7 Best Black Hat 2015 White Papers

Do you want to get up-to-speed on latest hacker techniques?

Snagged this list from reddit:

https://www.reddit.com/r/netsec/comments/3fz6z6/blackhat_usa_2015_presentation_slideswhite_papers/cttslpu

Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor

Crash & Pay: How to Own and Clone Contactless Payment Devices

Forging the USB Armory an Open Source Secure Flash-Drive-Sized Computer

SMBv2: Sharing More than Just Your Files

Stagefright: Scary Code in the Heart of Android

Writing Bad @$$ Malware for OS X

WSUSpect – Compromising the Windows Enterprise via Windows Update

Here is info on the Android hack:

https://www.blackhat.com/docs/us-15/materials/us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids.pdf

We did discuss WMI BlackHat presentation here: http://oversitesentry.com/blackhat-presentation-wmi-architecture-used-to-attack/

The WSUSpect and SMBv2 are 2 papers which deserve close review.

Windows Server Update Service(WSUS)

Image from white paper.

Apparently WSUS  can be intercepted if not set up with SSL.

Go to page 17 of the paper:

Any Windows computer that fetches updates from a WSUS server using a non-HTTPS URL is vulnerable to the injection attack described in the white paper. Check the registry keys :

Also the SMBv2: “sharing more than your files” is also a dangerous security problem. Frank James calls it the “French Kiss Attack”

Apparently there is a failure in the Single Sign On design as the french Kiss attack allows the attacker to capture a Windows SSO username and NTLMv2 hashes of passwords. And then the password can be cracked with certain configurations with 8 digit passwords within 2 days.