Events Related
- BSidesCharm 2017 Videos – www.irongeek.com
These are the videos BSidesCharm (Baltimore) 2017.
Resources
- Car Hacking – illmatics.com
Instead of buying books or paying exorbitant amount of money to learn about car hacking, we (Charlie Miller and Chris Valasek) decided to publish all our tools, data, research notes, and papers to everyone for FREE!
- Password Magic Numbers – room362.com
LanManager passwords (“LM”) is a very old and well known password hashing function. Used way back in OS/2 Warp and MS-Net (networking for MS-DOS). It was great in it’s day, however how it worked was not sustainable.
Techniques
- WHID Injector: How to Bring HID Attacks to the Next Level – whid-injector.blogspot.lt
Due this increased amount of nifty software, as Pentester and Red-Teamer, I wanted a cheap and dedicated hardware that I could remotely control (i.e. over WiFi or BLE). And this is how WHID was born.
- DEFCON CTF 2017 Quals
Potent Pwnables- DEFCON CTF 2017 Quals — peROPdo – bruce30262.logdown.com
- DEFCON CTF 2017 Quals — badint – bruce30262.logdown.com
- Outlook Forms and Shells – sensepost.com
Using MS Exchange and Outlook to get a foothold in an organisation, or to maintain persistence, has been a go to attack method for RedTeams lately. This attack has typically relied on using Outlook Rules to trigger the shell execution. Although Ruler makes accomplishing this really easy, it has, up until now, required a WebDAV server to host our shell/application.
- Reverse-Engineering The Peugeot 207’s CAN BUS – hackaday.com
Here’s a classic “one thing led to another” car hack. [Alexandre Blin] wanted a reversing camera for his old Peugeot 207 and went down a rabbit hole which led him to do some extreme CAN bus reverse-engineering with Arduino and iOS.
- SSD Advisory – CloudBees Jenkins Unauthenticated Code Execution – blogs.securiteam.com
Jenkins helps to automate the non-human part of the whole software development process with now common things like continuous integration and by empowering teams to implement the technical aspects of continuous delivery.
Vulnerabilities
- Chinese Hackers Show How To Steal Your Car With $20 Of Hardware – jalopnik.com
A team of Chinese researchers have figured out a very clever and cheap way to hack the passive keyless entry system and actually drive off in people’s cars.
- Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools – www.theregister.co.uk
The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told.
- Intel Active Management Technology
Intel chipsets for some years have included a Management Engine, a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT is another piece of software running on the ME, albeit one that takes advantage of a wide range of ME features.- Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege – security-center.intel.com
- Intel’s Remote AMT Vulnerability – mjg59.dreamwidth.org
- Do you have Intel AMT, Then you have a problem today – isc.sans.edu
- Google Doc Phishing Scam
On Wednesday afternoon, countless unsuspecting email users—including reporters from BuzzFeed, Hearst, New York Magazine, Vice, as well as your friends here at Gizmodo Media—received some seemingly legit invites to view a Google Docs file.
Other News
- Car hacking’s dynamic duo offers to save others $1m in research – www.theregister.co.uk
Two famed car hackers claim they can save fellow tinkerers and security researchers a lot of time and money – by handing over their tools and blueprints for free. The pair boast the gear is worth over a million bucks.
Leave A Comment