I’m back to Luxembourg for a new edition of hack.lu. In fact, I arrived yesterday afternoon to attend the MISP summit. It was a good opportunity to meet MISP users and to get fresh news about the project.
- My slides from BsidesPDX’16 – firmwaresecurity.com
I gave a brief presentation at Security BSides Portland (BsidesPDX) a few days ago. Title was “Firmware Tools for Security Researchers”. Since it was only a 20-minute time slot, I only had time to cover a few tools, and didn’t get a chance to mention other noteworthy tools.
- Setting up a Research Environment for IP Cameras – insinuator.net
Embedded devices often serve as an entry point for an attack on a private or corporate network. The infamous attack on HackingTeam, for example, followed exactly this path as was revealed here. Although the attack may have been for the greater good (refer also to this great keynote), such incidents demonstrate that it is important to properly secure your embedded devices.
- IP Cameras Default Passwords Directory – ipvm.com
We have gathered this list of IP camera manufacturers and their default usernames and passwords to help users get started more quickly. After the list, we discuss recent changes by manufacturers as well as password security issues.
- BloodHound – github.com
- What are malicious USB keys and how to create a realistic one? – www.elie.net
Dropping a malicious USB key in a parking lot is an effective attack vector, as demonstrated by our recent large-scale study. This blog post follows up on the study by showing how reliable and realistic-looking malicious USB keys can be created.
- Just Too Much Administration – Breaking JEA, PowerShell’s New Security Barrier – www.scriptjunkie.us
Just Enough Administration (JEA) is a new Windows 10/Server 2016 feature to create granular least privilege policies by granting specific administrative privileges to users, defined by built-in and script-defined PowerShell cmdlets. Microsoft’s documentation claimed JEA was a security boundary so effective you did not need to worry about an attacker stealing and misusing the credentials of a JEA user.
- Extracting LastPass Site Credentials from Memory – techanarchy.net
Let me start by stating this is not an exploit or a vulnerability in LastPass. This is just extracting any data that may remain in memory during a forensics acquisition. At some point the data must be in clear.
- Inside The Bulb: Adventures in Reverse Engineering Smart Bulb Firmware – hackernoon.com
Following the Reverse Engineering a Smart Light Bulb post, I got contacted by Eyal, a member of the TAMI community, asking if we could meet up and try to reverse engineer a Xiaomi Yeelight WiFi Bulb he has recently purchased.
- SLACK, A Brief Journey to Mission Control – secalert.net
In order to understand the infrastructure and to gain information about the used framework I started to check the HTTP response header and saw that Slack is using an Apache httpd server. So I tried to identify common Apache directories and directives like “/icons/README”, “/manual/”, “/server-info” and “/server-status”.