Security News #0x19
Blackhat & Defcon have not (so far) produced the kinds of exciting hacking news as in years past. Frankly, there was supposed to be an earth-shattering kaboom.
- Did you know that you can use Python to intercept windows system calls? Here
is a wonderful demo by swain that shows how to use Python to prevent Notepad from opening certain files. Most cool.
- The folks at Exploit Monday show how to use some PE tools to analyze all of the loaded modules in a Windows executable- whether the executable is on disk or in memory. The nicest part of the demo is how they show how to locate a meterpreter shell that has been injected into a running process. Most cool agian!
- Do you want to learn more about web applications? OWASP and Mandiant have released their Broken Web Application project virtual machine. This is a virtual machine with a range of web applications sporting a number of different vulnerabilities.
- Raphael Mudge, aka @armitagehacker, gave the presentation "Force Multipliers for Red Team Operations" at BSidesLV. You can find the complete talk on YouTube.
- Speaking of Red Team members giving talks at BSidesLV, here is Georgia Weidman discussing smart phone penetration.
- A new set of instructions on how to install snort for Open SuSE 11.4, 12.1 and FreeBSD 8.2 has gone up.
- X-ray is a tool to allow a user to scan an Android phone for vulnerabilities.
- Speaking of Android, do you use it to check email from a corporate (i.e. Exchange) server? Ars Technica describes Edith Cowan’s Blackhat paper on how Android (and iOS) systems can connect to an Exchange server even when the SSL certificate is clearly incorrect.