While taking a look at the SMBGhost vulnerability, security researchers at ZecOps discovered another seperarate bug in the SMB compression subsystem that they are calling “SMBleed” (CVE-2020-1206). Microsoft has issued patches for both SMBGhost and SMBleed in June’s PatchTuesday.
I just read and article where a security research was able to take the SMBGhost (CVE-2020-0796) exploit, which was previously just a local privilege escalation, and make it remote and has the potential to be turned into a worm. SMBGhost is a vulnerability in the SMB3 compression feature. Microsoft has yet to release a patch.
I posted about a back in February about a new Android bug in the Bluetooth stack (CVE-2020-0022). This is a nasty bug that affects Android 8-10 devices and requires no user interaction the attack just needs to be in proximity to any Android device that has Bluetooth enabled. In Android 8 and 9 it’ll gain remote code execution and in Android 10 it’ll just crash the Bluetooth stack. BlueFrag is the name of the exploit that takes advantage of this vulnerability.
I just read on the official DEF CON Twitter account that Dark Tangent has decided to cancel DEF CON 28 due to the COVID-19 pandemic. The good news is he said it was the “in-person” conference held in Las Vegas, so there is still hope that they will have a virtual version of it just like Way West Wild Hackin’ Fest did in March for their in-person conference for the same reason.
ProxyJump makes SSH’ing from a bastion to hosts behind it very convenient and it is built into SSH since v7.3. It makes use of the ProxyCommand underneath the hood that will dispatch commands to another SSH connection and display the output and has been in SSH for a “long time” according to the article.
I guess one of the benefits of being on lockdown is that security engineers have a lot of free time on their hands to create new Linux distributions and in this case there are two new Linux distros that have been developed focusing on software defined radios.
- DragonOS – DragonOS LTS an out-of-the-box Lubuntu 18.04 based x86_64 operating system for anyone interested in software defined radios. All source installed software is located in the /usr/src directory while the remaining software was installed by package managers. This is a brief summary of the software included, while not complete, it covers the bigger named packages and some of the drivers installed for the various supported SDRs such as the HackRF One, RTL-SDR, and LimeSDR. This distro includes the following SDR related tools: Universal Radio Hacker, GNU Radio, Aircrack-ng, GQRX, Kalibrate-hackrf, wireshare, gr-gsm, rtl-sdr, HackRF, IMSI-catcher, Zenmap, inspectrum, qspectrumanalyzer, LTE-Cell-Scanner, CubicSDR, Limesuite, ShinySDR, SDRAngel, SDRTrunk, Kismet, BladeRF
- Gorizont-rtlsdr – This distribution contains only RTL2832U chipset family rtl_sdr drivers and modules, and concentrates on providing terrestial HF/VHF/UHF signal processing and portable DAB+ reception with the cheapest and most available equipment. No other devices are supported. This distribution is intended for experimentation and legal listening purposes only. NOTE: No TETRA or similar trunked system decoders are included in this distribution for legal reasons.
I just found out from chutzp4 our own 5n1p3r came in first place this week in GRIMMCon’s COBOL CTF. Everyone join me in congratulating him on his achievement!
I found this really awesome guide on Twitter this morning which walks you through what NTLM relay attacks are and then teaches you how to do this style attack against Windows and Samba.
I found this image posted by the officail RTL-SDR Twitter account. It gives a comparison of the noise experienced in different frequency ranges by various software defined radios (SDRs).
Pentester Academy announced on Twitter that they have a free CTF training environment. You need to log in using your Google account, however they have a total of 25 challenges and you don’t need to VPN into their network, everything can be done with a web browser.