Week 23 In Review – 2015

Events Related

• BSidesLondon 2015 Wrap-Up – blog.rootshell.be
  Here is a quick wrap-up of the BSidesLondon 2015 by Xavier. This year, they moved to a new location close to Earls Court where is organized InfoSec Europe at the same time.
• WAF Bypass at Positive Hack Days V – blog.ptsecurity.com
  Though the contest WAF configuration allowed bypassing, uncommon solutions were also presented. This was actually the goal of the contest: participants had the opportunity to try themselves in bypassing protection mechanisms, while Positive Research can improve their product due to the results.

Resources

• Cobalt Strike Penetration Testing Labs (Download) – blog.cobaltstrike.com
  The Cobalt Strike Pen Testing Lab DVD material is now available for download. This DVD covers the Metasploit Framework‘s capability to target a server. It also covers the client-side attack process in Cobalt Strike.

Tools

• Version 6 Release of the REMnux Linux Distro for Malware Analysis – zeltser.com
  Here is the announcement of the v6 release of the REMnux distro, which helps analysts examine malware using free utilities in a Linux environment. You can download it from here.
• Nmap 6.49BETA1 released – seclists.org
  Fyodor has announced the release of Nmap 6.49BETA1. This version will have hundreds of improvement including 25 new NSE scripts (total is now 494).

Techniques

• OpenSesame – samy.pl
  OpenSesame is a device that can wirelessly open virtually any fixed-code garage door in seconds, exploiting a new attack SamyKamkar has discovered on wireless fixed-pin devices. Using a child’s toy from Mattel. Live demonstration and full details available in the video here.

Vulnerabilities

• More than 60 undisclosed vulnerabilities affect 22 SOHO routers – seclists.org
  A group of security researchers doing IT Security Master’s Thesis at Universidad Europea de Madrid have discovered multiple vulnerability issues on the following SOHO routers.
  • New SOHO router security audit uncovers over 60 flaws in 22 models -www.itworld.com
    Some of the vulnerabilities could allow attackers to take over the affected devices.
• Users with weak SSH keys had access to GitHub repositories for popular projects – itworld.com
  A number of high-profile source-code repositories hosted on GitHub could have been modified using weak SSH authentication keys, a security researcher has warned. GitHub revoked the keys, but it’s not clear if they were ever abused by attackers.
• Sourceforge Hijacks the Nmap Sourceforge Account – seclists.org
  You may have already read the recent news about Sourceforge.net hijacking the GIMP project account to distribute adware/malware. Another bad news is that Sourceforge has also hijacked the Nmap account and The old Nmap project page is now blank!

Other News

• USA Freedom Act Passes: What We Celebrate, What We Mourn, and Where We Go From Here – eff.org
  The Senate passed the USA Freedom Act by 67-32 on June 2. Technology users everywhere should celebrate, knowing that the NSA will be a little more hampered in its surveillance overreach, and both the NSA and the FISA court will be more transparent and accountable than it was before the USA Freedom Act.
  • Let the snooping resume: Senate revives Patriot Act surveillance measures -arstechnica.com
    The Senate on Tuesday revived three surveillance provisions of the Patriot Act that had expired early Monday because of Senate discord. Lawmakers approve a variation of the phone-records spy program Snowden revealed.
  • Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border -arstechnica.com
    The effort is the latest known expansion of the N.S.A.’s warrantless surveillance program, which allows the government to intercept Americans’ cross-border communications if the target is a foreigner abroad.
• Who’s behind mysterious flights over US cities? FBI -csmonitor.com
  FBI spy planes: US law enforcement officials confirmed for the first time the wide-scale use of the aircraft, which the AP traced to at least 13 fake companies. The AP traced at least 50 aircraft back to the FBI, and identified more than 100 flights since late April orbiting both major cities and rural areas.
• OPM Hack May Have Exposed Security Clearance Data -threatpost.com
  Twenty-four hours after unnamed White House officials said the Office of Personnel Management (OPM) data breach was linked to China, one security company has connected the intrusion to the massive break-ins earlier this year at insurance companies Anthem and Premera Blue Cross.
  • Data hacked from U.S. government dates back to 1985: U.S. official -reuters.com
    Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.