Week 3 In Review – 2017

Tools

• Acunetix Free Manual Pen Testing Tools – www.acunetix.com
  Acunetix Manual Tools allow penetration testers to further automated testing.

• waveconverter – github.com
  Factoria Labs 2016 WaveConverter is a Python application, built on GTK+ 3. The GUI has been implemented via Glade. A sqlite database has been implemented via sqlalchemy.

Techniques

• Cracking The 12+ Character Password Barrier, Literally – www.netmux.com
  What do I mean by cracking 12 characters passwords and above? I’m simply stating that with modern hardware, like the “budget” cracking rig, we can almost exhaustively search the highest probability keyspace for candidate passwords, against fast hashes like MD5, NTLM, SHA1, etc…, in a reasonable amount of time.

• Sniffing GSM Traffic with HackRF – z4ziggy.wordpress.com
  While my friend and colleague Simone was visiting our ZIMPERIUM – Enterprise Mobile Security TLV office, we got our hands on HackRF and hacked together the unguarded boarders of Radio Frequencies.

• Reflected XSS through AngularJS sandbox bypass causes password exposure of McDonald users – finnwea.com
  By abusing an insecure cryptographic storage vulnerability and a reflected server cross-site-scripting vulnerability it is possible to steal and decrypt the password from a McDonald’s user. Besides that, other personal details like the user’s name, address & contact details can be stolen too.

Vulnerabilities

• Intel Direct Connect Interface as a basis for hardware Trojans
  Researchers from Positive Technologies have revealed that some new Intel CPUs contain a debugging interface, accessible via USB 3.0 ports, that can be used to obtain full control over a system and perform attacks that are undetectable by current security tools.
  • Debugging mechanism in Intel CPUs allows seizing control via USB port – www.scmagazine.com
  • Debugging mechanism in Intel CPUs allows seizing control via USB port – twitter.com

Other News

• Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’ – www.theregister.co.uk
  Former New York City mayor and Donald loyalist Giuliani was today unveiled by Trump’s transition team as the future president’s cybersecurity adviser – meaning Giuliani will play a crucial role in the defense of America’s computer infrastructure.

• Researchers warn peace sign photos could expose fingerprints – www.engadget.com
  The peace sign is many people’s go-to picture pose, and it’s particularly popular in East Asia, but according to researchers it’s also the perfect way to expose your fingerprints online. In a study conducted at Japan’s National Institute of Informatics (NII), investigators found that, if the focus and lighting was right, they could recreate fingerprints from images shot up to 3 meters (nearly 10 feet) from the subject.