Security News #0x88
So, where have I been for the last month? Lots of grading! However, that is now done, and my students have graduated into the wide wide world (Good luck all!).
The book is moving along smartly. The first draft is finished- 750 pages of hacking goodness. Technical reviews is about half finished, and we are looking at publication in a few more months.
In the meantime though, there has been a lot of news….
- For years I relied on Sourceforge as a location to find high quality open source tools. Well it seems that they have gone over to the dark side, and are now adding adware to Windows installers for projects on their site. This became big news when GIMP announced this had happened to them. For some details, see Ars Technica.
- There is a new local privilege escalation exploit for Windows 8 that has appeared at Exploit-db. This is a Python based exploit that attacks CVE 2014-4113 and was patched in MS 14-058. I tried the exploit on a couple of virtual machines though, and could not make it work.
- There is a new local privilege escalation exploit for Windows 7 (x86) that has appeared at Exploit-db. This one appears to attack CVE 2015-0003 and was patched in MS 15-010.
- There is also a new local privilege escalation exploit available for recent Ubuntu systems using apport; this one also appeared at Exploit-db. This exploits
CVE 2015-1325, though this has not yet made it into the official MITRE database.
- There is a new Metasploit module that exploits Flash 184.108.40.206 on Windows 7 SP1. The underlying vulnerability is CVE 2015-0359.
- Don’t forget about the latest name brand vulnerability, VENOM (CVE 2015-3456). This affects QEMU and Citrix Xen.
- Talking about exploits, have you read about the proposed arms control restrictions on exploits?
- Raphael Mudge has another nice post on how to use Mimikatz to pass the hash.
- There is a trojaned version of PuTTY in the wild. Be sure to check those hashes folks! FCIV is your friend here.
- There is a nice summary of NCCDC from the Red Team point of view on Lockboxx.
- Have you considered writing your own Snort rule to detect Meterpreter reverse HTTP shells?