Week 29 In Review – 2015

Events Related

• Black Hat attendee report highlights the mess we’re in – zdnet.com
  Black Hat has released its first-ever attendee research report, highlighting infosec’s ongoing hiring crisis and a sector that feels poorly prepared to face current threats.

• How We Fared in the Cyber Grand Challenge – blog.trailofbits.com
  The Cyber Grand Challenge qualifying event was held on June 3rd, at exactly noon Eastern time. At that instant, our Cyber Reasoning System (CRS) was given 131 purposely built insecure programs.

• Converge 2015 Videos – irongeek.com
  These are the videos from the Converge Information Security Conference.

• BSides Detroit2015 Videos – irongeek.com
  These are the videos from the BSides Detroit 2015 Conference.

Tools

• Linux-based open source infosec tool
  • NSA releases Linux-based open source infosec tool – itnews.com.au
    The US National Security Agency has offered up one of its cyber security tools for government departments and the private sector to use freely to help beef up their security and counter threats.

• Magic Unicorn v2.0 Released – trustedsec.com
  This new version incorporates some significant improvements and multiple new attack vectors. First, the payload delivery system has been revamped to allow larger Metasploit-based payloads like the http/https which allows native PowerShell injection.

• hostapd MANA – github.com
  Modified version of SensePost’s Mana-Toolkit to add support for the RTL 8188/8192 series chipsets

• RFIDler-HID26-BruteForce – github.com
  Proof of Concept of HID26 Bruteforce

Techniques

• Starfighter, Summer 2015 – sockpuppet.org
  I don’t really like games. Screen graphics make me nauseous. The political interactions between players are tedious. I’m not a fan of chance, I stink at riddles and it’s rare that someone can concoct a mystery that I cannot immediately resolve.

• Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems – blog.trendmicro.com
  The dissection of the data from the Hacking Team leak has yielded another critical discovery: Hacking Team uses a UEFI BIOS rootkit to keep their Remote Control System (RCS) agent installed in their targets’ systems.

• OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) – kingcope.wordpress.com
  OpenSSH has a default value of six authentication tries before it will close the connection (the ssh client allows only three password entries per default).

Vulnerabilities

• Microsoft Internet Explorer 11 Zero-day – blog.vectranetworks.com
  On July 6th, information spread that the Italian company known as the Hacking Team were themselves the victims of a cyber attack. In the aftermath of this leak, Vectra researchers have analyzed the leaked data, and identified a previously unknown vulnerability in Internet Explorer 11 that impacts a fully patched IE 11 on both Windows 7 and Windows 8.1.

• Pawn Storm Java Zero-Day
  Operation Pawn Storm is a campaign known to target military, embassy, and defense contractor personnel from the United States and its allies. The attackers behind Operation Pawn Storm have been active since at least 2007 and they continue to launch new campaigns.
  • An In-Depth Look at How Pawn Storm’s Java Zero-Day Was Used – blog.trendmicro.com
  • Analyzing the Pawn Storm Java Zero-Day – Old Techniques Reused – blog.trendmicro.com

• Once-theoretical crypto attack against HTTPS now verges on practicality – arstechnica.com
  Almost a third of the world’s encrypted Web connections can be cracked using an exploit that’s growing increasingly practical, computer scientists warned Wednesday. They said the attack technique on a cryptographic cipher known as RC4 can also be used to break into wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol.

• Ubiquiti EdgeOS v1.6 Vulnerabilities – cataphract-security.co.uk
  Ubiquiti Networks specialises in providing networking equipment to emerging markets; however, due to the equipment affordability their hardware seems to be popular with small and medium-sized enterprises.

• Significant Flash exploit mitigations are live in v18.0.0.209 – googleprojectzero.blogspot.com
  Whilst Project Zero has gained a reputation for vulnerability and exploitation research, that’s not all that we do. One of the main reasons we perform this research is to provide data to defenders; and one of the things that defenders can do with this data is to devise exploit mitigations.

• Dozens of phone apps with 300M downloads vulnerable to password cracking (Updated) – arstechnica.com
  Smartphone apps from Walmart, CNN, ESPN, and dozens of other organizations put user accounts at risk of compromise because they allow attackers to make an unlimited number of login attempts, according to recently published research.

Other News

• CYBERSECURITY: THE DEPARTMENT OF THE INTERIOR – oversight.house.gov
  To explore the Department of the Interior’s (DOI) role in the recent U.S. Office of Personnel Management (OPM) data

• S.A. Summer Camp: More Hacking Than Hiking – nytimes.com
  While young people at other summer camps were enjoying weeks of swimming, crafts and more, the participants at this N.S.A.-sponsored camp in Arlington, Va., were learning tools and rules for cybersecurity.

• Flash. Must. Die. – wired.com
  ADOBE FLASH—THAT INSECURE, ubiquitous resource hog everyone hates to need—is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet’s most powerful players, but if the combined clattering of Facebook, Firefox, and a legion of unsatisfied users isn’t enough finally to put it in the ground, scroll down to see how to axe it from your devices yourself.