Week 49 In Review – 2016

Events Related

• BSidesLV – youtube.com
  Recordings of Security BSides Las Vegas sessions, selected sessions of sister conferences and other Information Security related educational materials.

• BotConf 2016
  This is already the fourth edition of the Botconf security conference, fully dedicated to fighting malware and botnets. Since the first edition, the event location changed every year and it allowed me to visit nice cities in France.
  • Botconf 2016 Wrap-Up Day #1 – blog.rootshell.be
  • Botconf 2016 Wrap-Up Day #2 – blog.rootshell.be
  • Botconf 2016 Wrap-Up Day #3 – blog.rootshell.be

• BSides Philadelphia 2016 – www.irongeek.com
  These are the videos from BSides Philadelphia 2016.

Resources

• Fast comparison of Nessus and OpenVAS knowledge bases – avleonov.com
  In my opinion, quality of knowledge base is the most important characteristic of Vulnerability Management (VM) product. Maybe it’s because I have spent significant amount of time making different security content for vulnerability scanners and this is some form of professional deformation.

• BSidesLV Passwords16 con talk super-mega-thread – www.reddit.com

Tools

• CyberChef – github.com
  CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser.

Techniques

• Spoofing Beacon Frames From The 5000 Most Common SSIDS – jerrygamblin.com
  I have been reading a lot about Beacon Frames on my vacation this week (stop laughing) and I came across a tool in Kali called MDK3 that will allow you to send fake beacon frames.  I couldnt pass up a chance to test this so I pulled out my trusty TL-WN722N and made a list of the 5,0000 most common SSIDS from wiggle.net.

• Azure Bug Bounty
  I was tasked with creating a machine image of Red Hat Enterprise Linux that was compliant to the Security Technical Implementation guide defined by the Department of Defense.
  • Azure bug bounty Pwning Red Hat Enterprise Linux – ianduffy.ie
  • Azure bug bounty Root to storage account administrator – ianduffy.ie

• Exploit for Firefox and Tor
  Currently this exploit causes a workstation report back to an IP address based at OVH in France. But this code can likely be repurposed to infect workstations with malware or ransomware.
  • Javascript exploit – lists.torproject.org
  • Emergency Bulletin: Firefox 0 day in the wild. What to do. – www.wordfence.com

Vulnerabilities

• You Can Now Rent a Mirai Botnet of 400,000 Bots – www.bleepingcomputer.com
  For our readers unfamiliar with Mirai, this is a malware family that targets embedded systems and Internet of Things (IoT) devices and has been used in the past two months to launch the largest DDoS attacks known to date.

• It’s not just you, iCloud calendar spam is on the rise – techcrunch.com
  If you’re using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday “deals” coming from Chinese users.

• Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker – www.bleepingcomputer.com
  Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges.

• Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1 – arstechnica.com
  Apple’s Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won’t work without the original user’s Apple ID and password.

Other News

• Hackers Breached San Francisco’s Transit System and Demanded a Ransom – www.slate.com
  The computer system that serves San Francisco’s Muni was hacked late last week, giving locals tens of thousands of free rides on the nation’s seventh-largest transit system.

• Senate fails to stop FBI’s expanded hacking authority – www.engadget.com
  Senators Ron Wyden, Chris Coons and Steve Daines have failed to block changes to the US’ criminal procedure rules (specifically, Rule 41) that would let the FBI hack computers in any jurisdiction provided they have a search warrant.

• How an obscure rule lets law enforcement search any computer – www.engadget.com
  The changes expand the FBI’s ability to search multiple computers, phones and other devices across the country, and even overseas, on a single warrant.