Week 21 In Review – 2016

Tools

• fwexpl – github.com
  PC firmware exploitation tool and library

Techniques

• The best part about open source software is there’s no hidden backdoors – twitter.com

• Kerberoasting
  SPNs are used by Kerberos authentication to associate a service instance with a service logon account.
  • Kerberoasting – Part 1 – room362.com
  • Kerberoasting – Part 2 – room362.com
  • Kerberoasting – Part 3 – room362.com

Vulnerabilities

• Chinese ARM vendor left developer backdoor in kernel for Android, other devices – arstechnica.com
  Allwinner, a Chinese system-on-a-chip company that makes the processor used in many low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices, apparently shipped a version of its Linux kernel with a ridiculously easy-to-use backdoor built in.

Other News

• Fingerprinting a Security Team – blogs.adobe.com
  The central security team in a product development organization plays a vital role in implementing a secure product lifecycle process.  It is the team that drives the central security vision for the organization and works with individual teams on their proactive security needs.

• 7 Tips to Get the Absolute Best Price from Security Vendors – blog.jeremiahgrossman.com
  Security budgets are always extremely tight, so it’s smart to get the absolute best price possible from your security vendors. Never ever pay full price, or even take the first quote vendors give you.