Tag Archives: Metasploit

[ISN] The Security Setup – HD Moore

http://www.thesecuritysetup.com/home/2014/10/1/hd-moore [Interesting website I found while following someone else who was profiled earlier, Uri with @redteamsblog, the idea here is ‘what setup do folks in security use to attack, defend, build, break, hack, crack, secure, etc.’ which should make for some interesting reading. – WK] H D Moore OCTOBER 1, 2014 Who are you, and what do you do? My name is H D Moore (since the day I was born, it doesn’t stand for anything). I am a security researcher and the chief research officer for Rapid7. Some folks may be familiar with my work on Metasploit, but these days I also spend a lot of time scanning the internet as part of Project Sonar. My servers send friendly greetings to your servers at least once a week. Howdy! What hardware & operating systems do you use? Lots. My normal workload involves crunching a billion records at a time, running a dozen different operating systems, and still handling corporate stuff via Outlook and PowerPoint. As of 2009, I finally made the switch to Windows as my primary OS after being a die-hard Linux user since 1995. That doesn’t mean that I use Windows itself all that much, but I find it to be a useful environment to run virtual machines and access the rest of my hardware with SSH and X11. The tipping point was the need to quickly respond to corporate email and edit Office documents without using a dedicated virtual machine or mangling the contents in the process. The second benefit to using Windows is on the laptop front; Suspend, resume, and full hardware support don’t involve weeks of tuning just to have a portable machine. Finally, I tend to play a lot of video games as well, which work best on overspecced Windows hardware. All that said, Windows as productivity platform isn’t great, and almost all of my real work occurs in web browsers (Chrome), virtual machines (VMWare for Intel/AMD64 and QEmu for RISC), and SSH-forwarded XFCE4 tabbed-terminals. The laptop I currently use started life as a banged up ASUS ROG G750 (17″) bought as the display model from a Best Buy. The drives, video card, and memory were swapped out bringing the total specs up to 32Gb RAM, a 512Gb SSD boot disk, a 1Tb backup disk, and a GeForce GTX 770 GPU. This runs the most loathed operating system of all, Windows 8.1 (Update 1) Enterprise, but it has a huge screen, was relatively cheap, and can run my development virtual machines without falling over. It also runs Borderlands2 and Skyrim at maximum settings, critical features for any mobile system. Given that the total cost was under $1,500, it is a great machine for working on the road and blocking automatic weapons fire (as its weighs about 20 Lbs with accessories). I carry this beast around in a converted ammunition bag, sans the grenade pouches. […]


[ISN] Data Triage For The Boston Bombing: How Beth Israel Deaconess Protected Patient Records From Hackers, Journalists, And Curious Doctors

http://www.fastcompany.com/3016156/the-code-war/data-triage-for-the-boston-bombing-how-beth-israel-deaconess-protected-patient- By Neal Ungerleider Fast Company August 21, 2013 When bombs went off at the Boston Marathon on April 15, Beth Israel Deaconess Medical Center (BIDMC) CIO John Halamka found himself dealing with the kind of the emergency few drills could ever prepare you for. As bombing victims were brought into his downtown hospital and the city went into lockdown, Halamka and his team began to parse a nightmare situation. Then it got worse. Suspect Dzhokhar Tsarnaev was bought to Beth Israel… and Halamka, a prominent figure in the bioinformatics world, had to deal with a very unique challenge: How to make sure the Boston bombers’ medical records were not stolen by journalists, leaked by hospital employees looking for a payday, or made catch of the day by hackers or foreign intelligence services. (Some of these records, it’s worth noting, have recently been released by court order.) Halamka came to his position at BIDMC with a unique resume. A practicing emergency room physician, he previously worked as a research assistant to Edward Teller and Milton Friedman. Outside of medicine, Halamka founded a software development firm and is a professor at Harvard Medical School. These days, he maintains the popular Geek Doctor blog and lives on an alpaca-breeding farm in rural Massachusetts. BIDMC explained their tech challenges following the marathon bombing at the United Summit in Boston, an annual security event sponsored by Metasploit creators Rapid7. It was a unique situation for everyone at the hospital, and IT workers had to jump into crisis mode much like the surgeons and nurses. After all, what happens to the hospital if their computers crash? After his presentation, Halamka explained to Fast Company how nobody accounted for the possibility that BIDMC’s engineers could be detained in the hospital’s off-site data center as Boston entered lockdown. […]


[ISN] Hacker Holes in Server Management System Allow ‘Almost-Physical’ Access

http://www.wired.com/threatlevel/2013/07/ipmi/ By Kim Zetter Threat Level Wired.com 07.02.13 Major vulnerabilities in a protocol for remotely monitoring and managing servers would allow attackers to hijack the computers to gain control of them, access or erase data, or lock others out. The vulnerabilities exist in more than 100,000 servers connected to the internet, according to two researchers. The vulnerabilities reside in the Intelligent Platform Management Interface, a protocol used by Baseboard Management Controllers that are used to remotely monitor servers for heat and electricity issues as well as manage access to them and other functions. The security holes would allow hackers to obtain password hashes from the servers or bypass authentication entirely to copy content, install a backdoor or even wipe the servers clean, according to Dan Farmer, an independent computer security consultant who conducted the research for the Defense Department’s DARPA. A scan of the internet conducted by HD Moore, chief research officer at Rapid7 and creator of the Metasploit Framework penetration testing tool, found more than 100,000 systems online that were vulnerable to one or more of the security issues. […]


[ISN] Metasploit Module Released For IE Zero-Day Flaw Used In Labor Attack

http://www.darkreading.com/attacks-breaches/metasploit-module-released-for-ie-zero-d/240154190 By Kelly Jackson Higgins Dark Reading May 06, 2013 A targeted attack discovered last week serving up malware from the U.S. Department of Labor’s (DOL) website employed a previously unknown vulnerability in Internet Explorer 8 that Microsoft says it will fix either with an emergency patch or via its monthly patch process. And as is tradition, Metasploit also has quickly added an exploit pack for the new flaw, a use-after-free bug that has been assigned as CVE-2013-1347. “Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability,” a security advisory issued by Microsoft late on Friday said. “Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.” Security researchers at AlienVault Labs and Invincea initially attributed the exploit to a patched bug in IE 8, CVE-2012-4792, but further investigation into the attacks found it was a new flaw. FireEye is credited with reporting the find to Microsoft. At least nine additional websites in addition to the DOL were hit with the attack simultaneously, according to Jaime Blasco, director of AlienVault research labs. Blasco said in a blog post over the weekend that nonprofit organizations and a large European aerospace, defense, and security company were among the websites hit in the waterhole campaign. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


[ISN] Unplug Universal Plug And Play: Security Warning

http://www.informationweek.com/security/vulnerabilities/unplug-universal-plug-and-play-security/240147226 By Mathew J. Schwartz InformationWeek January 29, 2013 More than 23 million Internet-connected devices are vulnerable to being exploited by a single UDP packet, while tens of millions more are at risk of being remotely exploited. That warning was issued Tuesday by vulnerability management and penetration testing firm Rapid7, which said its researchers spent six months studying how many universal plug and play (UPnP) devices are connected to the Internet — and what the resulting security implications might be. The full findings have been documented in a 29-page report, “Security Flaws In Universal Plug and Play.” “The results were shocking, to the say the least,” according to a blog post from report author HD Moore, chief security officer of Rapid7 and the creator of the open source penetration testing toolkit Metasploit. “Over 80 million unique IPs were identified that responded to UPnP discovery requests from the Internet.” UPnP is a set of standardized protocols and procedures that are designed to make network-connected and wireless devices easy to use. Devices that use the protocol — which is aimed more at residential users rather than enterprises — include everything from routers and printers to network-attached storage devices and smart TVs. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


CFP for CactusCon – March 22, 2013 in Tempe, AZ

http://www.cactuscon.com/cfp Presentations Presentations can be 20 or 50 minutes. We are looking for presentations on breaking, building, defending, and other relevant security topics. Vendor pitches will not be accepted. Workshops Workshops offer hands-on training on a specific topic. Last year’s workshops included Metasploit for Pentesters, Arduino Ethernet, and a lockpick village. Important Dates Jan 4, 2012: Submission deadline Jan 11, 2013: First round picks Jan 18, 2013: Second round picks Submit Email submissions to cfp (at) cactuscon.com. Please include the following: Name Contact Info Bio Format: 20 min presentation | 50 min presentation | workshop Title Abstract ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Metasploit Exploit released for Trend Internet Security 2010

I was cruising the Exploit-DB.com site today just  to see the latest in the exploits in the wild and noticed right away that there was a new metasploit exploit released on October 1st for Trend Micro’s Internet Security Pro 2010. It always chills me when I see exploits for security vendors. I guess I see them as being special or something. Maybe I shouldn’t put them so much on a pedestal since I guess all programmers can make mistakes. However, the question is… should we expect security vendors to have better security than their customers or other software companies? I wonder if NSS Labs is going to come up with a framework for assessing or certifying security product vendor’s development processes? Hmm… That’d be nice to see.

See the exploit below: