Week 7 In Review – 2015

Resources

• Today I Am Releasing Ten Million Passwords – xato.net
  A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So Mark Burnett built a data set of ten million usernames and passwords that he is releasing to the public domain.
• BSides Huntsville 2015 Videos – irongeek.com
  These are the videos from the BSides Huntsville conference. You can watch and download the videos from here.
• CA Alternative Whitepapers – isecpartners.github.io
  Academic co-authors Adam Bates, Joe Pletcher, Tyler Nichols, Dave Tian and iSEC engineer Braden Hollembaek had a pair of interesting papers published at the 2014 Conference on Computer and Communications Security and the 2014 Internet Measurement Conference, respectively. Links to the papers and source code can be found here.

Tools

• RuberTooth – A complete Ruby porting of the ubertooth libraries and utilities – evilsocket.net
  Simone Margaritelli studied the USB communication protocol implemented inside libubertooth and found out that is very easy and well implemented, so he started to write some Ruby code using the libusb gem and a new project was born.
• AWS Scout2 – github.com
  Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. You can download it from here.

Techniques

• Firmware Forensics: Diffs, Timelines, ELFs and Backdoors – w00tsec.blogspot.com
  This post covers some common techniques that Bernardo Rodrigues use to analyze and reverse firmware images. These techniques are particularly useful to dissect malicious firmwares, spot backdoors and detect unwanted modifications.
• Apple Lightning – ramtin-amin.fr
  The lightning cable is a 8 pin connector. It could be inserted in both side The pinout is found in Apple’s patent. After some reading about the connector, and gathering some informations and leaked docs here and there, one of the interesting part was this one.
• Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account – passing-the-hash.blogspot.com
  Microsoft recently released a zipfile which contains both a document and a powershell script that can be used to change the KRBTGT in a domain. Before doing anything, RTFM that comes with it and obviously run it in a test environment and make sure that it doesn’t eat kittens in your environment.

Vulnerabilities

• Anthem Breach May Have Started in April 2014 – krebsonsecurity.com
  Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion.
• One-Bit To Rule Them All: Bypassing Windows’ 10 Protections using a Single Bit – breakingmalware.com
  This entry starts by detailing the vulnerability. At first, it seemed impossible to exploit. After some hard word, however, breakingmalware team managed to produce a fully working exploit which they’ll describe here.
• Lack of CSPRNG Threatens WordPress Sites – threatpost.com
  The issue lies in the fact that WordPress doesn’t contain a cryptographically secure pseudorandom number generator. A researcher named Scott Arciszewski made the WordPress maintainers aware of the problem nearly eight months ago and said that he has had very little response.

Other News

• How infosec hiring lost its way: Harsh findings in Leviathan report – zdnet.com
  In one of three cloud security whitepapers released by Leviathan Security Group today, the firm revealed infosec’s problematic hiring arc — where solutions appear ruinous, at best.
• Obama’s New Order Urges Companies to Share Cyber-Threat Info With the Government – wired.com
  President Barack Obama announced a new Executive Order today aimed at facilitating the sharing of information about cyber-threats between private sector companies and the government.