TheInterW3bs.com

Just another guy griping on his blog

Archive for September, 2011

Low-end Windows Patching

Sep 23

Posted by nick in Security, Windows

In every environment you will run across systems that are missing some patches.  Sometimes your patch management tool fails or the other circumstances prevent you from getting a patch to a machine.  Most places I see, prevent their machines from going straight to Windows Update and I’ve found myself in situations before where I want the simplest solution to apply a patch on a remote machine without the user knowing and without going thru some SCCM or [INSERT TOOL HERE] hell.  Here is a simple method that I have used in the past.  It is a great cheap Windows patching solution.  Of course you need remote admin on the machines in need of the patch to perform these actions.
First visit the appropriate IT professional page to determine the correct switches (usually /quiet /norestart).  For example, for MS11-058 http://technet.microsoft.com/en-us/security/bulletin/ms11-058.  Then create a text file containing the names or IP addresses of the machines in need of the same patch.

type ms11-058.txt
windowsbox1
172.16.2.2
172.16.3.3
windowsbox2
windowsbox3
windowsbox4
windowsbox5

Then create a batch file that reads the ms11-058.txt and copies the patch to the remote machine’s c:\windows\temp and then runs the patch command syntax on the machine.

type ms11-058.bat
@echo off
REM MS11-058

FOR /F "tokens=*" %%G IN (ms11-058.txt) DO xcopy Windows6.0-KB2562485-x86.msu \\%%G\c$\windows\temp\

wmic /node:"@ms11-058.txt" /user:YourAdminAccount process call create "cmd.exe /c cd c:\Windows\Temp && C:\Windows\Temp\Windows6.0-KB2562485-x86.msu /quiet /norestart"

And if the Microsoft gods are smiling on you that day, the pc should now be patched.

No Comments

Hakin9 – Intro into Android Security

Sep 21

Posted by nick in Security

To continue my tradition of reviewing some of the Hakin9 issues, I will give a brief overview of September’s Hakin9 issue.  This issue is all about Android Security and it is a terrific read on Android testing and malware.  The first article, Mobile Malware Analysis is a great soup to nuts Android malware analysis.  It covers analyzing a hippoSMS sample and how to setup your AVD environment, Dalvik disassembly, code and network analysis.  It is a great read for anyone interested in getting started in Android app analysis.

The next article covers an analysis of Zitmo, Zeus on the mobile platform.  This article is another great analysis of Android malware.  This article has some great technical details regarding the Zitmo code, pointing out code issues, tools used for analysis and a nice breakdown on how the code works.

The following article is about setting up your Android environment for app testing.  While a good portion of it was covered in the first two articles it does go into detail on how to intercept traffic, memory analysis, app setup and finally static code analysis.  A fair article on getting to know the tools and how to properly test your apps.

The next article, Android (In)Security is pretty nice article about the highs and lows of the Android platform.  Knowing the threats out there on your devices is one of the most powerful defenses you can implement and this article does a nice good giving you an overview of some of the common ones.

The following articles sway from the Android topic.  The first one covers setting up a malware http and binary virus total analysis Ruby script.  Nice little script.  I personally love little scripts like this.  They do wonders in automating the annoying steps you have to deal with when capturing data.  The following article is another great little tip on using modrewrite to help thwart attacks.  Awesome info!  The next article is about Bluetooth hacking.  It covers some older hacks for older hardware.  Nothing revolutionary in here but fair tips for older phones.

 

No Comments