Week 40 In Review – 2015

Events Related

• Derbycon 2015 Videos – www.irongeek.com

• Black Hat USA 2015 – www.youtube.com

• Louisville Infosec 2015 Videos – www.irongeek.com

• Thoughts on my very first DerbyCon (which won’t be my last) – community.rapid7.com
  One you hang around in infosec for a little while, you learn that each of the major cons have their own reputation, their own mini-scene. This one’s got the great parties, that one has the best speakers, that other one is where the fresh research is presented, et cetera.

Resources

• Workshops
  • Week 1: Scripting and Virtualization (9/12/15) – hackucf.org
  • Week 2: Reverse Engineering (9/26/15) – hackucf.org

• Weekly Metasploit Wrapup: So Many Repos! – community.rapid7.com
  If you’ve been following along with Metasploit Framework development, you may have noticed that we have more than a couple repositories for committing code.

• Advanced Threat Tactics – Course and Notes – blog.cobaltstrike.com
  The release of Cobalt Strike 3.0 also saw the release of Advanced Threat Tactics, a nine-part course on red team operations and adversary simulations. This course is nearly six hours of material with an emphasis on process, concepts, and tradecraft.

Tools

• Miasm – github.com
  Reverse engineering framework in Python

• ShinySDR – github.com
  Software-defined radio receiver application built on GNU Radio with a web-based UI and plugins.

• HookME – API Based TCP Proxy Including SSL – hookme.googlecode.com
  HookME is a an API based TCP Proxy software designed for intercepting communications by hooking the desired process and hooking the API calls for sending and receiving network data (even SSL clear data).

• Qubes 3.0 – www.qubes-os.org
  Qubes is now based on what we call Hypervisor Abstraction Layer (HAL), which decouples Qubes logic from the underlying hypervisor.

Techniques

• Hacking IP Camera Coolcam NIP-09 NIP-02 – liken.otsoa.net

• Terminal escape sequences – the new XSS for Linux sysadmins – ma.ttias.be
  Escape sequences allow you to do funny things like write blinking commit messages, but there’s a darker side to them as well.

• [Part 1][EN] Hacking NETGEAR JWNR2010v5 Router – Authentication Bypass – www.shellshocklabs.com
  It has been a long time since my last update so today I want to show you two vulnerabilities found while reversing the firmware from a NETGEAR router.

• Bypassing UAC with PowerShell – www.labofapenetrationtester.com
  As I always try to keep the post-exploitation phase within PowerShell, I tested UACME and implemented some of the methods using PowerShell .

• Exploring Bluetooth & IIBeacons – From Software to Radio Signals and back – z4ziggy.wordpress.com
  This is the story of my Bluetooth hacking adventures. If you want to start with BTLE hacking right away, feel free to jump over to the 2nd (technical) part, otherwise read on as I share my BT exploration findings and thoughts.

• Flipping bits in the Windows Kernel – community.rapid7.com
  Recently, the MS15-061 bulletin has received some attention. This security bulletin includes patches for several Windows Kernel vulnerabilities, mainly related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been very well covered.

Vulnerabilities

• Here are the God-mode holes that gave TrueCrypt audit the slip – www.theregister.co.uk
  Google Project Zero hacker James Forshaw has found a pair of privilege-elevation holes in the once-popular TrueCrypt encryption package.

• Apple OS X 10.10 Security Disclosure – blog.gdssecurity.com
  Gotham Digital Science has discovered a vulnerability affecting the phone dialing and SMS integration of the Continuity feature set introduced in OS X 10.10 and iOS 8.

• Stagefright 2.0 Vuln Affects Nearly All Android Devices – www.darkreading.com
  Once again, Android has been found slashed wide open to a critical vulnerability in its multimedia engine that is easy to exploit, enables remote privileged code execution, requires no user interaction, and affects nearly every Android device.

Other News

• Cisco Expands Security Services Portfolio with Portcullis Acquisition – www.enterprisenetworkingplanet.com
  Cisco is at it again, acquiring yet another company to add to its roster. This time the target is privately-held Portcullis Computer Security.

• T-Mobile confirms data breach, Social Security numbers stolen – www.technobuffalo.com
  Bad news T-Mobile customers (and would-be customers): one of the Un-Carrier’s vendors, Experian, has announced a major data breach, with upwards of 15 million addresses, phone numbers and even SSN stolen in the attack.