Security-minded - QuickPost

And now for a change of pace, these caught my eye this week.

Presented in no known order.

• Everything you wanted to know about SQL injection (but were afraid to ask) - Troy Hunt’s blog
• Kali Linux - Penetration Testing Platform - Kali Linux
• Pass-The-Hash: Protect Your Windows Computers! (Part 1) :: Viruses, trojans and other malware - WindowSecurity.com
• Pass the Hash and Other Credential Theft and Reuse: Preventing Lateral Movement and Privilege Escalation - TechEd North America 2013 | Channel 9
• Techniques malware authors use to evade detection - Help Net Security post.
• ZeroAcces rootkit dominates, adds new persistence techniques - Help Net Security post.

My kind friend the TinyApps bloggist tipped me to these super-juicy fruits.

• Sprites mods - Hard disk hacking - Intro - SpritesMods.com
• Hard drive hack provides root access, even after reinstall | Hacker News
• Researchers demo exploits that bypass Windows 8 Secure Boot | ITworld

Which led to a fun correspondence, from which I then jumped and found this great resource:

• Hard Drive Circuit Board Replacement Guide or How To Swap HDD PCB - Donor Drives

Moving on we also have…

• Quickpost: Rovnix PCAP - Didier Stevens. Didier graciously provided a PCAP file for download and analysis of this clever litter bugger. So you don’t have to risk your system. For more info on the nasty; The evolution of Rovnix: Private TCP/IP stacks - Microsoft Malware Protection Center.

The RSA Blog has some great material here for incident responders:

• Responding When the Attacker has a Foothold - Part 1 - Speaking of Security - The RSA Blog
• Analysis Techniques: Responding When the Attacker has a Foothold – Part II - Speaking of Security - The RSA Blog
• Analysis Techniques: The Attacker Has a Foothold – Part III, Assessing Scope - Speaking of Security - The RSA Blog 

Finally,

• List of keys parsed by RegRipper Plugins /Generated by 3R - RegRipper Ripper v0.2/ - Hexacorn blog - Amazing resource for you RegRipper fans!  Spotted via this 3R update post.
• Making the build even easier - Windows Forensic Environment - The always WinFE restless guru Brett Shavers is teasing us with news of a WinBuilder project to create a standalone “push-button” WinFE build project. Sweet!

Constant Vigilance!

--Claus Valca