The folks that run the website RTL-SDR have a comprehensive list of all the software defined radio (SDR) software, both commercial and free. That list can be found here:
Default password lists
I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:
* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.
Always available CTF Labs
I have identified the following CTF labs which are 24/7 and most if not all are free:
-
- 24/7 CTF: https://247ctf.com/ (Added 11/7/2019)
- Immersive Labs: https://immersivelabs.online
- pwnable.xyz (good for people new to CTF): https://pwnable.xyz/
- 365 CSAW: https://365.csaw.io
- CTF101: https://ctf101.org/
- Shellter Hacking Express: https://shellterlabs.com/en/contests/
- Backdoor: https://backdoor.sdslabs.co/
- ShellWePlayAGame?: https://shellweplayagame.org/
- RootMe: https://www.root-me.org/?lang=en
- OverTheWire: https://overthewire.org/wargames/
- Virginia Cyber Range: https://portal.virginiacyberrange.net/
- Hack The Box: https://www.hackthebox.eu/
- FuzzyLand: https://fuzzy.land/
- Hacking Lab: https://www.hacking-lab.com/index.html
To everyone that made me aware of these thank you!
The next generation Direct Kernel Object Manipulation techniques
Direct Kernel Object Manipulation (DKOM) is a technique that allows for software to “hook” in with the Windows operating system at the kernel level. This video is from the INFILTRATE 2019 conference and is titled “DKOM 3.0: Hiding and Hooking with Windows Extension Hosts.” Where they take advantage of a Windows subsystem introduced in Windows 7 to hook the kernel.
Links:
-
- INFILTRATE 2019 Vimeo Video: https://bit.ly/39jl2RG
- Presentation Slide Deck: https://bit.ly/3dtSLLS
ADV200006: Yet more bugs in the Windows font subsystem
Microsoft announced on Monday March 23rd that they observed two exploits being used in the wild that target the font rendering subsystem in Windows. There is NO patch for these vulnerabilities as of this posting. These require the user to open up a document or a web page that has a font in it that will then exploit the Adobe Type Manager subsystem in Windows (all versions) to gain remote code execution. Typically these types of vulnerabilities gain execution in the Windows kernel where the font subsystem code is run. This means a hacker would have SYSTEM access to a Windows target, which, you know, is not good!
Links:
-
- The Register Article: https://bit.ly/3ak03Qg
- Tech Crunch Article: https://tcrn.ch/3dr0DgV
- MS Security Advisory: https://bit.ly/2UA6R5z
DEF CON 2020 CTF qualifiers have been pushed back due to COVID-19
The Order of the Overflow (OOO) has announced on Twitter that they will be pushing back the DEF CON 2020 CTF qualifiers. The new date hasn’t been announced yet, but on their tweet they said it would be announced on May 16th.
Links:
-
- OOO Tweet: http://bit.ly/2UfRZcx
- OOO Quals Page with more information about the delay: http://bit.ly/3dgSax1
DEF CON 2019 Qualifier challenges on GitHub
Order of the Overflow (OOO) which has run the CTF held at DEF CON since 2018 has most of their challenges on GitHub. It primarily includes their qualifier challenges from last year, but they also have a few of the challenges from the CTF held last year in Las Vegas.
Links:
-
- OOO GitHub: http://bit.ly/2WnSnrY
SMBGhost: New unauthenticated RCE SMB v3 bug found in modern Windows
CVE-2020-0796, better known as SMBGhost, was accidentally announce by Microsoft during March 2020’s Patch Tuesday. This bug is in their implementation of compression in SMB v3 and is both unauthenticated and remote and will result in remote code execution on the target machine with no user interaction. This gives it potential to be turned into a worm that will spread through a Windows Active Directory network like wild fire.
Links:
-
- ZDNet Article: https://zd.net/2W9JC4K
- Article on how to disable compression on SMB v3: http://bit.ly/2Qaqvnv
- SMBGhost Scanner: http://bit.ly/2Q9DfKY
- CVE Writeup: http://bit.ly/39NbvU3
New Wi-Fi chipset bug that allows hackers to decrypt communications: Kr00k
Today at RSA Conference 2020 ESET announced a new vulnerability that affects Broadcom and Cypress Wi-Fi chipsets. ESET worked with both vendors prior to announcing it at RSAC 2020 and both vendors have firmware updates available that will patch the bug.
Links:
-
- Original Article: https://zd.net/2T2JD8C
- CVE: http://bit.ly/2w9CEl8
Pentagon, FBI, DHS jointly expose North Korea hacking efforts
What make this news so significant is this is the first time that the DoD has publicly attributed hacking activity to North Korea. Their motives are seemingly to steal money (most likely to help fund their military), but they also allegedly hacked into a nuclear power plan in India. They attribute two APT groups to North Korea:
-
- Hidden Cobra
- Lazarus Group
They also name the malware they used in their hacking efforts.
Links:
-
- CyberScoop Article: http://bit.ly/2V7QG1b
- US Cert Malware Analysis Reports: http://bit.ly/3a2hAfp
Persistence via device firmware
I was reading an article published by SANS, which lead me down a rabbit hole of modifying firmware to have a persistent implant and all the research that has been done on the topic. Firmware runs on a majority of the devices in a modern day computer systems, ranging from a laptop to a cell phone. This includes components such as the track pad, HDD/SSD, network card, USB hubs, GPUs, etc. Doing this research I stumbled on the fact that PCI devices can directly talk to one another with NO OS supervision. So things like antivirus programs or even host based firewalls won’t be able to observe what is going on. This is due to the device directly communication across the PCI/PCIe bus and by modifying the firmware you can achieve persistence and could potentially be platform agnostic.
Links:
-
- Eclypsium Firmware VR: http://bit.ly/32hiiCO
- Eclypsium Know Your Device: http://bit.ly/37KWtMI
- The Jedi Packet Trick takes over the Deathstar (“taking NIC backdoors to the next level”): http://bit.ly/2V6FVMy
- Project Maux Mk.II (“I 0wn the NIC, now I want a shell!”): http://bit.ly/38NP7tl
U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach
The FBI has just issued charges to four Chinese citizens that are in their military with being responsible for the massive data breach in 2017 which comprised over 150 million US citizens personal and credit data.
Links:
-
- Original Article: http://bit.ly/2SxepoB
New bug found in sudo discovered
CVE-2019-18634 is bug affects the tool named “sudo” versions less than 1.8.26 on both Linux and macOS that gives non-root users the ability to run commands as though they are root. The feature of sudo that has the stack overflow is the password feedback, which is thankfully disabled on a majority of Linux distributions, such as Ubuntu. However Mint and Elementary are two distros that have enabled this feature. macOS has this feature enabled, but Apple already has a patch for it.
Links:
-
- Original Article: http://bit.ly/3bu1VGT
- CVE Bulletin: http://bit.ly/2UEZlYJ
- macOS Security Update: https://apple.co/39lEcHd