Week 28 In Review – 2016

Events Related

USENIX Annual Technical Conference (ATC) 2016: The Best and Brightest Security Talks – duo.com
I recently attended the USENIX Annual Technical Conference (ATC) 2016 in Denver, Colorado. I was invited to give an industry talk, discussing my Bring Your Own Dilemma paper from last March (touching briefly on the Out Of Box Exploitation paper from May). Instead of just flying in for my talk and flying out, I wanted to hang out for the entire conference and hear some of the other talks.

OISF 2016 Videos – www.irongeek.com
These are the videos from the OISF Anniversary Event

Resources

UPC UBEE EVW3226 WPA2 Password Reverse Engineering, rev2 – deadcode.me
We reversed default WPA2 password generation routine for UPC UBEE EVW3226 router. This blog contains firmware analysis, reversing writeup, function statistical analysis and proof-of-concept generator.

Tools

mimikittenz – github.com
A post-exploitation powershell tool for extracting juicy info from memory.

Posh-SSH – github.com
PowerShell Module for automating tasks on remote systems using SSH

Techniques

SSD Advisory – Wget Arbitrary Commands Execution – blogs.securiteam.com
A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands.

Vulnerabilities

Researcher pops locks on keylogger, finds admin’s email inbox – theregister.co.uk
Trustwave researcher Rodel Mendrez has gained access to the inbox of the criminal behind a commercial keylogger used to attack industries including finance, cloud services, logistics, foreign trade, and government.

Other News

European Union’s First Cybersecurity Law Gets Green Light – bloomberg.com
The European Union approved its first rules on cybersecurity, forcing businesses to strengthen defenses and companies such as Google Inc. and Amazon.com Inc. to report attacks.