7MS #193: News and Links Roundup
What follows are some of my favorite training opportunities, news bits, tools/scripts and humorous stories to send you into the weekend with!
Another BHIS Webcast is coming up May 24 from 3 p.m. - 4 p.m. EST, described as:
The vast majority of attacks originate from the outside of your network. Be it remote attacks, email attacks or social engineering the external attacks are getting good.. Or bad... Or.. Look, it is hard to tell. Perspective matters. Lets just say that it is a great time to be an attacker. Either a professional pentester or a bad guy.
In this webcast Ed and John will talk about their favorite ways to gain external access to internal networks. We will cover AV bypass, creating trojans and other fun/scary attack vectors.
Look interesting? Register here.
I'm still working on the CCSP but have switched gears from ITPro.tv training to the Cybrary.it offering and I love it. The modules are concise, straight to the point and only a few minutes per episode. I'm working on a down n' dirty study guide that I'll share when complete!
Ed Skoudis has a fantastic presentation (from Derbycon 2014) on how to give the best pentest of your life. Moral of the story: focus less on pwnage, and more on providing value to the target organization. Some must haves:
- Great documentation
- Compliment them on something they're doing well
- Got 0-days? Burn 'em on the pentest if you got 'em!
- Perform client-side attacks (if it's PCI, you need to test both sides of the client environment, so try some client-side attacks to pop a box that can get into the card environment)
- Play the "0-day card" and get access to one client machine. Alternatively, ask them to model a user who can run an app or apps (av evasion). Or ask for a general account and demonstrate breaking out of it.
- Stay within scope, but ask for scope creep if deemed valuable to the pentest & org.
- Clean up after yourself - closing down listening tools and ports, etc.
Learn how to hack from the hacker behind The Hacking Team...uh, hack. Wow, that was a lot of the word hack in one sentence. Anyway, looks to be an awesome video if you can find it (it's been yanked from YouTube).
Lots 'o breaches, as appears to be the norm these days!
Ormandy says the issue can be exploited in a very simple manner. Because the flaw resides in the scanning engine itself, which opens and reads ANY file, not just those the user manually selected for a scan, the crook can simply send an exploit package via email or a link pointing to a Web-hosted exploit.
Symantec has issued a statement and recommended all users run LiveUpdate (um, yeah!).
Yikes, I didn't know it wasn't safe to trust Target=_blank in URLs! Read why in this Medium article which doesn't use Target=_blank ;-)
Windows 10 will no longer share your wifi passwords with friends. Um, thanks for disabling a feature nobody wanted?
Did John McAfee and his team crack into encrypted WhatsApp messages??? Spoiler alert: no. He's kind of becoming the infosec version of Kim Kardashian in this analyst's humble opinion. I think I'll stop reporting his attention-seeking behavior unless there is harder news to share.
Tumblr lost some account info so you should probably change your password.
Twitter is not going to count links and pics in the character count. Hurrah!
Here's everything we know about how the FBI hacks us, a fascinating read starting with 2001's Carnivore to today's more advanced watering hole and drive-by attacks.
Got 7-Zip? Update it as the current version contains two serious flaws allowing RCE.
- XSSHunter looks freakin' sweet:
The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service.
Sigh...there's no way I'd be allowed to have a third party site manage/capture this data. I'll wish and hope for a self-hosted version.
- Gobuster looks to be an interesting DNS/file/folder brute-forcer. Why build another one? According to the author:
"... something that didn't have a fat Java GUI (console FTW).
... to build something that just worked on the command line.
... something that did not do recursive brute force.
... something that allowed me to brute force folders and multiple extensions at once.
... something that compiled to native on multiple platforms.
... something that was faster than an interpreted script (such as Python).
... something that didn't require a runtime.
... use something that was good with concurrency (hence Go).
... to build something in Go that wasn't totally useless."
- Need to figure out if your iPhone has been secretly hacked? An app called System and Security Info might help you do just that:
"This app shows detailed information about your device and running apps from a security point of view. One of the app’s unique features is a jailbreak and anomaly detection that can help security concerned users to check for potential privacy issues and security threats."
..."provides potentially inaccurate and misleading diagnostic functionality for iOS devices"
"Currently, there is no publicly available infrastructure to support iOS diagnostic analysis"
"Therefore your app may report inaccurate information which could mislead or confuse your users."
The developer, however, thinks that Apple just doesn't want to give...
..."the impression iOS could have security holes".
- Phone battery not making it through the day? These 5 apps might be sucking too much juice.
This might be the best picture in the world for explaining software security.
Congress hopeful Mike Webb posted a screenshot full of porn tabs and, once called on it, offered one of the most confusing, random explanations I've ever read. It made me do this: