Week 24 In Review – 2017

Events Related

  • Security Fest – www.youtube.com
    This summer, Göteborg became the most secure city in Sweden! We had a day filled with great talks by internationally renowned speakers on some of the most cutting edge and interesting topics in IT-Security.

Resources

  • List of Printers Which Do or Do Not Display Tracking Dots – www.eff.org
    Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable.
  • Pentest-lab – github.com
    Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

Techniques

  • An Introduction to the CAN Bus: How to Programmatically Control a Car – news.voyage.auto
    A modern car has tons of control systems, functioning in many ways like micro-services do in web development. Think of airbags, braking, cruise control, electric power steering, audio systems, power windows, doors, mirror adjustment, battery and recharging systems for electric cars.

Tools

  • SessionGopher – github.com
    SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
  • mazda_getInfo – github.com
    A PoC that the USB port is an attack surface for a Mazda car’s infotainment system and how Mazda hacks are made
  • Venator – github.com
    Security Operations Center Multiple Purpose Tool, takes IP address input, conducts OSINT, conducts splunk, bro, fireeye, imperva, and firewall search, collects screenshots, generates report, injects captured artifacts into report, saves generated report with artifacts into a specified directory

Vulnerabilities

  • How a few yellow dots burned the Intercept’s NSA leaker – arstechnica.com
    When reporters at The Intercept approached the National Security Agency on June 1 to confirm a document that had been anonymously leaked to the publication in May, they handed over a copy of the document to the NSA to verify its authenticity.
  • Malware Uses Router LEDs to Steal Data From Secure Networks – www.bleepingcomputer.com
    Specially-designed malware installed on a router or a switch can take control over the device’s LEDs and use them to transmit data in a binary format to a nearby attacker, who can capture it using simple video recording equipment.

 

Leave A Comment