HackInTheBox Security Conference Slides (PDFs)

Here is the Schedule And Presentation Calendar
D1T1 – Barisani and Bianco – Practical Exploitation of Embedded Systems.pdf
D1T1 – Chris Wysopal – Data Mining a Mountain of Vulnerabilities.pdf
D1T1 – Lucas Adamski – Firefox OS and You.pdf
D1T1 – Petko Petkov – History of the JavaScript Security Arsenal.pdf
D1T1 – Philippe Langlois and Emmanuel Gadaix – 6000 Ways and More.pdf
D1T1 – The Pirate Bay – Data is Political – NO SHOW
D1T2 – Don Bailey – Hackers, The Movie – A Retrospective.pdf
D1T2 – Haroon Meer – You and Your Research.pdf
D1T2 – Marc Heuse – IPv6 Insecurity Revolutions.pdf
D1T2 – Mark Dowd & Tarjei Mandt – iOS6 Security.pdf
D1T2 – Meder Kydyraliev – Defibrilating Web Security.pdf
D1T2 – Wes Brown – Supercomputing, Malware and Correlation.pdf
D1T3 – Charlie Miller – Attacking NFC.pdf
D1T3 – F Raynal & G Campana – An Attack Path to Jailbreaking Your Home Router.pdf
D1T3 – John Draper – A Historical Look at the Personal Computer and Phreaking.pdf
D1T3 – Jose Nazario – Tracking Large Scale Botnets.pdf
D1T3 – Paul Sebastian Ziegler – Hacking in the Far East.pdf
D1T3 – The Grugq – OPSEC – Because jail is for wuftpd.pdf
D2T1 – Chris Evans – Element 1337 in the Periodic Table – Pwnium.pdf
D2T1 – Katie Moussouris – How to Get Along with Vendors Without Really Trying.pdf
D2T1 – Ollie Whitehouse – Finding the Weak Link in Binaries.pdf
D2T1 – Paul Vixie – Silo Busting in Information Security – NO SLIDES
D2T1 – Rodrigo Branco – A Scientific Study of Malware Obfuscation Technologies.zip
D2T1 – Shreeraj Shah – XSS and CSRF Strike Back Powered by HTML5.pdf
D2T2 – Fyodor Yarochkin and Vladimir – Messing up the Kids Playground.pdf
D2T2 – Jeremiah Grossman – Why Web Security is Fundamentally Broken.pdf
D2T2 – Raoul Chiesa – Information Warfare and Cyberwar.pdf
D2T2 – Saumil Shah – Innovative Approaches to Exploit Delivery.pdf
D2T3 – Emmanuel Gadaix – Something MEGA.pdf
D2T3 – Felix FX Lindner – Hacking Huawei VRP.pdf
D2T3 – Mikko Hypponen – Behind Enemy Lines.pdf
D2T3 – Stefano Zanero – Behaviour-Based Methods for Automated Scalable Malware Analysis.pdf

Thank YOU to Security Monkey’s Chief Monkey for the links…

Managing Server 2008 Servers with Windows Server 2012

There are a couple of things you have to do before you can manage your Windows Server 2008 (and R2) Servers. Windows Server 2012 starts with a new Server Manager that takes a little getting used to. It’s main purpose seems to be to act as a managing point for a bunch of servers. When you first integrate a new Windows Server 2012 machine into an existing 2008 Active Directory environment you will be met with many Red Flags and Refresh Errors. This can be solved by first installing Windows Management Framework 3.0 in all of your existing Windows Server 2008 and Server 2008 R2 servers. Windows Management Framework 3.0 includes PowerShell 3.0, WMI & WinRM, and is listed as KB2506146 or kb2506143.

However, installing WMF 3.0 is not enough, as you will still be met with “cannot get performance data” errors in Server Manager even after running winrm quickconfig on each of the 2008 servers. You then actually have to go and download Hotfix KB2682011 from Microsoft, and you will have to log in with a Microsoft Account and fill out a form from which they will use to email you a link to download the Hotfixes. You will have to choose between a Windows Vista and Windows Server 2008 R2/Windows 7 (6.0 and 6.1) packages to download.

Problems Getting Rid of Hamachi??

I recently uninstalled Logmein Hamachi and noticed that it left behind a pesky virtual network adapter.

If you are not familiar with Hamachi, it is actually a Virtual Private Network that is rather unique in nature. It creates a Secure Network between the hosts that you install it on. If you interested at all I suggest you listen to this VERY OLD episode of Security Now where Steve Gibson Discusses it (Before It was Bought by LOGMEIN).

OK, I was reading this forum and saw that the very last questions asked for someone to explain this in english and also what to do with the registry key. Read the original Posts Here: I have a feeling that some people are not used to editing the registry, so here is a little more explanation. Go to Start (SearchBox) and Type regedit
press enter: then you can go to edit and find and you can search for hamachi there.

However don’t just delete anything yet, because it probably is in a few places since it has a pesky virtual network adapter that I am determined to remove after uninstalling the program. The safest thing to do is to Backup each registry key that comes up when you search for Hamachi. FIRST. This can be done by putting your mouse cursor IN THE LEFT BIG WINDOW OF THE Registry Editor where the very faint highlight is after searching with Find: My example brought up HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootNET001
Now this key SHOULD NOT BE DELETED most likely, (hoiwever I have deleted some of these numbered network adapter interface keys in the past without any problems) but you should right click on the 001 underneath NET in the big left window. then select EXPORT: “I suggest you make a folder somewhere like My Documents or an external backup drive and name it RegistryBackups to save your exported keys to. After this you can also go to Favorites in the MENU ON THE TOP of registry editor and also add this key to your favorites( so you can find it again if you have to!). Ok, before you do anything else, go back to EDIT (on top again) and choose FIND NEXT: This will find any other instances of Hamachi in the registry (be aware that it may find the each instance of the word Hamchi so you may have to keep hitting next and pay attention to they key listed at the very bottom of RegistryEditor), and repeat the steps, EXPORTING and adding to Favorites, Keep doing this until you backed up all the Hamachi registry keys that are found and it tells you that there are no more instances of Hamachi.

Now in the case of the Hamachi Network Interface – It most likely should be under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}-Now I’m pretty sure this is the place that makes it show up in Device Manager but I am not going to tell you to go in and delete anything here because each network interface is numbered and deleting the keys will mess up the numbering, but I have done it several times and Have not Yet Noticed any problems, but many people tell you to add a dash before the name of the Key that you want to delete, or as someone said above just add an X to it. Thats fine. I just wanted to post this to clarify to someone not used to editing the registry as to how it is done, I cannot take responsibility for anyone that deletes anything they shouldn’t. In your case, You may mess up your system, I can only tell you what worked for me when I had over 41 Virtual Network Adapters from VirtualBox and just got sick of them all so I went in and deleted all the keys here and they dissapeared.

I now use VMWare and have had no network adapter issues a few months later so I guess it’s possible to just delete the keys in this location, but I suggest you do more research, and as the people pointed out above, they were trying to uninstall the program, not delete the network adapter, so they key mentioned above was the Install Key Location, but the same method can be used to delete that one as well. Before I go, If you exported the file correctly (it should have ended in a .reg) if you need to recover the exported key, all you have to do is right click on it in the Registry Backup Folder location, and choose MERGE. It will give you a strong warning about adding something to the registry and you must be administrator, but if you click yes, it will be added back to the registry. I hope I didn’t forget anything.:catwink: ALSO, you can check out this Rackspace detailed Hamachi Guide HERE:

Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012.

The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. Here is the Microsoft Security Advisory Page: However, in Internet Explorer 10, the Windows 8-style UI will only play Flash content from sites listed on the Compatibility View (CV) list, therefore an attacker who created a malicious Flash object would have to compromise a website already listed in the CV list. Microsoft also warns users that “By default, all supported versions of Microsoft Outlook and Windows Live Mail open HTML email messages in the Restricted sites zone.” Which means that even if the user does not use Internet Explorer, just opening an email in Outlook or a document in Word that invokes an action to a webpage involving Flash Player could be enough to exploit the users. They go on to publish a registry edit that will prevent ActiveX from automatically invoking Flash:

Prevent Adobe Flash Player from running
You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To set the kill bit for the control in the registry, perform the following steps:

Paste the following into a text file and save it with the .reg file extension.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400

Double-click the .reg file to apply it to an individual system.

You can also apply it across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.
Note You must restart Internet Explorer for your changes to take effect.
Today, (October 9th) is Microsoft's Infamous Patch Tuesday and there are a total of 7 bulletins that are patching about 20 vulnerabilities.

Once you update however, you will not need to apply this ActiveX killbit, so it is only here for those who are not planning on updating their systems right away with Windows Update.

The Jig is Up for Angry Birds & Bad Piggies for Chrome!

Jason Digg (Research Scientist) blogged about a Barracuda Networks Lab discovery that several Google Chrome browser extensions were adding Spamvertisements to many different websites that users visited while browsing with Chrome. In fact, they found that installing several Angry Birds or Bad piggies type extensions from the Chrome Web Store will lead to www.playook.info secretly adding its own iframe advertisements to several well known pages including Yahoo, MSN, Ebay, IMDB, and many more. Users may not even realize that their webpages have been maliciously altered to show them whatever ads that Playook.info’s developer wants to.

Fake Angry Birds & Bad Piggies extensions from Playook.info

This is very serious and I feel that Google should deal with these developers and banish their extensions and apps from Google’s stores. This reminds me of stories I’ve heard where hotels would actually try to add javascript to the webpages of guests that were using the Hotel WIFI, and that did not end well for the hotels. Anytime a web page is defaced or altered in this manner it is a major invasion of privacy and the 82,593 people that have installed these Bad Piggie and Angry Birds games need to be warned somehow to uninstall these extensions from their Chrome browser.

Here is how this could have been prevented. All of these apps had to ask for excessive permissions from the user, or complete access to every web page that the user visits with Chrome. If you look at Google’s page on extension permissions, and see that Google does warn you that if an extension or app asks for “All data on your computer and the websites you visit” then that is a “High Alert” and the user Should not install the App. The truth is this will not keep most users from installing an app that they want to use. They either won’t understand what is being asked for or they will just think that is normal, or they will just skip right by and install the extension. But does this mean that it is okay that these apps have secret code inside them that alters web pages?? No, it does not, Google must Act and get these Malicious Apps out of the store and also should alert anyone with these extensions installed that they are being taken for a ride by WWW.PLAYOOK.INFO.

You can read the original article here:

Some Entertaining DerbyCon Videos (Courtesy of IronGeek)

HD Moore – Wild, Wild West

Dan Kaminsky – Black Ops

Jason E. Street – Securing The Internet

Dave Marcus – 2FA-Enabled Fraud:Dissecting Operation High-Roller

Rob Fuller (mubix) and Chris Gates (Carnal Ownage) – Dirty Little Secrets Pt.2

You can see all of the videos at www.irongeek.com