Week 6 In Review – 2016

Events Related

• Shmoocon 2016 – archive.org
  ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.

• BSides Huntsville 2016 Videos – www.irongeek.com
  These are the videos from the BSides Huntsville conference.

• Recon 2015 – recon.cx

Tools

• Routerhunter-2.0 – github.com
  Testing vulnerabilities in devices and routers connected to the Internet.

• Burp Suite Extension: Burp Importer – github.com
  Burp Importer is a Burp Suite extension written in python which allows users to connect to a list of web servers and populate the sitemap with successful connections. Burp Importer also has the ability to parse Nessus (.nessus), Nmap (.gnmap), or a text file for potential web connections.

• gophish – github.com
  Open-Source Phishing Toolkit

Techniques

• HackStory – github.com
  Advanced Threat’s Stories

• Avast: A web-accessible RPC endpoint can launch “SafeZone” (also called Avastium), a Chromium fork with critical security checks removed. – code.google.com
  This one is complicated, but allows an attacker to read any file on the filesystem by clicking a link. You don’t even have to know the name or path of the file, because you can also retrieve directory listings using this attack. Additionally, you can send arbitrary *authenticated* HTTP requests, and read the responses. This allows an attacker to read cookies, email, interact with online banking and so on.

• Exploiting the Diffie-Hellman bug in socat – vnhacker.blogspot.com
  More background information on this vulnerability can be found on Ars Technica and Hacker News, in this post I want to focus on building an exploit.

• Push To Hack: Reverse engineering an IP camera – www.contextis.com
  The Motorola Focus 73 outdoor security camera is packed with features and quite a few surprises – it’s not made by Motorola for starters. It’s the outdoor variant of a family of Blink and Motorola IP cameras manufactured by Binatone which includes baby monitors.

• Deserialization in Perl v5.8 – www.agarri.fr

• Bypassing Rolling Code Systems – andrewmohawk.com
  This blog post will discuss the implementation of Codegrabbing / RollJam, just one method of attacking AM/OOK systems that implement rolling codes (such as keeloq) — these systems are commonly found on modern vehicles and entry systems such as gates and garages.

Vendor/Software Patches

• WordPress Update Fixes SSRF, Open Redirect Vulnerability – threatpost.com
  Developers at WordPress are encouraging users to upgrade to the latest version, 4.4.2, in order to resolve a handful of bugs and vulnerabilities in the content management system.

Vulnerabilities

• There’s a lot of vulnerable OS X applications out there. – vulnsec.com
  This short weekend research revealed that we have many insecure applications in the wild. As a result, I have found a vulnerability which allows an attacker take control of another computer on the same network (via MITM).

• In A UEFI World, “rm -rf /” Can Brick Your System – www.phoronix.com
  As a public service announcement, recursively removing all of your files from / is no longer recommended. On UEFI distributions by default where EFI variables are accessible via /sys, this can now mean trashing your UEFI implementation.

• Socat Warns Weak Prime Number Could Mean It’s Backdoored – threatpost.com
  Socat is a versatile command line utility that builds bi-directional communication streams and moves data between channels, including files, network pipes, serial connected devices, sockets or a combination of any of these.

• PayPal Remote Code Execution – blog.ptsecurity.com
  In December 2015, I found a critical vulnerability in one of PayPal business websites (manager.paypal.com). It allowed me to execute arbitrary shell commands on PayPal web servers via unsafe Java object deserialization and to access production databases.

Other News

• Norse Corp disappears shortly after CEO is asked to step down – www.csoonline.com
  On Saturday, investigative journalist Brian Krebs, citing sources familiar with the situation, said that Norse Corp CEO, Sam Glines, was asked to step down by the board of directors. The same sources told Krebs that employees were told that they could report to work on Monday, but that there was no guarantee they’d be paid for their work.

• 63,000 College Students Hacked at University of Central Florida – gizmodo.com
  At least 63,000 current and former students at the University of Central Florida are getting bad news this week: Someone breached the school’s network to access their social security numbers and other sensitive personal data.

• Hackers leak DHS staff directory, claim DOJ is next – www.csoonline.com
  On Sunday, an account on Twitter posted a Department of Homeland Security staff directory with 9,355 names. Shortly after the DHS data was posted, the account went on to claim that an additional data dump focused on 20,000 FBI employees was next.