Sean Metcalf (@PyroTek3) is a Microsoft Certified Master (MCM) / Microsoft Certified Solutions Master (MCSM) in Directory Services (Active Directory Windows Server 2008 R2) which is an elite group of Active Directory experts (only about 100 worldwide). As of 2016, he is also a Microsoft Most Valuable Professional (MVP). We ask him about his start in information security and PowerShell. Listen in now!
Some of the titles are: Hacking: The Art of Exploitation, Hacking the XBox, Automate the Boring Stuff with Python, Python Crash Course, Practical Malware and The Linux Command Line.
Any amount gets you four titles and a $15.00 donation gets you all 13. You decide how much goes to EFF, No Starch or Humble Bundle.
Details are at https://www.humblebundle.com/books/no-starch-hacking-books
This week, Jeff comes on the show and hosts Jeff's Round Table. He talks about Google Play Music, Jedi Conference, vulnerability management vendors, and integration into asset discovery. All that and more, here on Security Weekly!
Aaron Lyons will be covering the recent sentencing of some malicious insiders, and the creators of the the SpyEye botnet creator.
Regardless of the size of your organization, the security challenges with open-source Content Management Systems (CMS) security are the same. In the enterprise the issue stems not from the technology or existing processes, but...
Lee Holmes is the lead security architect of Microsoft's Enterprise Cloud Group, covering Windows Server, Azure Stack, System Center, and Operations Management Suite. He is author of the Windows PowerShell Cookbook, and an original member of the PowerShell development team.
This week on Hack Naked TV, Aaron Lyons talks about Badlock, Ransomware, Russian Prison for Hackers, and Ransomware. Check out Beau Bullock's Hack Naked for more in depth detail on Badlock.
Simulacra & Simulation - Jean Baudrillard
Featured in Matrix
|Popup shown by the first payload from Bedep Stream - Win7|
(in the background Angler Landing)
|Popup shown by the first payload from Bedep Stream - WinXP|
|A VM not hardened enough against Bedep got redirected to a "decoy" instance of Bedep that i will refer as :|
Bedep "Robot Town" - 2016-04-12
|Same Angler thread - VM not detected. 1st Stream get Vawtrak|
|Bedep doing some ACPI checks|
|Marvin - Paranoid Android|
- Removed the AU focused mention on the Vawtrak. I have been told (Thanks ! ) it's US focused. Got geo
Glitched. Maybe more about that a day or the other.
- Refine the check conditions for Researcher. IP 18.104.22.168 and sid=1901...otherwise...ok :)
Welcome to another episode of Hack Naked TV recorded April 8th 2016. Aaron covers the Panama Papers, Cyber-Insurance, Ransomware, Hacking Team, and the Pentagon's bug bounty program.
We interview James Lyne from SANS. He comes from a background in cryptography but over the years has worked in a wide variety of security problem domains including anti-malware and hacking. James spent many years as a hands-on analyst dealing with deep technical issues and is a self-professed "massive geek".
Spotted in a "degraded" version on the 2016-04-02 in Magnitude, live also since 2016-03-31 in Nuclear Pack, Adobe was really fast at fixing this vulnerability with the patch released on the 2016-04-07 bringing Flash Player to version 22.214.171.124
It's not the first time a "0day" exploit is being used in a "degraded" state.
This happened before with Angler and CVE-2015-0310 and CVE-2014-8439
You'll find more details about the finding on that Proofpoint blog here :
"Killing a zero-day in the egg: Adobe CVE-2016-1019"
and on that FireEye blog here:
CVE-2016-1019: A new flash exploit included in Magnitude Exploit Kit
Note : we worked with Eset, Kaspersky and Microsoft as well on this case.
Nuclear Pack :
Identification by Eset, Kaspersky and FireEye (Thanks)
|Exploit sent to Flash Player 126.96.36.1996 by Nuclear Pack on the 2016-03-31|
Sample in that pass: 301f163644a525155d5e8fe643b07dceac19014620a362d6db4dded65d9cad90
Out of topic example of payload dropped that day by that instance of Nuclear : 42904b23cff35cc3b87045f21f82ba8b (locky)
Note the string "CVE-2016-1001" in the Nuclear Pack, explaining why maybe this exploit is being used in a degraded state.
|CVE-2016-1001 string spotted by Denis O'Brien (Malwageddon), the 2016-04-05 in Nuclear Pack exploit|
2016-04-02 "Degraded" to 188.8.131.526
Identified as is by FireEye
[2016-04-07: TrendMicro told me they found some hits for this exploit in Magnitude back from 2016-03-31 as well]
|Magnitude exploiting Flash 184.108.40.2066 with CVE-2016-1019 the 2016-04-02 in the morning.|
Payload is Cerber.
Side note : the check on the redirector in front of Magnitude ( http://pastebin.com/raw/gfEz25fa ) which might have been fixed with the CVE-2015-2413 was in Magnitude landing itself from September to end of November 2015.
|res:// onload check features unobfuscated at that time in Magnitude Landing 2015-09-29|
Sample in that pass: 0a664526d00493d711ee93662a693eb724ffece3cd68c85df75e1b6757febde5
Out of topic payload: 9d92fb315830ba69162bb7c39c45b219cb8399dd4e2ca00a1e21a5457f92fb3c Cerber Ransomware
Note: I got successful pass with Windows 8.1 and Flash 220.127.116.112 as well and Windows 10 build 1511 (feb 2016) via Flash 18.104.22.1686 on Internet Explorer 11. Edge seems not being served a landing.
2016-04-11 - "degraded" as well it seems. (at least didn't got it to work on Flash 21.x)
CVE id by @binjo and Anton Ivanov (Kaspersky)
|Neutrino successfully exploit Flash 22.214.171.1246 with CVE-2016-1019|
Out of topic payload: 83de3f72cc44215539a23d1408c140ae325b05f77f2528dbad375e975c18b82e
Killing a zero day in the egg : CVE-2016-1019 - 2016-04-07 - Proofpoint
CVE-2016-1019: A new flash exploit included in Magnitude Exploit Kit - 2016-04-07 - Genwei Jiang - FireEye
Zero-Day Attack Discovered in Magnitude Exploit Kit Targeting CVE-2016-1019 in Older Versions of Adobe Flash Player - 2016-04-07 - Peter Pi, Brooks Li and Joseph C. Chen - TrendMicro
This week Paul takes the place of Aaron Lyons who is busy fighting Ninja Lamas. Paul discusses Car future Malware, Ubuntu Patches Kernel Vulnerabilities, OSVDB Shuts Down For Good, Flash zero-day in the wild to be fixed by Adobe, and FBI: $2.3 Billion Lost to CEO Email Scams. Check out the Security Weekly Wiki for more information!
This week we talk with Alex Horan from Onapsis. He is a security focused IT professional with strong experience leading and motivating IT teams and departments.
This week on Hack Naked TV Aaron Lyons talks about FBI vs Apple, the new Android bug, Cisco Firepower/Snort IDS, and ransomware.