Week 5 In Review – 2015

Resources

• Army cyber defenders open source code in new GitHub project – army.mil
  Army cyber defenders released code to help detect and understand cyber attacks. The forensic analysis code called Dshell has been used, for nearly five years, as a framework to help the U.S. Army understand the events of compromises of Department of Defense networks.

Tools

• Vane – github.com
  Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan. You can download this from here.
• lisa.py – github.com
  An Exploit Dev Swiss Army Knife. Virsion:v-ichi. Download this from here.

Techniques

• BadSamba – Exploiting Windows Startup Scripts Using A Malicious SMB Server – blog.gdssecurity.com
  The scenario for this post includes a startup script running from a remote server using an SMB share. After seeing a similar scenario wherein a script was being run from a remote SMB share, this got Sam Bertram thinking, Would it be possible to spoof the SMB server? From this idea the concept of BadSamba was born.
• Patching, Emulating, and Debugging a Netgear Embedded Web Server – shadow-file.blogspot.com
  This should get you started emulating and debugging some more challenging binaries. With enough work you can get fairly complicated programs from an embedded device running in emulation.

Vendor/Software patches

• Yet Another Emergency Flash Player Patch – krebsonsecurity.com
  For the second time in a week, Adobe has issued an emergency update to fix a critical security flaw that crooks are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X.

Vulnerabilities

• GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems – threatpost.com
  A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines.
  • Some notes on GHOST -blog.erratasec.com
    Robert Graham haven’t seen anybody compile a list of key points about the GHOST bug, so he thought he’d write up some things. He get this from reading the code, but mostly from the advisory.
• BlackPwn: BlackPhone SilentText Type Confusion Vulnerability -blog.azimuthsecurity.com
  While exploring recently purchased BlackPhone, Mark discovered that the messaging application contains a serious memory corruption vulnerability that can be triggered remotely by an attacker. This post discusses the technical details of this vulnerability.

Other News

• FCC: Blocking Wi-Fi in hotels is prohibited – arstechnica.com
  On Tuesday, the Federal Communications Commission issued an “Enforcement Advisory” stating that blocking W-Fi in hotels is unequivocally “prohibited.” The FCC bluntly stated, referencing a dispute between Marriott and its customers who said the hotel chain had blocked their personal hotspots to force them to pay for Marriott’s Wi-Fi services.
• Prosecutors Trace $13.4M in Bitcoins From the Silk Road to Ulbricht’s Laptop – wired.com
  A former federal agent has shown in a courtroom that he traced hundreds of thousands of bitcoins from the Silk Road anonymous marketplace for drugs directly to the personal computer of Ross Ulbricht, the 30-year-old accused of running that contraband bazaar.