Week 48 In Review – 2015

Events Related

  • My SecTor Story: Root Shell on the Belkin WeMo Switch – www.tripwire.com
    Researchers from Tripwire were on hand to help attendees explore the world of IoT hacking. They brought with them a table full of devices ranging from routers to smart televisions. They also had a video demonstration of the exploitation of vulnerabilities in a home router.

Techniques

  • 5 Tips For Pentesters Switching To Python 3 – warroom.securestate.com
    Python has been a popular language among penetration testers from some time now and is used extensively here at SecureState. Python version 3 has been out since December 2008 and yet many scripts currently being produced by the security community exclusively target version 2.7.
  • Exploiting F5 ICall::Script Privilege Escalation (CVE-2015-3628) – blog.gdssecurity.com
    Earlier this yearGDS discovered a vulnerability in the F5 BIG-IP LTM product, that allows a user with limited access to the system to escalate his privileges and obtain highly privileged remote command execution on the device. This vulnerability was described in a previous post.
  • CMU Binary Bomb meets Symbolic Execution and Radare – ctfhacker.com
    For those unfamiliar with symbolic execution, I will present a summary of the mechanics as we proceed in the writeup. For further insight, I highly recommend checking out the MIT lecture on the subject.

Resources

  • Hello Barbie Security: Part 1 – Teardown – www.somersetrecon.com
    Mattel, with the help of San Francisco startup ToyTalk, recently released an Internet of Things (IoT) enabled Barbie doll that children can talk to, responding with over “8,000 lines of recorded content.” To produce all of this content it relies on a constant connection to the internet.
  • Common Findings Database – github.com
    The Common Findings Datase is a collection of markdown based findings writeups.

Tools

  • Medusa 2.2 Released! – github.com
    Medusa 2.2 is the first release in over three years. While there are no major changes to the core of the application, it does include many bug-fixes throughout the code base and numerous incremental improvements.
  • MagSpoof – samy.pl
    MagSpoof is a device that can spoof/emulate any magnetic stripe or credit card. It can work “wirelessly”, even on standard magstripe/credit card readers, by generating a strong electromagnetic field that emulates a traditional magnetic stripe card.

Vulnerabilities

  • 3 Attacks on Cisco TACACS+: Bypassing the Cisco’s auth – agrrrdog.blogspot.ca
    Usually, if a company has a big network with a lot of network devices, it may be a big problem to manage access to them. Thus, companies implement one of the protocols for centralized access management. Cisco devices support TACACS+ and RADIUS protocol.
  • More than 900 embedded devices share hard-coded certs, SSH host keys – www.net-security.org
    Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks, Carnegie Mellon University’s CERT/CC warns.

 

 

Leave A Comment