While I was browsing Twitter today, I found an interesting open source effort which is a PowerShell module that will make the box into a SOCKv4 and v5 proxy server. I have forked the repo and you can find it here:
This YouTube video is titled “Lightening fast CTF solving – Automatic Exploit Generation & Side Channel Analysis” was sent to me by Sketch from this year’s BSides DC. It shows how to automate exploitation for stack overflows and format string vulnerabilities and the tool suite is built on top of the “angr” framework, Intel’s Pin framework and the “pwntools” package for Python. At the tail end of the video he actually applies this tool suite against a NETGEAR SOHO router which not only finds the vulnerability but will actually exploit it remotely and discusses how it can be used to identify and exploit these vulnerabilities in IoT devices.
I have already taken the liberty of forking all of his GitHub repositories and you can find them here:
This week at the RSA Conference held in San Diego, CA they had a panel that discussed the five most dangerous attacks and how to defend against them. The panel included Ed Skoudis who’s hailed as the best penetration tester in the country and is a SANS Institute Fellow.
At this year’s RSA Conference in San Francisco, CA NSA released their GHIDRA reverse engineer framework on GitHub. Within hours security research have found an vulnerability in it that can be exploited to gain remote code execution because it listens on a TCP port that is open on all interfaces.
I found this walk-through on Twitter this afternoon which was put together by TrustedSec. This technique is great for running payloads on Windows systems remotely!
Splunk Enterprise version 7.2.4 custom application remote code execution exploit using a persistent backdoor with a custom binary payload.
Wireshark which is the best open source PCAP analyzer just hit a major milestone with the release of 3.0.0 which you can download now at:
Why has PDF not been replaced with something else is beyond me. So I was reading an article discussing researches have found all of the major PDF readers, including Adobe Acrobat Reader, and signing services are vulnerable to forgery attacks where the PDF can be modified without impacting it’s signature.
Remember a few months ago reading about the SPECTRE vulnerability and how you thought it’s too obscure to be of a threat? Well, time to change your thinking. Some security researchers have found a way to leverage the vulnerability to hide malware.
If the WinBox port is exposed on it’s WAN port (which is not the default, but there are thousands of MikroTik routers where the system administrators have it enabled so they can administer it remotely) hackers can send traffic through it bypassing the firewall and NAT to get to devices behind the MikroTik.