PrimalSec Podcast Episode #2

Play

PrimalSec Podcast Episode 2 for September 17, 2013.  This month’s podcast is hosted by Andrew, Luke, and Matt.

Announcements:

PrimalSec will be attending Hacker Halted in Altanta George and participating in Global CyberLympics September 18th-21st – www.hackerhalted.com

PrimalSec will be attending DerbyCon 2013 in Louisville Kentucky on September 25-29th – www.derbycon.com

Podcast Highlights:

This month PrimalSec wrote several tools in preparation for upcoming Cyber Competitions.  We covered these tools in our blog posts (iptrap.py, Flytrap.exe, Gumdrop.exe) and we also quickly touch on a Ruby course we took this month “Ruby for Security Professionals” by threatagent.com.  In addition, we made a post on Cuckoo Sandbox with some reverse engineering concepts using IDA Pro, and a post going over Tor:

CTF Scripts and PyInstaller (.py > .exe)

Gumdrop.exe — Quick Windows Recon

I’m Cuckoo for Malware – with a spice of Reverse Engineering

Anonymity Online pt2 – TOR


News Items and Interesting Reads:

# Information on several targeted attack campaigns were released:
https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-community/
http://www.theregister.co.uk/2013/08/07/india_cyberespionage/
http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html
http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/
http://www.fireeye.com/blog/technical/targeted-attack/2013/08/pivy-assessing-damage-and-extracting-intel.html

# SEA Hacks Twitter to get into NY Times
https://threatpost.com/syrian-electronic-army-hacks-washington-post/102005
https://krebsonsecurity.com/2013/08/washington-post-site-hacked-after-successful-phishing-campaign/
http://thehackernews.com/2013/08/Outbrain-hacked-Syrian-Electronic-Army.html

# India Hacks Pakistan, then Pakistan Cyber Army retaliates
http://thehackernews.com/2013/08/pakistan-army-site-and-facebook-pages.html
http://thehackernews.com/2013/08/Pakistani-hackers-Indian-railway-cyber-army.html

# Firefox 0-day/Exploit:
http://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hunt/
https://community.rapid7.com/community/metasploit/blog/2013/08/07/heres-that-fbi-firefox-exploit-for-you-cve-2013-1690

Black Hat 2013:
https://www.blackhat.com/us-13/archives.html

# Tools:
SET v5.3:
https://www.trustedsec.com/august-2013/the-social-engineer-toolkit-set-v5-3-released/

ZMAP:
https://isc.sans.edu/diary/ZMAP+1.02+released/16397

Nmap 6.40:
http://seclists.org/nmap-announce/2013/1

Tortilla – Released at Black Hat
http://www.crowdstrike.com/community-tools/index.html

# Other Interesting Reads:
http://thehackernews.com/2013/08/new-botnet-campaign-fort-disco-brute.html
https://blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx
http://blog.malwarebytes.org/intelligence/2013/08/ms-office-files/
http://blog.malwarebytes.org/intelligence/2013/08/the-malware-archives-pdf-files/
http://thehackernews.com/2013/08/OpenX-Advertising-Malware-backdoor-hacked-trojan.html
http://investigations.nbcnews.com/_news/2013/08/06/19566531-chinese-firm-paid-insider-to-kill-my-company-american-ceo-says
http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-over-decoy-water-plant/
http://www.theregister.co.uk/2013/08/05/iwf_business_sites_hacked_to_host_images/
http://thehackernews.com/2013/08/vulnerability-found-in-apples-ios-can.html
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
https://www.mandiant.com/blog/responding-attacks-apache-struts2/
http://www.symantec.com/connect/blogs/chinese-ransomlock-malware-changes-windows-login-credentials

Leave a Reply