Week 29 In Review – 2015

Events Related

  • How We Fared in the Cyber Grand Challenge – blog.trailofbits.com
    The Cyber Grand Challenge qualifying event was held on June 3rd, at exactly noon Eastern time. At that instant, our Cyber Reasoning System (CRS) was given 131 purposely built insecure programs.
  • Converge 2015 Videos – irongeek.com
    These are the videos from the Converge Information Security Conference.

Tools

  • Magic Unicorn v2.0 Released – trustedsec.com
    This new version incorporates some significant improvements and multiple new attack vectors. First, the payload delivery system has been revamped to allow larger Metasploit-based payloads like the http/https which allows native PowerShell injection.
  • hostapd MANA – github.com
    Modified version of SensePost’s Mana-Toolkit to add support for the RTL 8188/8192 series chipsets

Techniques

  • Starfighter, Summer 2015 – sockpuppet.org
    I don’t really like games. Screen graphics make me nauseous. The political interactions between players are tedious. I’m not a fan of chance, I stink at riddles and it’s rare that someone can concoct a mystery that I cannot immediately resolve.

Vulnerabilities

  • Microsoft Internet Explorer 11 Zero-day – blog.vectranetworks.com
    On July 6th, information spread that the Italian company known as the Hacking Team were themselves the victims of a cyber attack. In the aftermath of this leak, Vectra researchers have analyzed the leaked data, and identified a previously unknown vulnerability in Internet Explorer 11 that impacts a fully patched IE 11 on both Windows 7 and Windows 8.1.
  • Once-theoretical crypto attack against HTTPS now verges on practicality – arstechnica.com
    Almost a third of the world’s encrypted Web connections can be cracked using an exploit that’s growing increasingly practical, computer scientists warned Wednesday. They said the attack technique on a cryptographic cipher known as RC4 can also be used to break into wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol.
  • Ubiquiti EdgeOS v1.6 Vulnerabilities – cataphract-security.co.uk
    Ubiquiti Networks specialises in providing networking equipment to emerging markets; however, due to the equipment affordability their hardware seems to be popular with small and medium-sized enterprises.
  • Significant Flash exploit mitigations are live in v18.0.0.209 – googleprojectzero.blogspot.com
    Whilst Project Zero has gained a reputation for vulnerability and exploitation research, that’s not all that we do. One of the main reasons we perform this research is to provide data to defenders; and one of the things that defenders can do with this data is to devise exploit mitigations.

Other News

  • S.A. Summer Camp: More Hacking Than Hiking – nytimes.com
    While young people at other summer camps were enjoying weeks of swimming, crafts and more, the participants at this N.S.A.-sponsored camp in Arlington, Va., were learning tools and rules for cybersecurity.
  • Flash. Must. Die. – wired.com
    ADOBE FLASH—THAT INSECURE, ubiquitous resource hog everyone hates to need—is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet’s most powerful players, but if the combined clattering of Facebook, Firefox, and a legion of unsatisfied users isn’t enough finally to put it in the ground, scroll down to see how to axe it from your devices yourself.

Leave A Comment