Events Related
- 44CON – www.slideshare.net
- BSides Augusta 2015 Videos – www.irongeek.com
Videos from the BSides Augusta conference.
Resources
- Satellite Turla: APT Command and Control in the Sky – securelist.com
When you are an APT group, you need to deal with many different problems. One of them, and perhaps the biggest, is the constant seizure and takedown of domains and servers used for command-and-control (C&C).
- Extracting Hashes & Plaintext Passwords from Windows 10 – www.attactics.org
I, like I’m sure many others out there, have been playing with Windows 10 in a virtual environment the last few weeks. My motivation has primarily been to understand how the game has changed with respect to my standard set of tools.
- How we cracked millions of Ashley Madison bcrypt hashes efficiently – cynosureprime.blogspot.com
Not long after the release of the Ashley Madison leaks, many groups and individuals attempted to crack the bcrypt hashes. Since the developers used a cost factor of 12 for the bcrypt hash, this made the process an extremely compute intensive task. We decided to take a different approach and made some rather interesting discoveries.
- The Latest on Stagefright: CVE-2015-1538 Exploit is Now Available for Testing Purposes – blog.zimperium.com
More than a month has passed since Zimperium first broke the news of zLabs’ VP of Platform Research and Exploitation Joshua J. Drake’s discovery of multiple critical vulnerabilities in Android’s media library – libstagefright.
- N900 HackPack – n900-hackers.org
Tools
- Ubertooth – github.com
- Empire – www.powershellempire.com
Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture.
- TSA-Travel-Sentry-master-keys – github.com
3D reproduction of TSA Master keys
- GDB dashboard – github.com
Modular visual interface for GDB in Python
- Canary tokens – Quick, Free, Detection for the Masses – blog.thinkst.com
Canary tokens are a free, quick, painless way to help defenders discover they’ve been breached (by having attackers announce themselves.)
Techniques
- Proxying Bluetooth devices for security analysis using btproxy – conorpp.com
I wrote a tool that will leverage 1 or 2 regular Bluetooth adapters to act as a proxy for two other devices connecting to each other. Proxying the connection allows insight into clear text traffic and the ability to modify it in real time.
- Hacking fixed key remotes with (only) RFCat – andrewmohawk.com
Its been absolutely ages since I’ve posted anything on the blog, not that I haven’t been doing things, just really not many things I felt good enough to write an entry about. I got a lot of feedback regarding my previous entry about Hacking Fixed key remotes and I decided to build on that slightly.
- Spawning Shells Over Bluetooth – warroom.securestate.com
This post will outline a simple technique that can be used to maintain a shell with a full PTY on a compromised Linux host with Bluetooth. A simple pseudo-serial connection can be created with Bluetooth using the common RFCOMM protocol.
- Exploiting UEFI Boot Script Table Vulnerability
The main goal of UEFI vulnerabilities discovered by researchers — it’s relatively easy way to bypass different platform security measures (BIOS write protection, SMM protection) on wide range of modern motherboards and laptops that available at the market.- CHIPSEC Module That Exploits UEFI Boot Script Table Vulnerability – www.linkedin.com
- Breaking UEFI security with software DMA attacks – blog.cr4.sh
Vendor / Software Patches
- Adobe Patches Two Shockwave Player Vulnerabilities – threatpost.com
Adobe today released a new version of its Shockwave Player that patches two critical vulnerabilities that could be remotely exploited.
- Microsoft Pushes a Dozen Security Updates – krebsonsecurity.com
Microsoft today released a dozen security updates for computers running supported versions of its Windows operating system. Five of the patches fix flaws that could get PCs compromised with little to no help from users, and five of the bulletins have vulnerabilities that were publicly disclosed before today (including one that reportedly has been detected in exploits in the wild).
- First-ever monthly Android security updates start to roll out – arstechnica.com
The publicity got the Android device ecosystem—Google, OEMs, and carriers—to at least start paying attention to delivering security updates to users in a timely manner. Google, Samsung, and LG scrambled to get fixes out to their flagship devices and promised monthly security updates for their devices.
Vulnerabilities
- How $100 And Knowledge Of Wireless Protocols Could Bring Cities To A Standstill – www.forbes.com
Cesar Cerrudo is Chief Technology Officer for IOActive Labs, a security consultancy with a global presence and deep expertise in hardware, software, and wetware assessments. He leads the team in producing ongoing, cutting-edge research in areas including Industrial Control Systems/SCADA, Smart Cities, the Internet of Things, and software and mobile device security.
- WhatsApp “MaliciousCard” Vulnerabilities Allowed Attackers to Compromise Hundreds of Millions of WhatsApp Users – blog.checkpoint.com
WhatsApp Web is a web-based extension of the WhatsApp application on your phone. The web application mirrors all messages sent and received, and fully synchronize your phone and your desktop computer so that users can see all messages on both devices.
- iOS Calendar exposes special string overflow exploit – translate.wooyun.io
iOS Calendar exposes special string overflow exploit, allowing iPhone to be remotely attacking and causing system crash
- F5 ICall::Script Privilege Escalation (CVE-2015-3628) – blog.gdssecurity.com
Earlier this year GDS discovered a vulnerability in the F5 BIG-IP LTM product that allows a user with limited access to the system to escalate privileges and obtain highly privileged remote command execution on the device.
Other News
- This hilarious Cisco fail is a network engineer’s worst nightmare – thenextweb.com
In 2013, Cisco issued a ‘field notice’ warning of a problem with its very expensive 3650 and 3850 Series Switches, used in many datacenters around the world. That field notice detailed a major problem with the switches, discovered after they were released: plugging in a cable could wipe them entirely in just a few seconds.
- SPY Car Act Is Crucial First Step In Securing Our Cars From Hackers – www.forbes.com
On July 21, Senators Edward Markey and Richard Blumenthal introduced first-of-its-kind legislation, the Security and Privacy in Your Car Act (SPY Car Act). The senators’ legislation directs the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards that will secure today’s connected car.
- FireEye Vulnerability Disclosure
A controversy has erupted today at London security conference 44CON as details emerge of U.S. security company FireEye’s attempts to stifle any public disclosure of a major series of vulnerabilities in its suite – all of which have now been patched.
- Over 10M Consumers’ Personal Info Stolen In Latest Health Insurer Data Breach – consumerist.com
For at least the fourth time this year, millions of consumers are being faced with some bad news: health insurer Excellus Blue Cross Blue Shield has announced the discovery of a major data breach in their systems. Over 10 million subscribers to Excellus and their partner services now have their most personal information — including medical claims records and social security numbers — stolen.
- Records: Energy Department struck by cyber attacks – www.usatoday.com
Incident reports submitted by federal officials and contractors since late 2010 to the Energy Department’s Joint Cybersecurity Coordination Center shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation’s power grid, nuclear weapons stockpile and energy labs.
Leave A Comment