Organizations tend to fall somewhere on a scale of 0 through 100 (with 100 being the best) when it comes to the maturity of their vulnerability management program. Starting at 0 for those who don't do any type of vulnerability management or scanning, to those higher up on the scale integrating 3rd party products and producing business-based metrics. Find out all the different levels, some of the pitfalls, and most importantly how go from 0 to hero in your vulnerability management program.
This week on Security Weekly with Carlos, Jack, Michael, Joff, Paul and Larry talk about Windows updates, Sean Penn, WordPress XSS, Windows compatibility issues, TrendMicro's node.js password manager (now featuring arbitrary command execution), and a whole lot more!
We also interview Chris Domas. Chris is a researcher interested in reverse engineering and exploitation. He joins us to talk about visualizing binaries, accessing ring -2 and making reversers sad.
( all have the IE CVE-2015-2419 from august)
Angler has just integrated CVE-2015-8651 patched with Flash 184.108.40.2060 on 2015-12-28
Angler EK : 2016-01-25
The exploit might be here since the 22 based on some headers modification which appeared that day.
It's not yet pushed in all Angler EK threads but widely spread.
Thanks Anton Ivanov (Kaspersky) for CVE Identification !
|CVE-2015-8651 (and CVE-2015-2419) being successfully exploited by Angler EK to load bedep in memory|
Another pass via the "noisy" Cryptowall "crypt13x" actor which threads also has it :
|CVE-2015-8651 being successfully exploited by Angler EK to load Cryptowall (crypt13001)|
from the widely spread and covered "crypt13x" actor thread - 2016-01-25
(Out of Topic payload : 5866906a303b387b9918a8d7f8b08a51 Cryptowall crypt13001 )
I have been told by Eset that the exploit is successful on Flash 220.127.116.11 and Firefox.
I spotted a thread serving a landing and an exploit to Firefox.
2016-03-23 Firefox pass with Sandbox escape :
|Angler EK exploiting CVE-2015-8651 on Firefox 33.1.1 and Flash 18.104.22.1685|
Bedep successfully wrote its payload on the drive.
Thanks Eset for identifying the added CVE here.
Neutrino Exploiting CVE-2015-8651 on 2016-02-09
Here Bunitu dropped
Files : Fiddler here (password is malware)
Thanks again Eset for CVE identification here.
|Nuclear Pack exploit CVE-2015-8651 on 2016-02-10|
Out of topic payload: cdb0447019fecad3a949dd248d7ae30f which is a loader for CloudScout (topflix .info - which we can find in RIG as well those days)
It seems Chrome won't save you if you do let it update.
|2016-02-17 on DE/US/FR traffic|
Is what i get with Chrome 46.0.2490.71 and its builtin 22.214.171.124 (which should fast update itself to last version)
Files : Fiddler here (password: malware)
CVE ID confirmed by Anton Ivanov (Kaspersky)
|Magnitude dropping Cryptowall via CVE-2015-8651|
Some days before 2016-04-06
Thanks FireEye for CVE identification.
|CVE-2015-8651 successfuly exploited by RIG on 2016-04-07|
( Out of topic payload: 30cb7ed7a67eb08fa2845990b7270d64d51e769d6e0dad4f9c2b8e7551bced0a Probably Godzilla downloader)
Files : RIG_2016-04-07 (swf, payload and Fiddler - password is malware)
(GoogleTranslate - via @eromang ) Offshore "Dark Hotel" organization of domestic business executives launched APT attacks - 2015-12-31 - ThreatBook
Post publication reading :
An Analysis on the Principle of CVE-2015-8651 - Antiy Labs - 2016-01-26
Instead of doing productive things I’ve found a new outlet for self-entertainment, and I seem to be amusing a few others, too.
My newish Twitter account is @InfosecNoir, it is:
“The adventures of Jimmy Black. He decrements the TTLs of cybercriminals so you don't have to.
He has a drinking problem, but only when his glass is empty.”
It is pretty low volume, and is meant to entertain me. If it entertains you, too, then maybe follow, or just check in occasionally.
Important note: While some of it is autobiographical, and some is “based on true stories”, much is pure fiction. I’ll admit the first tweet is autobiographical,
after that, your guess is as good as mine. And for the pedantic, it was Atorvastatin, not Lipotor™. Yay generics.
Oh, hey- bloggy thing. I know I should blog more, both here and over on my
travel drinking blog, but you know…
One very nice recent development is that a team at Microsoft has created an Open Source fork of Windows Live Writer. WLW used to be a really sweet, lightweight WYSIWYG blog tool for Windows- then it got Microsofted and bloaty, then abandoned. Open Live Writer brings it back from the dead, updates authentication to work with modern platforms, and pulls out a lot of cruft.
It is still early in development, but so far it is working well for me and I do not miss any of the “missing” features. I’m enjoying the speed and functionality of Open Live Writer, and I’m grateful that some folks at Microsoft have revived this great little tool. If you are a blogger and Windows user, check it out.
OK kids, this is cool. Know a hacker or computer club or school that could use some free, community-contributed labs?
From the website (pivotproject.org):
“People who earn great jobs in cyber security have mastered both academics and hands-on skills. But where can people with a wide variety of skill levels get hands-on practice with real-world cyber security problems? On January 12, the PIVOT project goes live to help meet that need. PIVOT makes it possible for students and others, all over the world, to build their hands-on skills in a fun, challenging, real-world cyber environment. PIVOT provides exciting hands-on labs and challenges for student groups and associated faculty, completely free. Through a variety of engaging downloadable materials, participants build their hands-on skills to help them pivot from academic studies to their future cyber security careers.”
To kick things off there’s a contest to get things moving and gather feedback:
“We’re launching PIVOT with a special contest and over a dozen prizes so you can help make PIVOT even better. Prizes include gift cards, club pizza feasts, t-shirts, and more!
To participate in the contest and help us make PIVOT even better, all you need to do is have your group work through your choice of at least two of our current labs, and then have a student leader or faculty member fill out our contest form by February 15, 2016. The contest form gathers information about your experiences with the labs and recommendations for additional PIVOT challenges. From all submitted entries, we’ll select the top 5 with the most useful input to receive our grand prizes. Then, from all submitted entries, we’ll select another 10 at random to receive a prize.”
Please check out PIVOT Project and spread the word, it is off to a great start but now we need to build the community.
This week we interview Adrien de Beaupre, a SANS instructor and Internet Storm Center handler. Adrien has been researching the security of HTTP/2 and even does a live demo! We put out a call to action for the security community to become more pro-active in researching this protocol.
In Stories of the Week Paul, Larry, John, Joff and special guest star Adrien talk about Juniper backdoors, the "biggest" security threats for 2016, axing Internet Explorer and Uber fines for data breaches.
This week Beau talks about malicious Google Play apps, Comcast home security systems, attacking ICS and MS15-132.
Throughout history we’ve called anything we don’t understand “magic”. To those of us in technical fields we often think of Arthur C. Clarke’s third law:A great photo of Rance by Kevin Riggins
“Any sufficiently advanced technology is indistinguishable from magic”but many things we don’t understand other than technology have been called magic as well.
Rance had a special magic. We may not have understood how he always seemed to know who needed a kind word, or how he knew exactly what the needed word was, but he did. In the last couple of years it was sometimes hard to understand how he remained so kind, generous, and happy in the face of his cancer battles- but he did, because he was Rance. That is a special kind of magic, and we will miss it dearly.
While we mourn our friend we can remember him best by trying to find a little of that special Rance magic in ourselves and each other.
NetHunter has been actively developed for over a year now, and has undergone nothing short of a complete transformation since its last release. We've taken our time with v3.0, and the results are a complete overhaul of the NetHunter Android application, with a more polished interface and a fully functioning feature set.
Through the amazing NetHunter community work led by binkybear, fattire, and jmingov, we can now proudly look at NetHunter and confidently consider it to be a stable, commercial grade mobile penetration testing platform. And so, we are really excited with todays release of NetHunter 3.0 - let the games begin!
Sharon Goldberg joins us to talk about her research into NTP, BGP and DNS protocol security. Then, in Security News, Paul, Joff and Not Kevin talk about registering zones, reply to all, CISA and much more!
When a student earns an Offensive Security certification such as the OSCP, it is a testament to the personal investment they have made as part of a commitment to excellence. Like getting a degree from a university, no matter what happens in your life from that point forward, the fact is your earned that certification and it is yours to keep. Saying this, there are some hard truths behind the path to OSCP.
Aaron reviews the Penetration Testing with Kali Linux course and OSCP test.