• (Def) #ConSurvival – h-i-r.net
  Some practical tips on how to get through DefCon
• BlackHat and DefCon Tips: 2010/N00b Edition – it.toolbox.com
  More things to remember on your next Vegas security event
• BlackHat Track Schedule – uktek.com
  A full schedule of the when and where certain talks are going to be held.

Tools:

• Ubitack 0.2 – code.google.com/p/ubitack/
  This tool automates some of the tasks you might need on a (wireless) penetration test or while you are on the go.
• SIPVicious 0.2.6 Available – voipsecurityblog.typepad.com
  SIPVicious was written in python and can be used on Linux, Windows, FreeBSD 6.2 and Mac OS X.
• Open source GSM cracker released
  I have named this beast Kraken, after a Norse mythological creature capable of eating many things for breakfast. Kraken feeds of an exclusive diet of A5/1 encrypted data.
  • New ‘Kraken’ GSM-Cracking Software is Released – cio.com
  • The call of Kraken – reflextor.com
  • GSM Cracking Tool. Yes it’s open source – marcoramilli.blogspot.com
• Sagan – Real-time System & Event Log (syslog) Monitoring System – darknet.org.uk
  Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time!
• PlugBot – theplugbot.com
  PlugBot is a research project led by Jeremiah Talamantes, a penetration tester and security researcher for RedTeam Security.
• WATOBO – THE Web Application Toolbox – sourceforge.net/apps/mediawiki/watobo/
  We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
• WebEnum 0.1 – code.google.com/p/webenum/
  WebEnum is a tool to enumerate http responses to dynamically generated queries.
• dic – code.google.com/p/dic/
  “Download Indexed Cache” is a Proof of Concept (PoC) which implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the “Search Engine Reconnaissance” section of the OWASP Testing Guide v3

Techniques:

• Shell of the Future – Reverse Web Shell Handler for XSS Exploitation – andlabs.org
  In pentests XSS is usually considered as a dead-end vulnerability – you discover it, take a screenshot and move on to something else.
• Identifying Suspicious URLs – threatpost.com
  In the Google TechTalk, Justin Ma, a PhD candidate at UC San Diego, discusses a novel method for determining which URLs are malicious by applying large-scale online learning techniques.
• Stuxnet and .lnk related studies
  • CPLINK Shortcut mitigation and certificate revocation – sophos.com
  • Windows ‘LNK’ Exploit Demonstration – attackvector.org
  • Mitigating .LNK Exploitation With SRP – didierstevens.com
  • Details for the LNK issue along with a live sample – @hdmoore
  • Stuxnet Memory Analysis and IOC creation – mandiant.com
  • File Server LNK/stuxnet Protection – attackvector.org
  • Distilling the W32.Stuxnet Components – symantec.com
• Weaponizing the Nokia N900 – Part 1 – voipsa.org
  Broadly speaking, the objective of this series of blog posts is to introduce folks to the tools available and the potential for this phone as a security testing platform.
• Fun with Metasploit payload generation – happypacket.net
  My goal was to figure out how to add the msfencode functionality into the generate_simple function that is used by both XMLRPC and the console so that you can encode payloads and all that fun stuff from within Metasploit.
• iSEC is releasing this pre-advisory for Kerberos flaws to be discussed at BH. Must read for AD Admins. – @alexstamos

Vulnerabilities:

• More news about the Stuxnet Flaw
  The said malware exploits a newly-discovered vulnerability in shortcut files, which allows random code to be executed on the user’s system.
  • Microsoft Has No Plans To Patch New Flaw – slashdot.org
  • The Microsoft LNK / USB worm / rootkit ‘issue’ will kill WIN XP SP2 and WIN2000 earlier… – eddywillems.blogspot.com
  • Shortcut zero-day attack code goes public – sophos.com
  • Stuxnet Saga Evolves With New Digitally Signed Binaries – threatpost.com
  • Tool Blunts Threat from Windows Shortcut Flaw – krebsonsecurity.com
  • Stuxnet-A View From an Energy Perspective – mcafee.com
• Twitter XSS Bug – xs-sniper.com
  99% of XSS bugs are fairly straightforward and this bug was no exception.
• IE and Safari lets attackers steal user names and addresses – theregister.co.uk
  Jeremiah Grossman, CTO of White Hat Security, plans to detail critical weaknesses that are enabled by default in the browsers, which are the four biggest by market share.
• Old Wireless Security Flaws Still Haunting Networks – threatpost.com
  The attack is specifically designed to work against the Cisco Aironet 1200 Series access points and is a twist on existing attacks that have shown WEP to be an eminently defeatable protocol.
• SAP GUI: command execution via wadmxhtml – vigilance.fr
  An attacker can use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page.
• WPA2 vulnerability found – networkworld.com
  Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.

Vendor/Software Patches:

• Adobe to use sandboxing to mitigate onslaught of Reader-focused attacks
  The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.
  • Adobe adding ’sandbox’ to PDF Reader to ward off hacker attacks – zdnet.com
  • Adobe: ‘Sandbox’ Will Stave Off Reader Attacks – krebsonsecurity.com

Other News:

• New plug-in tester mimics Mozilla’s – cnet.com
  Qualys’ BrowserCheck helpfully targets out-of-date plug-ins, and provides links to download updates.
• VeriSign adds malware scanning to SSL services – cnet.com
  VeriSign is adding malware scanning to its authentication services for Web site operators, the company announced on Monday.
• Siemens SCADA comes with hard-coded password, doesn’t recommend changing it.
  A sophisticated new piece of malware that targets command-and-control software installed in critical infrastructures uses a known default password that the software maker hard-coded into its system.
  • SCADA System’s Hard-Coded Password Circulated Online for Years – wired.com
  • Yes, there’s malware. But don’t change your SCADA password, advises Siemens – sophos.com
• Dell KACE Secure Browser Sandboxes Your Browsing – lifehacker.com
  Secure Browser is designed so even if you find yourself on a site that could harm your computer, the harmful effects are contained within the browser sandbox.
• Skimmers Siphoning Card Data at the Pump – krebsonsecurity.com
  Forced to re-issue an unusually high number of bank cards due to fraudulent charges on the accounts, a regional bank serving Colorado and surrounding states recently began searching for commonalities among the victimized accounts.
• Google Ups the Bug Bounty Ante to $3133.7 – threatpost.com
  The maximum reward for a single bug has been increased to $3,133.7. We will most likely use this amount for SecSeverity-Critical bugs in Chromium.
• PC giant warns of hardware trojan – newscientist.com
  Further information posted on Dell’s community forum reveals that the trojan in the affected motherboards is stored in onboard flash memory rather than firmware ROMs.
• Certified uncertainty – sophos.com
  Second, this particular component of the threat was signed on January 25th, 2010. This implies the perpetrators of this attack have been planning their strategy for quite some time.
• How Mass SQL Injection Attacks Became an Epidemic – threatpost.com
  Mass compromises of legitimate sites really began in earnest in 2007, and the volume and severity of the attacks has increased significantly since then.
• Why Steal Digital Certificates? – eset.com
  In theory the digital signature also tells you who signed the file, and who issued the digital certificate so you can decide if you trust the person or company who signed the file and if you trust the organization who issued the certificate.
• Forget Walmart. Hackers Conference Badges Show The Future of RFID Tracking – gizmodo.com
  This year, HOPE’s Attendee Meta-Data or AMD badge reached new heights, and suggested more about what you could do with RFID attached to people—both good and bad.
• Backtrack vs Windows – youtube.com
  Spoof of evo vs iphone with an influence in security .. DEFCON 18

Washington, D.C. is not just about politics. The nation’s capital also is home to various groups dedicated to information security. Many of the brightest minds in the US gather here, from military security advisors to civilian and corporate IT professionals. Here are a few of local professional groups based here.

• Washington DC OWASP Chapter – Originally, the DC chapter of OWASP had members from nearby Virginia and Delaware but those areas have since grown to host their own chapters. This chapter hosted the national OWASP conference last 2009. Meetings are free and open to all people interested in web security and if you would like to present something, you are most welcome to do so. Follow them in Twitter or sign up for the mailing list.
• ISSA National Capital Chapter – The national chapter regularly holds open meetings that anyone can be a part of. Membership is likewise open to active security professionals. Some of the notable presentations given are “Becoming a Better Cyber-Warrior: Finding Advanced Persistent Threats Using Real-Time Situational Awareness” and “The Case for Network Forensics”
• ISACA National Capital Area Chapter (NCAC) – The NCAC is one of the oldest security groups around and was founded in 1974. The chapter regularly holds monthly conferences (except during summer), exam reviews and networking events. You can grab the newsletter here or monitor chapter news feeds. Some interesting presentations from the group are “Innovation in Federal IT – Enabling an open and transparent government” and “Myths & Realities of Data Security & Compliance: A Risk-based Approach to Data Protection”
• National Information Security Group – Washington, DC Chapter – Membership to this group is open to the public. A couple of presentations to come out of the group is “InfoGraphX” and “Defending Against Cybercrime in 2010″.
• InfraGard Nations Capital Members Alliance – This group is a public-private entity with close ties to the federal government through the FBI. It boasts over 1000 members both civilian and federal employees. Join Infragard here.

Of course, there are also smaller, less-structured get-togethers that happen in DC. Here are some local meetings that might interest you.

• DC2600 – Covering Northern Virginia and Maryland as well as the DC metro area, the group meets regularly at Champps Pentagon. You can drop by a meet or follow their Twitter feed.
• DC Organization of Hackers (DoH) – While their webpage might not be updated, ask around and you might stumble upon a member or two.
• CapSecDC – Another down homepage but their Twitter feed is very much alive. Follow them here.

If you would rather smash transistors instead of code, there are also a few hackerspaces in DC.

• HacDC – From disassembling computers to tinkering with microcontrollers, you can expect a lot of hacking action in this place. The organization started in 2008 and has been featured in The Washington Post. Some of their upcoming events are HacDC Narg and Disassembly Dienstag. Join them here.
• Dorkbot DC – This group is dedicated to putting a cultural spin on electronics projects. Subscribe to their events mailing list or attend their free sessions.

Lastly, the capital is host to many security events where you can network and even learn a new thing or two.

• USENIX Security Symposium – The upcoming 3-day program will be held on August 11 – 13 so mark your calendars. On top of the keynotes and discussions, USENIX will also be offering workshops prior to the main event.
• SANS Whatworks – SANS comes to the capital with an event that focuses on virtualization and cloud computing. It’s going to be held at Fairmont on August 19. There is also going to be another event on December, this time focusing on incident detection.
• CSI 2010 – Technically, this isn’t going to be in DC but as the largest security event on the East Coast, it’s one that you shouldn’t miss. From forensic workshops to medical device security, this two-day event will keep you pretty busy.
• AppSec DC – OWASP is back in DC with a slew of training sessions and talks. Some of the notable talks are “Transparent Proxy Abuse” and “Unicode Transformations: Finding Elusive Vulnerabilities“.

There you have it, hope you got your security fix with the links we gave. If you need help or want to reach out to the DC community, just contact us.

• RECON 2010: The best conference ever in the worst hotel ever – ncircle.com
  It was held in Montreal from July 9th to the 11th at a supposedly posh hotel where the air-conditioning wasn’t working at all building-wide during a heat wave.
• SOUPS Keynote & Slides – emergentchaos.com
  In “Engineers Are People, Too” Adam Shostack will address an often invisible link in the chain between research on usable security and privacy and delivering that usability: the engineer.
• Photos: The Next HOPE (Hackers On Planet Earth) – laughingsquid.com
  Pictures from the the Hotel Pennsylvania event.
• Assange is a no-show
  A Wikileaks editor, deciding not to risk a confrontation with federal agents, skipped a high-profile speaking engagement at a hacker conference here on Saturday.
  • HOPE: scheduled keynote by Julian Assange of Wikileaks – boingboing.net
  • Wikileaks editor skips NYC hacker event – cnet.com

Resources:

• Python tools for penetration testers – dirk-loss.de
  If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language.
• See 20 Minute Video Presentation on How to Choose an IPS – icsalabs.com
  Considering which network IPS is the best fit for your enterprise or SMB?

Vulnerabilities:

• Firefox Add-On Exploited
  It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location.
  • Mozilla Sniffer – mozilla.com
  • Firefox security test add-on was backdoored – netcraft.com
• Rootkit.TmpHider – anti-virus.by
  Modules of current malware were first time detected by “VirusBlokAda” company specialists on the 17th of June, 2010 and were added to the anti-virus bases as Trojan-Spy.0485 and Malware-Cryptor.Win32.Inject.gen.2.
• USB Shortcuts Introduce New Can Of Worms To Windows Systems
  Researchers have discovered a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages what appears to be a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.
  • Experts Warn of New Windows Shortcut Flaw – krebsonsecurity.com
  • Zero-Day vulnerability allows USB malware to run automatically, Sophos reports – sophos.com
  • Windows zero-day attack works on all Windows systems – sophos.com
• Trojan.Sasfis: A Closer Look – symantec.com
  In our recent article on Trojan.Sasfis we focused on the spam angle of the attack and in this piece we will take a deeper look at this somewhat persistent threat which our global sensors indicate is recently on the rise.
• Researchers: Authentication crack could affect millions – computerworld.com
  A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference.
• Malware exploiting x86 machine code redundancy – sophos.com
  By definition an emulator will never be exactly like ‘the real thing’, and malware authors continually try to exploit this fact in order to evade detection.

Vendor/Software Patches:

• Microsoft’s New Patch Tuesday
  As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office.
  • July 2010 Security Bulletin Release – technet.com
  • Microsoft Security Bulletin MS10-042 – Critical – microsoft.com
  • Microsoft Security Bulletin MS10-043 – Critical – microsoft.com
  • Microsoft Security Bulletin MS10-044 – Critical – microsoft.com
  • Microsoft Security Bulletin MS10-045 – Important – microsoft.com
  • MS10-042: Vulnerability in Help and Support Center – technet.com
  • MS10-045: Microsoft Office Outlook Remote Code Execution vulnerability – technet.com
  • Microsoft Patch Tuesday – July 2010 – symantec.com
  • Express patch for Windows Help Center – h-online.com
• Winamp 5.58 eliminates critical FLV vulnerabilities – h-online.com
  According to French security services provider VUPEN, the problem is related to integer and buffer overflow issues within the VP6 decoder “vp6.w5s” used by Winamp when opening a specially crafted Flash Video (FLV) file.

Other News:

• FBI Raids ‘Electronik Tribulation Army’ Over Witness Intimidation – wired.com
  Jesse William McGraw, aka “GhostExodus,” pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard.
• GFI Software acquires Sunbelt Software – sunbeltblog.blogspot.com
  Today, it was announced that Sunbelt Software has been acquired by GFI Software.
• Developers just don’t go to security conferences – swreflections.blogspot.com
  Developers and managers need to choose carefully where to spend their company’s money and time – or their own.
• Secunia Half Year Report for 2010 shows interesting trends – sans.edu
  Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.
• Talk on Chinese Cyber Army Pulled From Black Hat – threatpost.com
  A talk on China’s state-sponsored offensive security efforts scheduled for the Black Hat conference later this month has been pulled from the conference after concerns were raised by some people within the Chinese and Taiwanese government about the talk’s content.
• “Millions” Of Home Routers Vulnerable To Web Hack – forbes.com
  The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet.
• Mozilla Bumps Bug Bounty to $3,000 – threatpost.com
  In an effort to enlist more help finding bugs in its most popular software, such as Firefox, Thunderbird and Firefox Mobile, Mozilla is jacking up the bounty it pays to researchers who report security flaws to $3,000
• MS Windows Token Kidnapping Problems Resurface – threatpost.com
  Cesar Cerrudo, founder and CEO of Argeniss, a security consultancy firm based in Argentina, first reported the token kidnapping hiccup to Microsoft in 2008 and after waiting in vain for a patch, he released the details during the Month of Kernel Bugs project.
• DNS root zone finally signed, but security battle not over – arstechnica.com
  This is an important step in the deployment of DNSSEC, the mechanism that will finally secure the DNS against manipulation by malicious third parties.

Emerald City. It’s best known for its coffee and since caffeine fuels ideas, lots of great security guys flock to this city. Well, that and the great technology community in the area. Let us share a few local professional groups based in Seattle.

• OWASP Seattle Chapter – A chaper of the Open Web Application Security Project, this group is made up of  volunteers and it is free for anyone to join (RSVPing might be required though). This local group features support from both local university advisors and law enforcement units. A couple of the latest presentations made were “When Tools Are Not Enough – Best Practices for Securing Web Applications” and “When Tools Are Not Enough – Best Practices for Securing Web Applications”. Join their mailing list here.
• ISSA, Puget Sound –  This non-profit security group meets every third Thursday except on October due to the SecureWorld Expo. Perks of being a member include reduced rates at ISSA events, CPE credits and lots of opportunities to network. Presentations are also welcome.
• ISACA – Puget Sound – The main purpose of this chapter of ISACA is “to promote the education of individuals for the improvement and development of their capabilities relating to the auditing of and/or management consulting in the field of information systems audit and control”. They’re currently on break but will resume monthly meetings on September. Meetings are every third Tuesday of each month and everyone is welcome even non-members. Please register in advance.
• NAISG Seattle Chapter – The group meets at Bellevue Community College every month and it is free to the general populace. Past presentations include “Duct Tape, Band-Aids and Bubble Gum Shouldn’t Be Used to Build Security” and “How Secure Are You? Keeping Secure in an Interconnected World”. Click here to join.

Local meetings are a great place to meet up with other infosec people in a non-structured way. Chip in for some pizza, beer and the latest security exploits.

• DC206 – This group is open to all people “interested in the alternate applications of modern technology.” Monthly meetings are held at The Black Lodge. Join the mailing list and find out more about them.
• Wa2600 – Meetings are held every first Friday at the Washington State Convention and Trade Center (and are free too). People here have a passion for technology and like to tinker so bring your

For the folks more into voiding warranties, there are a few hackerspaces in the city as well.

• Saturday House – A loose group of people (mostly geeks and their friends) who meet regularly to discuss anything. Currently they are nomadic and have no single space but if you want to keep track of them, go ahead and join their mailing list or follow @saturdayhouse.
• Jigsaw Renaissance – No, they don’t assemble jigsaw puzzles (not exclusively anyway). This collective encourages communal learning and all-out tinkering while promoting sustainability.
• Hackerbot Labs – You’ve got to love their tag line: “Smoke is how a circuit board expresses love.” This is a private space so get in touch if you want to know more.
• Metrix Create – This group holds fee-based monthly workshops from basic electronics to Arduino programming. Some past highlights include vegan deer trophies and life-size yeti sculptures.

Also, take note of a few events and un/conferences in the city. These are not exclusively security-based gatherings but each do carry the spirit of technology sharing (and probably some booze at some point).

• SecureWorld Expo – Held each year in October, the SecureWorld Expo is one of the major security events in the region. It features keynotes, training sessions and roundtables. The next event is on October 27 – 28.
• Ignite Seattle – An unconference bringing geeks with ideas together four times a year. Speakers get five minutes to strut their stuff on stage.
• BarCampSeattle – An open environment where people share and learn. Free flowing technology and fun for everyone!
• Seattle Mind Camp – Another unconference. Sessions and schedules are designed by attendees.

I hope you got your fill from the links above. If you like, you can contact us to help get in touch with a local group or event.

• Welcome to Issue 003 of the HITB Magazine! – hitb.org
  In conjunction with our first European event, we have lined up an interview with Dutch master lock picker and founder of The Open Organization of Lock Pickers (TOOOL)  Barry Wels.
• Various Presentations During HITB Amsterdam 2010 - hitb.org
• People Searches - sans.org
   During a computer exam for an employee threats case, we found activity on Facebook, Twitter, and two different webmail accounts.

This week, we look at the infosec scene in the busiest city in the world, NYC. Here are some of the local professional groups based in Gotham.

• OWASP NY/NJ Chapter – The local chapter of the Open Web Application Security Project is a 100% volunteer group that is free for anyone to join (RSVPing might be required though). This local group features support from both local university advisors and law enforcement units. One presentation of note that came from this chapter is Pentesting Adobe Flex Applications. Join their mailing list here.
• ISSA, New York Metro – A non-profit security group that offers certification support, organizes chapter meetings and creates leadership opportunities for infosec professionals. Memberships include attendance to sponsored programs, the potential to earn at least 27 CPEs per year and valuable networking opportunities. Presentations are also welcome and two recent ones are Three Critical Factors for PCI Assessment and PCI Compliance and the Cloud. You can browse their other past presentations here.
• ISACA – New York Metro – With over 2,400 members, this ISACA chapter provides world-class training, networking events and certification opportunities for its members.
• IT Security Suite Network, New York Metro – A Microsoft Partner Network group that meets every second Thursday at the Microsoft NYC Office.
• NYC InfraGard – An NYC-based public-private initiative of the FBI to safeguard and promote information security.

And here are some local meetings that you might want to attend. These are mostly unstructured and held at a public venue.

• NYC2600 – A local group that meets monthly every first Friday of the month at the Citigroup Center. This is one of the groups in the 2600 magazine’s worldwide informal group network.
• NYSec – From the site: “An informal meetup of information security professionals in New York.” Meetings are every third tuesday of the month at 41 1st Ave. Dino Dai Zovi and Alex Sotirov are the contacts for this group.

If you think your actions speak louder, join or visit one of the many hackerspaces in the Metro.

• HTINK – Open to public membership, this space has a mission to educate the public on issues on tech as well as give access to resources to those who have none
• ITP – An academic space in NYU, this is a two-year graduate program that describes itself as the Center for the Recently Possible.
• Eyebeam – An art and technology center that has supported over 130 fellowships and residencies for artists and creative technologists.?
• Stratolab – Stratolab focuses on constructivist software and video games—learning new skills by creating things. We develop in-house games, and are also available for contract to build a serious games to promote your cause.
• NYC Resistor – This is a hacker collective located in a shared space in downtown Brooklyn.
• New York Hacking Society – A private hacking space that focuses mainly on the information security space. Click the link to email the group if you want to join.

Here are some of the more well-known conferences in the city you can go to during the year to chat up and get the latest security buzz.

• Hackers On Planet Earth (HOPE) – The HOPE conference has been going strong for the last 8 years, bringing together bright minds in the infosec industry under on roof, specifically Hotel Pennsylvania’s in NYC. It’s a conference run by 2600: The Hacker Quarterly and has featured a lot of great speakers like Richard Stallman, Adam Savage and Kevin Mitnick. This year, The Next Hope, features a lot of interesting stuff like free Segway trials, an Android app and a talk by Wikileaks founder Julian Assange.
• SC World Congress – This is an annual congress held in New York by SC Magazine and has a Security Innovators Throwdown, which is like American Inventor but with security technology.
• SummerCon – The latest ‘con was held in NYC and who know where it will spring up next. Hopefully it stays in New York, since the eclectic mix of booze, burlesque and backdooring seems to be one that local hackers enjoy.

If you’re ever in the Empire City and are hankering for some hacking, take your pick of any of the links above or contact us if you want some help.

• Third SHB Workshop – schneier.com
  This is a two-day gathering of computer security researchers, psychologists, behavioral economists, sociologists, philosophers, and others.
• HiTB News
  HiTB  organizes conferences for a while in Dubaï and Kuala Lumpur but this is the first time that an event is held in Europe and not too far from Belgium.
  • Hack in the Box Day #1 Wrap Up – rootshell.be
  • Hack in the Box Day #2 Wrap Up – rootshell.be

• Notes from OWASP Bay Area Security Summit – michael-coates.blogspot.com
  However the portion on dynamic identification and quarantine of malicious scripts was very interesting.
• Hacking the Next Hope Badge – travisgoodspeed.blogspot.com
  The following are some notes that will help enterprising neighbors to hack these badges, which will be running an MSP430 port of the OpenBeacon firmware.

Resources:

• Comparing web application scanners, part 2 – portswigger.net
  Scanners were scored based on their ability to identify different types of vulnerabilities in different scanning modes.
• Cisco IOS Auditing – digitalbond.com
  Earlier this month Tenable released a new policy compliance plugin for Nessus that allows auditing of Cisco router and switch configuration.
• Third-Party Web Widget Security FAQ – jeremiahgrossman.blogspot.com
  Millions of websites such as online news, blogs, e-commerce, banks, webmail, social networking and more utilize third-party hosted content on their webpages in the form of JavaScript, Adobe Flash, Microsoft Silverlight, HTML IFrames, and images.
• securityacts it security e-zine issue 3 – terminal23.net
  If you’re looking for a new security-related e-zine to read, check out SecurityActs.
• New AMTSO guidelines – f-secure.com
  Anti-Malware Testing Standards Organization (AMTSO), which F-Secure is a member of, had a meeting in Helsinki in May.

Tools:

• BackTrack
  BackTrack started as a personal side project well over 5 years ago and by now has been downloaded over 5 million times.
  • BackTrack, Present and Future – backtrack-linux.org
  • BackTrack 4 Development Roadmap – backtrack-linux.org
• Autoruns and Dead Computer Forensics – sans.org
  It is essentially a targeted registry dump, peering into at least a hundred different Windows Registry keys that the boot and logon processes rely upon.
• Netsparker Community Edition 1.5.0.0 Released – mavitunasecurity.com
  There are not many new features in Community Edition but this release addresses the most common issues and includes several improvements.
• Skipfish 1.46beta – code.google.com/p/skipfish/
  A fully automated, active web application security reconnaissance tool.
• FxCop – .NET Framework Security Analysis Tool – darknet.org.uk
  FxCop is an application that analyzes managed code assemblies.
• bsqlbf v. 2.6 – notsosecure.com
  The new addition is the execution of any metasploit payload after executing OS code against Oracle database server by exploiting SQL Injection from web apps.
• upSploit – Press Release – tmacuk.co.uk
  This Vulnerability Advisory Gateway (VAG) should break down the barriers for security researchers and professionals to pass details of vulnerabilities to vendors in a structured easy to follow process.
• SandKit – s7ephen.github.com
  SandKit is a toolset that is intended to assist with the investigation of Sandbox technologies.
• IDA Pro 5.7 highlights – hexblog.com
  We have released a IDA Pro 5.7 few days ago.
• WinPcap – winpcap.org
  The latest stable WinPcap version is 4.1.2.
• ostinato 0.1.1 – code.google.com/p/ostinato/
  Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI.

Techniques:

• Got database access? Own the network! – bernardodamele.blogspot.com
  The presentation highlights techniques to exploit a MySQL, PostgreSQL or Microsoft SQL Server database server in real world.
• SSL gives point-to-point, not end-to-end security – root.org
  SSL provides good point-to-point privacy and integrity protection. However, there is no guarantee to upper layers that SSL is indeed in use.
• HCP Vulnerability Exploited in the Wild – pandasecurity.com
  This vulnerability disclosure has fueled an intense debate amongst security professionals on responsible disclosure, as the Google researcher only allowed Microsoft 5 days before going public with the flaw details.
• The curious case of JBoss Hacking – inner-knowledge.blogspot.com
  It is not so rare seeing jboss where the jmx-console is not password protected.
• Linux buffer overflow II – gunslingerc0de.wordpress.com
  In the first edition of my tutorial tutorial explains berbuffer 400-byte buffer overflow.
• Set Wallpaper Meterpreter Script – room362.com
  Certainly nothing to fuss over, but I’ve had a fascination with setting my target’s wallpaper as sort of a calling card for years now.
• Vulnerability Assessment Testing Automation Part I – sans.edu
  In my SANSFire presentation I described how and why to automate parts of the security testing process.
• V3rity has released a redo log mining tool to extract DDL from redo logs – petefinnigan.com
  V3rity is the new company founded by David Litchfield in March 2010 since he left NGS and until recently his site had little on it.
• Full-Disclosure, Our Turn – jeremiahgrossman.blogspot.com
  No Web applications, no forms, no log-in, no user-supplied input where XSS can hide.
• Social Security Number Format – attackvector.org
  First, for those of you who live under a rock, or across the pond, a social security number is in the format of xxx-xx-xxxx.
• CSRF flaws that pack a punch – holisticinfosec.blogspot.com
  A year after DEFCON 17, cross-site request forgery (still one of my favorite bugs) continues to present itself in some mighty interesting places.
• Wifi Security Slides – trustedsignal.blogspot.com
  There are a few canned video demos in the PPT version that are obviously not in the PDF version and the PPT version contains copious notes, not found in the PDF.
• Memory acquisition and the pagefile(s) – mandiant.com
  The easiest way to do this with Memoryze is to use the MemoryDD.bat script from the command line or to use the UI, Audit Viewer.
• sqlmap and SOAP based web services – bernardodamele.blogspot.com
  Last week a sqlmap user, Chilik Tamir, provided me with a patch to add basic support for SOAP based requests to the tool.
• Lessons from criminals – Good passwords matter – sophos.com
  Unless this is an elaborate public relations stunt, it appears the integrity of AES-256 as a military-grade encryption standard has been proven in a rather public way.
• more with rpcclient – carnal0wnage.attackresearch.com
  Got asked to help remotely locate local admins on boxes on a network.
• You want the BlackBerry Event Log? beg damnit! – chirashi.zensay.com
  If I succeeded at understanding this topic, I would be able to directly connect to a BlackBerry device and collect all the information that I wanted.
• Twitter updates
  • Looks like it’s possible to infinitely brute force Windows passwords without hitting lockout policy using “Change Passwd” Is that old news? – ax0n
  • Arduino + MetaSploit + USB wireless presenter dongle == VNC remote access on the box. – hdmoore
  • @ax0n you have to be authenticated to the domain to access the SAM function though right? Once you have an account, it works – hdmoore
• How to write shellcode – gunslingerc0de.wordpress.com
  I previously had written an article about buffer overflow, it is time I wrote an article how to write shellcode.
• Secunia Survey of DEP and ASLR – taosecurity.blogspot.com
  At the FIRST conference last month, Dave Aitel said something to the effect that DEP and ASLR are the only two noteworthy technologies produced by Microsoft since starting their security initiative.
• Hacking wireless presenters with an Arduino and Metasploit – teusink.net
  Someone in the audience can control the slides and can send any keystroke you want to the victim, as if they were sitting at the keyboard.
• CiscoWorks TFTP directory traversal exploit – teusink.net
  So far I have not seen any details published so I decided to see if I could find the bug.

Vendor/Software Patches:

• Critical hole closed in PNG reference library – h-online.com
  As numerous browsers use libpng to display images, specially crafted web pages could infect visitors’ PCs with malicious code.
• Adobe Patches PDF /Launch Hole
  Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks.
  • Security updates released for Adobe Reader and Acrobat – adobe.com
  • Critical PDF Reader Patch Fixes ‘/Launch’ Command Attack Vector – threatpost.com

Other News:

• ‘LikeJacking’ – What is it? – zscaler.com
  The term has been adopted enough, that there is a Wikipedia page for it, with a very straight-forward definition.
• Privacy problems persist in latest Windows Messenger 2011 beta – infoworld.com
  Earlier versions of Messenger played fast and loose with your privacy.
• SSL Certificates In Use Today Aren’t All Valid – esecurityplanet.com
  Ivan Ristic, director of engineering at Qualys, said that he found that only about 23 million of the sites were actually running SSL.
• White House Cybersecurity Czar Unveils National Strategy For Trusted Online Identity – darkreading.com
  Devil’s in the details for Obama administration’s draft plan for eliminating passwords and advancing authentication, security expert says.
• Regular domains beat smut sites at hosting malware – theregister.co.uk
  A study by free anti-virus firm Avast found 99 infected legitimate domains for every infected adult web site.
• IBM to Acquire BigFix – Hallelujah! Can I Get a Witness?! – techbuddha.wordpress.com
  I will post more later but given all the blood, sweat, and tears we have poured into BigFix we are extremely excited about this move.
• Top Apps Largely Forgo Windows Security Protections – krebsonsecurity.com
  Many of the most widely used third-party software applications for Microsoft Windows do not take advantage of two major lines of defense built into the operating system.
• Why Johnny Can’t Pentest – ethicalhack3r.co.uk
  The three authors of the paper (Adoupe, Marco, Vigna) test the black-box scanners against their custom vulnerable web application they called WackoPicko.

Here are the information security events in North America this month:

SANS What Works in Forensics and Incident Response Summit 2010: July 8 – 9 in Washington, DC

RECON 2010: July 9 – 11 in Montreal

Symposium on Usable Privacy and Security (SOUPS) 2010: July 14 – 16 in Redmond

The Next HOPE: July 16 – 18 in New York City

BlackHat USA 2010: July 24 – 29 in Las Vegas

BSides Las Vegas: July 28 – 29 in Las Vegas

DEFCON 18: July 30 – August 1 in Las Vegas

.

And here are the information security events in the other parts of the world:

SANS IMPACT Malaysia 2010: June 28 – July 10 in Malaysia

HITB SecConf 2010 Amsterdam: June 29 – July 2 in Amsterdam

SyScan HangZhou: July 8 – 9 in China

PlumberCon: July 9 – 11 in Austria

SANS Canberra: July 9 – 17 in Australia

The 10th Privacy Enhancing Technologies Symposium (PETS 2010): July 21 – 23 in Germany

If anyone is in Las Vegas for Black Hat, Security B-Sides or DEFCON and wants to meet, leave a comment in this post

• Who’s on…uh, at…FIRST? – windowsir.blogspot.com
  My employer is not a member of FIRST, but we were a sponsor, and we hosted the “Geek Bar”.
• La “Nuit Du Hack” in Paris – rootshell.be
  The event was split in two parts: a set of talks about security topics and, starting from midnight, a CTF contest.
• NovaInfosec Twits – novainfosecportal.com
  The Twitter account for the NovaInfosec Twits list is novainfosec.
• Hacking at Mach Speed! – trailofbits.com
  The first ever NYC SummerCon last weekend was a blast and everyone seemed to have a great time.
• Call for Papers: EC2ND’10 – honeyblog.org
  EC2ND 2010 specifically encourages submissions presenting work at an early stage with the intention to act as a discussion forum for innovative security research.
• Comments on Sharkfest Presentation Materials – taosecurity.blogspot.com
  This is the third year that CACE Technologies has organized this conference.

Resources:

• Conference on Cyber Conflict – Slides.. – thinkst.com
  The CCDCOE (Cooperative Cyber DefenceCentre of Excellence) held its Conference on Cyber Conflict in Tallinn, Estonia.
• The talks I’m looking forward to attending in Las Vegas – securityninja.co.uk
  We are getting closer to the annual geek pilgrimage to Las Vegas for the BlackHat, DEF CON and SecurityBSides conferences.
• SQL Injection Anywhere White Paper – docs.google.com
  An advanced SQL Injection exploitation technique, that allows the complete disclosure of information from (almost) any SQL Injection exposure.
• Public SSL Server Database / SSL Server Test – ssllabs.com
  Public SSL Server Database is an online service that enables you to look up the configuration of any public SSL web server.
• Live CD for Remote Incident Handling – sans.edu
  Bert Hayes is a security professional at the University of Texas.

• Security BSides Las Vegas announcements – uncommonsensesecurity.com
  The first few talks confirmed are great and there are plenty more killer talks to be announced.
• KartCon2010 – owasp.org
  RSVP now to the 5th Annual OWASP KartCon 2010!
• Penetration Testing Summit 2010 – tenablesecurity.com
  The SANS Penetration Testing Summit was held this year at the Hyatt Baltimore in Baltimore, MD on June 14 – 15 and was focused on “What Works in Penetration Testing”.

Resources:

• Metasploit 101 – darknet-consulting.com
  Are you a security professional that needs to learn the basis of metasploit but haven’t found a source?
• Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10 – irongeek.com
  What I’m attempting to do with Mutillidae is implement the OWASP Top 10 in PHP, and do it in such a way that it is easy to demonstrate common attacks to others.
• Have you ever configured your Adobe Flash Player? – f-secure.com
  Flash’s settings are rather curious as the controls themselves aren’t located on the computer but are instead accessed through a Flash object hosted by Adobe.
• Internet Fraud Alert – ifraudalert.org
  Internet Fraud Alert creates a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online to the appropriate institution responsible for that account.
• Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish – jukt-micronics.com
  To its credit, Chained Exploits: Advanced Hacking Attacks from Start to Finish is fairly well written.
• Insecure 26 Now Available – net-security.org
  Insecure 26 is available, and as usual, has plenty of interesting articles such as a lengthy one on analyzing Flash content for vulnerabilities.
• Penetration Testing versus Vulnerability Scanning – plynt.com
  Penetration Testing is usually referred to testing by an ethical hacker to break into a target network with limited information about the said network.