7MS #216: News and Links Roundup
What follows are some of my favorite training opportunities, news bits, tools/scripts and humorous stories to send you into the weekend with!
- A new version of ADHD is out! BHIS presented on it last week, and here's the video if you missed it.
- Be aware of the nasty "Point and Print" vulnerability that's lurking on our networks. According to the article:
Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn't properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect.
As a reminder - Patch Tuesday did not patch this vuln - rather, it only issues a warning. According to this TripWire article:
The update addresses the vulnerability by issuing a warning to users attempting to install untrusted drivers. This is important to note, as the bulletin does not state that it prevents the installation of these drivers. This means that user education should be associated with this update.
There is hope for users bit by Jigsaw malware! Presumably, all you'd need is Burp Suite to modify some requests and BAM - files back for 0 bitcoin!
If you are in the market for an Android phone, Nexus is probably the way to go. Here are the key takeaways:
Google made the commitment to making security patches available for the longer of three years from availability on the Google Store or 18 months from when the Google Store last sold the device.
Similarly, they guarantee that Nexus phones will receive Android version updates for at least two years after they become available in the Google Store.
OSX users might want to run this security check and get some further Mac-hardening recommendations.
Spinning up a new server - say on Digital Ocean? Might want to grab this script to lock it down right quick.
PC users should check out CertWatch which will "monitor any changes made to the Windows Certificate Stores on your system."
I'm loving my Ubiquiti gear - I got this router and this AP and have lots more audio/video coming out about my setup (eventually). Note: Steve Gibson and Leo Laporte talk about this gear about an hour and three minutes into episode #569.
Wanna make $ hacking ethically? This might be the book for you.
NMAP 7.25BETA1 is out with more nse-scripts, new ncap driver, and more goodies.
PTF Framework just hit 1.8 - I highly recommend grabbing this if you end up moving between several machines for pentest engagements.
Need some relaxing background music while you hack? MyNoise.net might be just the site for you.
I don't understand Pokemon but this makes me smile.
My TommyBoy VM will be submitted for "production" at VulnHub this weekend!
I'm turning BPATTY into a GitHub project(!) so please start following the action there!