Week 19 In Review – 2016

Resources

• Phrack – phrack.org

Tools

• Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer – trustfoundry.net
  Brian Krebs has produced numerous articles on ATM skimmers. He has essentially become the “go to” journalist on ATM fraud. From reading his stuff, I have learned how the “bad guys” think when it comes to ATM fraud.

• exploit-poc – github.com
  This is a PoC CSRF targeting certain Netgear devices. It forwards TCP port 5000 from the WAN interface to the router’s internal IP address.

• OWTF 2.0a “Tikka Masala” released – blog.7-a.org

Techniques

• HackRF Replay Attack Jeep – calebmadrigal.com
  One of the most simple (and most interesting attacks) which can be done with SDR is what’s called a Replay Attack. It works by simply recording a signal, and then rebroadcasting it. I was able to use this attack to lock and unlock my Jeep Patriot (2006) with my computer.

Vulnerabilities

• How the Pwnedlist Got Pwned – krebsonsecurity.com
  Pwnedlist is run by Scottsdale, Ariz. based InfoArmor, and is marketed as a repository of usernames and passwords that have been publicly leaked online for any period of time at Pastebin, online chat channels and other free data dump sites.

• Hacking into homes: ‘Smart home’ security flaws found in popular system – ns.umich.edu
  Cybersecurity researchers at the University of Michigan were able to hack into the leading “smart home” automation system and essentially get the PIN code to a home’s front door.

• Bunch of security bugs found on ImageMagick
  There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
  • ImageMagick Is On Fire — CVE-2016–3714 TL;DR – imagetragick.com
  • Server-jacking exploits for ImageMagick are so trivial, you’ll scream – theregister.co.uk
  • Add ImageMagick exploit #6848 – github.com

• The DBIR’s ‘Forest’ of Exploit Signatures – blog.trailofbits.com
  If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less. The report’s most glaring flaw is the assertion that the TLS FREAK vulnerability is among the ‘Top 10’ most exploited on the Internet. No experienced security practitioner believes that FREAK is widely exploited.

• WordPress Redirect Hack via Test0.com/Default7.com – blog.sucuri.net
  We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / test246 .com domains.

Other News

• A dubious cyber security conference – lightbluetouchpaper.org
  I’ve written before about dubious “academic” journals… and today I’m going to discuss a dubious “academic” conference (which is associated with some dubious journals, but it’s the conference that’s my focus today).