

• Our Favorite Presentations from ShmooCon 2015 – researchcenter.paloaltonetworks.com
  Jen and Phil were fortunate to attend this year’s ShmooCon, an annual hacker conference held in Washington, DC. Here are the wrap up of the conference.

Resources

• BSides Columbus 2015 Videos – irongeek.com
  hese are the videos from the BSides Columbus Ohio conference. You can watch and download the videos from here.
• Guest Blog: httpscreenshot – A Tool for Both Teams – blog.bugcrowd.com
  The Shmoocon presentations that Kymberlee recommended last week did not disappoint, and She’s excited to have the opportunity to share some of the great research she saw there with Bugcrowd customers and Crowd members. This tool released by Justin Kennedy and Steve Breen can be used by both Red Teams and Blue Teams. Enjoy!
• Shmoocon Notes: Userland Persistence on Mac OS X – carnal0wnage.attackresearch.com
  Notes from the conference for later by CG. Userland Persistence on Mac OS X. List of links are available here.

Tools

• CapTipper – github.com
  CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. You can download the tool from here.
• RDPY – github.com
  RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted.
• OpenSSL 1.0.2 Branch Release notes – openssl.org
  The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised here. The contents reflect the current state of the NEWS file inside the git repository.

Techniques

• Weekend Hacking with GNURADIO – beastiebytes.com
  The following describes Sven Tantau’s process towards a gnuradio module to print out the codes of the original remote and then re-using those codes with an USB dongle of a different vendor.

Vendor/Software patches

• Java Patch Plugs 19 Security Holes – krebsonsecurity.com
  Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility.

Vulnerabilities

• Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK – malware.dontneedcoffee.com
  Kafeine spotted an instance of Angler EK which is sending three different bullets targeting Flash Player. Disabling Flash player for some days might be a good idea.
• Advisory: XXE Injection in Oracle Database (CVE-2014-6577) – blog.netspi.com
  The XML Parser module in Oracle Database is vulnerable to XML External Entity (XXE) Injection. Affected versions: 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2. Patch released last week.