MIS 5212-Advanced Penetration Testing
MIS 5212 - Section 001 - Wade Mackey
Hi All,
I was finally able to get my wireless adapter to work. The following helped the most if anyone else has these issues:
Driver Installation
Latest Driver
http://alfanetworkinc.blogspot.com/2016/08/awus036ac-awus036ach-awus036eac-kali.html
You also may need to update the Linux Kernel and Headers. Please respond if anyone is experiencing similar issues and I’ll try to help.
This is an interesting article on hackers combining their physical penetration skills with technical skills. Hackers were able to drill a whole the size of a golf ball next to the PIN pad and insert a wire to take command and control of the ATM and dispense cash. Security researchers at Kaspersky demonstrated that the technical hack could easily be done with a simple Arduino controller, a breadboard, and a 9 volt battery.
These stories remind me of Terminator 2 when young John Connor was hacking the ATM machine. The ironic thing is that the ATMs that were compromised have been used since the 90s when that movie came out!
The challenge that banks will face in fixing this vulnerability is that the software cannot be done remotely and they are also recommending adding additional hardware enhancements and physical security controls (e.g. surveillance cameras, physical access controls). This all requires work to be done on premises and these devices are apparently widely in use.
https://www.wired.com/2017/04/hackers-emptying-atms-drill-15-worth-gear/
Forced to decide between disclosing a Tor vulnerability used to gather evidence or dismiss the child porn case it had built; the U.S. Department of Justice chose to protect the exploit.The undisclosed Tor vulnerability was used by the FBI to deanonymize user traffic to the Playpen child porn website hosted as a Tor hidden service. However, the evidence was deemed inadmissible by the court unless the FBI disclosed the method used to gather it
http://searchsecurity.techtarget.com/news/450414394/FBI-chooses-to-protect-Tor-vulnerability-and-dismiss-child-porn-case
This is a tutorial I found which shows how to discover and test an exploit in Windows 7. The tutorial involves using a debugger to test an application that has been sent a buffer overflow and identify the spot in memory to place the shellcode. The tutorial doesn’t get too much into assembly and offers a pretty clear description when needed. There is also a tutorial to exploit Windows applications that have DEP using ROP (a topic that was touched on in Metasploit Unleashed in “Exploit Payloads-MSFrop”).
https://samsclass.info/127/proj/vuln-server.htm
https://samsclass.info/127/proj/rop.htm
Thousands of MySQL databases are potential victims to a ransom attack that appears to be an evolution of the MongoDB ransack campaign observed a couple months ago.As part of the attack, unknown actors are brute forcing poorly secured MySQL servers, enumerate existing databases and their tables, stealing them, and creating a new table to instruct owners to pay a 0.2 Bitcoin (around $200) ransom. Paying, the attackers claim, would provide owners with access to their data, but that’s not entirely true, as some databases are deleted without being stolen.
Attackers were observed overwriting each other’s ransom notes on the targeted databases, and were no longer copying the original data, but simply deleting it. Victims couldn’t retrieve their data even if they paid the ransom.Now, MySQL databases are under fire: using online tools, actors search for servers secured with very weak passwords, brute force them to gain access, then replace the databases with their own table containing a ransom note
http://www.securityweek.com/mysql-databases-targeted-new-ransom-attacks
Researchers from CWI Amsterdam and from Google proved for the first time it is possible to have two different documents with the same SHA-1 value. The teams were able to do this with two different PDFs.The SHA-1 hashing algorithm is outdated but many applications still support it including Github. What this means essentially is that you can take a secret document, Document A, and alter its data (bits) to effectively create a new document, Document B. You could hash both documents with SHA-1 and get the same hashed value (BHGUYU^%$&^$*^&!). Let’s say someone was sending Document A across the Internet but while en route, the document was altered to create Document B. The recipient, expecting to receive Document A, would not know the difference based on the hashed value. If you are encrypting your data based on SHA-1, don’t be too scared right at this moment, however. It took the team 9,223,372,036,854,775,808 SHA-1 computations, 6,500 years of CPU time, and 110 years of GPU time to create the matching hashed values. Most people aren’t able to do this in their basement…..yet.
https://www.theregister.co.uk/2017/02/23/google_first_sha1_collision/
81% of healthcare companies are looking to increase their investing in cyber security, an increase from 60% last year. As most of us have probably heard, there has been a wave of recent ransomware and cyber security attacks against the health care industry. Although seeing breaches of healthcare companies in the news might make it seem like the companies are enduring waves of attacks, only “18% of global healthcare companies said they had a breach in the past 12 months,” much less than the “43% of companies in the retail sector.”
In addition to the increase spending, there has been increased regulations and audits around the security of the healthcare companies’ information systems. Recently, the Children’s Medical Center of Dallas was penalized $3.2 million for not adhering to the recommendation of encrypting patient records. In another example, Memorial Healthcare System had to pay $5 million dollars for data breaches.
Healthcare companies are becoming cognizant of the lack of information system controls, driving compliance to become the focus in security spending. This is an important point, as by increasing controls, healthcare companies will be taking a pro-active approach in dealing with cyber security, instead of the standard reactive one.
This article details a vulnerability in WordPress 4.7.0-1 that allows a user to change any blog post. The article takes you step by step through the process of exploiting the vulnerability.
I found this article intriguing since we are using WordPress for this course. Rest assured, the version we are on is version 4.7.2, and my research says that this vulnerability has been addressed in this release.