The folks that run the website RTL-SDR have a comprehensive list of all the software defined radio (SDR) software, both commercial and free. That list can be found here:
Default password lists
I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:
* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.
Always available CTF Labs
I have identified the following CTF labs which are 24/7 and most if not all are free:
* Immersive Labs: https://immersivelabs.online
* pwnable.xyz (good for people new to CTF): https://pwnable.xyz/
* 365 CSAW: https://365.csaw.io
* CTF101: https://ctf101.org/
* Shellter Hacking Express: https://shellterlabs.com/en/contests/
* Backdoor: https://backdoor.sdslabs.co/
* ShellWePlayAGame?: https://shellweplayagame.org/
* RootMe: https://www.root-me.org/?lang=en
* OverTheWire: https://overthewire.org/wargames/
* Virginia Cyber Range: https://portal.virginiacyberrange.net/
* Hack The Box: https://www.hackthebox.eu/
* FuzzyLand: https://fuzzy.land/
* Hacking Lab: https://www.hacking-lab.com/index.html
To everyone that made me aware of these thank you!
Article: A very deep dive into iOS Exploit chains found in the wild
Google’s Project Zero just release information regarding an exploit chain targeting iOS devices. The exploit chains were used as a part of a watering hole campaign that would exploit an iOS device that was viewing it. Watering hole campaigns involve websites where the site has either been hacked into or stood up such that anyone viewing it will be potentially exploited. What’s interesting about the implant that the complex exploit chains installs is that is very unsophisticated and uses clear text protocols for data exfiltration.
Article: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
Talos security recently announced several serious bugs in the Nest Cam IQ camera, which is their most advanced IoT offering on the market. The vulnerabilities range in severity from a simple DoS to RCE. The bugs were all found in one of their communication protocols they use called Weave (the Net Cam IQ also supports TCP, UDP, Bluetooth and 6lowpan).
Article: 20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users
Google Project Zero recently announced a 20 year old local privilege exploit (LPE) affecting all versions of Windows both server and client versions from Windows Server 2003 through Windows Server 2019 and Windows XP all the way through Windows 10. It takes advantage of the “ctfmon.exe” process which is a shared service for processing text input. This process doesn’t have access controls which means a malicious request to it will allow an unprivileged user to gain SYSTEM privileges. Microsoft has release a patch in their August updates.
Article: New Dragonblood vulnerabilities found in WiFi WPA3 standard
Earlier this week the same researchers that found the original set of vulnerabilities in the Dragonfly handshake for WPA3 have found two more. I thought WPA3 would be less vulnerable than WPA2 but it seems the WiFi Alliance continues to struggle with coming up with a secure algorithm to prevent unauthorized access. The WiFi Alliance recently announced WPA3.1 which will not be vulnerable to these attacks but that’s also at the expense of backward comparability. If you are in the market now for a WPA3 enabled router I would suggest waiting a little bit longer for WPA3.1 to come out.
Article: A hacker gained access to 100 million Capital One credit card applications and accounts
Another day another data breach, but this one is a doozie! If you are a Capital One customer your SSN may have been compromised and you should contact Capital One immediately and demand credit monitoring service and a new credit card to begin with.
Article: Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
You may want to upgrade to iOS 12.4 which patches four out of five vulnerabilities. The remaining one hasn’t been disclosed to Apple so there’s a possibility they will be release an update to iOS which will patch it.
Article: CVE-2019-1579: Critical Pre-Authentication Vulnerability in Palo Alto Networks GlobalProtect SSL VPN Disclosed
This was just in a SANS AtRisk email that I’m subscribed to. If you are using this VPN appliance please be aware of this format string vulnerability. It’s both pre-auth and also capable of remote code execution (RCE). Palo Alto was already aware of this vulnerability internally and they patched the vulnerability, begining with PAN-OS v9.0, which is now shipping with this appliance. However the appliance bought before the patch was made are most likely still running a vulnerable version of PAN-OS so please update to the latest version of PAN-OS:
Article: US attorney general William Barr says Americans should accept security risks of encryption backdoors
Will the United State government ever learn that by making the encryption keys available to law enforcement it’s setting up the potential for the keys to be stolen by an adversary? This is just plain dumb.
Article: 15 Ways to Bypass the PowerShell Execution Policy
I ran across this awesome article discussing different ways you can disable and/or bypass the execution policy in PowerShell. Turns out they found 15 of them! This is critical when you are performing penetration tests and using techniques such as “living off the land”.