Security News #0x3E
- ALex Levinson of National CCDC Red Teams has some great advice for defenders. When (not if, when) you realize an attacker is on your system, Don’t Panic. Don’t immediately kill the shell- if you do you will never find out what is actually going on! Read his piece for details.
- Talking about NCCDC, Raphael Mudge has a nice piece on his experiences on Red Team at NCCDC, together with a lot of great advice for students.
- For more CCDC lessons, visit Dave Cowen’s blog. He has been the Red Team Captain for years, and has always been gracious and helpful to the students. I highly recommend his blog. He even has the slides from the (always humorous) Red Team Debiref.
- Unallocated space is hosting a CTF exercise on Memorial Day Weekend.
- Karen Seubert has some excellent advice on how to securely use your computer to manage your bank accounts.
- Adam Gowdiak announced yet more Java vulnerabilities; this one affecting the just released Java 7 Update 21. PoC code was not publicly released.
- While we are talking about Java Ars Technica reports that attacks that affect earlier releases have now been added to common malware kits and are circulating. Metasploit has a module that attacks Java 7 Update 17, via CVE 2013-2423. For unknown reasons though, it has not (yet) made it into Kali yet. Eric Romang has a demo.
- phpMyAdmin, up to 3.5.8 and 4.0.0 RC2 are vulnerable to CVE 2013-3238, which allows for remote code execution. Exploit code is available on Exploit-db, and there is now a Metasploit module.
- Back in February, I mentioned CVE 2012-0809, a vulnerability in sudo 1.8.0 – 1.8.3p1 that allowed for privilege escalation. The folks at Exploit-db now have exploit code.
- What do you do if you have the password hash, but not the password? https://goog.li/.
- Many of my students have asked me for information about stack-smashing and ROP programming. Beginning next year, this will be part of the curriculum for all of the students in our computer security track. If you can wait that long though, take a look at what Ron Bowes has put together on the Skull Security blog. This is a one of the best introductions to exploiting a system protected by ASLR and DEP via ROP that I have seen. If you are a student of security, then get yourself to this site, and spend some time working though the example provided!
- If you are looking for a client that can handle SSH, VNC, and RDP, you might want to try remmina. It is available for Ubuntu based systems (including Kali) with
apt-get install remmina. Take a look at this summary from Terrance Cox.
- Are you looking for packet capture data for analysis? The folks at Netresec have a large collection.
- Ars Technica reports that a vulnerability in an app known as Viber allows attackers to bypass the lock screen on an Android phone. Fortunately, this has only been downloaded some 100,000,000 times. Oops.
- I just learned about a Windows tool called TCPLogView; it tracks the TCP connections made to/from a Windows host.
I wonder if this might be useful in an approaching class final exercise….