Ready to Start Your Career?
November 23, 2016
[podcast] BlackNurse, Buenoware, ICMP, Atombombing, and PDF converter fails
November 23, 2016
[embed]https://traffic.libsyn.com/brakeingsecurity/2016-046-Black_Nurse_buenoware_IoT_pwnage.mp3[/embed] This week, Mr. Boettcher found himself with an interesting conundrum concerning what happened when he converted a Windows DOCX file to a PDF using a popular#PDF converter software. We discuss what happened, how Software Restriction Policy in Windows kept him safe from a potential malware infection, and about the logging that occurred.After that, we discuss some recent vulnerabilities, like the BlackNurse Resource Exhaustion vulnerability and how you can protect your infrastructure from a DDoS that can occur from someone sending your firewall 300 packets a second... which anyone can do.We discuss Robert Graham's recent run-in with a new surveillance camera and how it was pwned in less time than you think. And learn about the 'buenoware' that has been released that 'patches' IoT and embedded devices... But does it do more harm than good, and is it legal?All that and more this week on Brakeing Down Security Podcast!Check out our official#Slack Channel! Sign up at https://brakesec.signup.teamNext Book Club session is 29 November 2016. Our current book for study is 'Software Security: Building Security In' by Dr. Gary McGraw https://www.amazon.com/Software-Security-Building-Gary-McGraw/dp/0321356705 (ebook is available of Safari books online) BlackNurse https://nakedsecurity.sophos.com/2016/11/17/blacknurse-revisited-what-you-need-to-know/ http://researchcenter.paloaltonetworks.com/2016/11/note-customers-regarding-blacknurse-report/ http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack Recent tweet from @boettcherpwned about infected docx with macros and we discuss why Foxit PDF runs the macros and open_document:https://twitter.com/boettcherpwned/status/799726266693713920
Brakesec Podcast about Software Restriction Policy and Application Whitelisting on Windows: http://traffic.libsyn.com/brakeingsecurity/2016-018-software_restriction_policy-applocker.mp3Rob Graham @errataBob: new camera pwned by#Mirai botnet and others within 5 minutes:https://twitter.com/newsyc200/status/799761390915424261#BlackNurse https://nakedsecurity.sophos.com/2016/11/17/blacknurse-revisited-what-you-need-to-know/ http://researchcenter.paloaltonetworks.com/2016/11/note-customers-regarding-blacknurse-report/ http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-AttackICMPType 3, Code 3 (Destination Port unreachable) http://www.faqs.org/rfcs/rfc792.html#SHA1 deprecated on website certs by Chrome on 1 January 2017 http://www.darkreading.com/operations/as-deadline-looms-35-percent-of-web-sites-still-rely-on-sha-1/d/d-id/1327522#Benevolent#malware (buenoware) https://isc.sans.edu/diary/Benevolent+malware%3F+reincarnaLinux.Wifatch/21703
#Atombombing http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions https://breakingmalware.com/injection-techniques/atombombing-cfg-protected-processes/http://www.pandasecurity.com/mediacenter/malware/atombombing-windows-cybersecurity/ Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-046-Black_Nurse_buenoware_IoT_pwnage.mp3iTunes: https://itunes.apple.com/us/podcast/2016-046-blacknurse-buenoware/id799131292?i=1000378076060&mt=2Youtube: https://www.youtube.com/watch?v=w-FEJuWGXaQ #RSS: http://www.brakeingsecurity.com/rss#Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969#SoundCloud: https://www.soundcloud.com/bryan-brakeComments, Questions, Feedback: email@example.comSupport Brakeing Down Security#Podcast on #Patreon: https://www.patreon.com/bds_podcast#Twitter: @brakesec @boettcherpwned @bryanbrake#Facebook: https://www.facebook.com/BrakeingDownSec/#Tumblr: http://brakeingdownsecurity.tumblr.com/#Player.FM : https://player.fm/series/brakeing-down-security-podcast#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582