Health: May 2020

Friday 22 May 2020

Wirelurker For OSX, iOS (Part I) And Windows (Part II) Samples

PART II

Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao

PART I

Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

Sample credit: Claud Xiao

Download

Download Part I
Download Part II

Email me if you need the password

List of files

List of hashes

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd

apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595

│ apps.ipa
│ σ╛«σìÜ 3.4.1.dmg
│
└───WhatsAppMessenger 2.11.7
libiconv-2_.dll
libxml2.dll
libz_.dll
mfc100u.dll
msvcr100.dll
WhatsAppMessenger 2.11.7.exe
zlib1.dll
使用说明.txt

Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36

sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f

File listing

├───databases

│ foundation

│

├───dropped

│ ├───version_A

│ │ │ com.apple.globalupdate.plist

│ │ │ com.apple.machook_damon.plist

│ │ │ globalupdate

│ │ │ machook

│ │ │ sfbase.dylib

│ │ │ watch.sh

│ │ │

│ │ ├───dylib

│ │ │ libcrypto.1.0.0.dylib

│ │ │ libiconv.2.dylib

│ │ │ libimobiledevice.4.dylib

│ │ │ liblzma.5.dylib

│ │ │ libplist.2.dylib

│ │ │ libssl.1.0.0.dylib

│ │ │ libusbmuxd.2.dylib

│ │ │ libxml2.2.dylib

│ │ │ libz.1.dylib

│ │ │

│ │ ├───log

│ │ └───update

│ ├───version_B

│ │ com.apple.globalupdate.plist

│ │ com.apple.itunesupdate.plist

│ │ com.apple.machook_damon.plist

│ │ com.apple.watchproc.plist

│ │ globalupdate

│ │ itunesupdate

│ │ machook

│ │ start

│ │ WatchProc

│ │

│ └───version_C

│ │ com.apple.appstore.plughelper.plist

│ │ com.apple.appstore.PluginHelper

│ │ com.apple.MailServiceAgentHelper

│ │ com.apple.MailServiceAgentHelper.plist

│ │ com.apple.periodic-dd-mm-yy.plist

│ │ com.apple.systemkeychain-helper.plist

│ │ periodicdate

│ │ stty5.11.pl

│ │ systemkeychain-helper

│ │

│ └───manpath.d

│ libcrypto.1.0.0.dylib

│ libiconv.2.dylib

│ libimobiledevice.4.dylib

│ libiodb.dylib

│ liblzma.5.dylib

│ libplist.2.dylib

│ libssl.1.0.0.dylib

│ libusbmuxd.2.dylib

│ libxml2.2.dylib

│ libz.1.dylib

│ libzip.2.dylib

│

├───iOS

│ sfbase.dylib

│ sfbase_v4000.dylib

│ sfbase_v4001.dylib

│ start

│ stty5.11.pl

│

├───IPAs

│ 7b9e685e89b8c7e11f554b05cdd6819a

│ pphelper

│

├───original

│ BikeBaron

│ CleanApp

│ FontMap1.cfg

│ start.sh

│

└───update

start.sh

update

Related news

Top Process Related Commands In Linux Distributions

Commands in Linux are just the keys to explore and close the Linux. As you can do things manually by simple clicking over the programs just like windows to open an applications. But if you don't have any idea about commands of Linux and definitely you also don't know about the Linux terminal. You cannot explore Linux deeply. Because terminal is the brain of the Linux and you can do everything by using Linux terminal in any Linux distribution. So, if you wanna work over the Linux distro then you should know about the commands as well. In this blog you will exactly get the content about Linux processes commands which are are given below.

ps

The "ps" command is used in Linux to display your currently active processes over the Linux based system. It will give you all the detail of the processes which are active on the system.

ps aux|grep

The "ps aux|grep" command is used in Linux distributions to find all the process id of particular process like if you wanna know about all the process ids related to telnet process then you just have to type a simple command like "ps aux|grep 'telnet'". This command will give you the details about telnet processes.

pmap

The "pmap" command in Linux operating system will display the map of processes running over the memory in Linux based system.

top

The "top" command is used in Linux operating system to display all the running processes over the system's background. It will display all the processes with process id (pid) by which you can easily kill/end the process.

Kill pid

Basically the kill command is used to kill or end the process or processes by simply giving the process id to the kill command and it will end the process or processes. Just type kill and gave the particular process id or different process ids by putting the space in between all of them. kill 456 567 5673 etc.

killall proc

The "killall proc" is the command used in Linux operating system to kill all the processes named proc in the system. Killall command just require a parameter as name which is common in some of the processes in the system.

bg

The "bg" is the command used in Linux distributions to resume suspended jobs without bringing them to foreground.

fg

The "fg" command is used in Linux operating system to brings the most recent job to foreground. The fg command also requires parameters to do some actions like "fg n" n is as a parameter to fg command that brings job n to the foreground.More info

Thursday 21 May 2020

OWASP May Connector 2019

OWASP
Connector

May 2019

Communications | Projects | Events | Community | Membership

COMMUNICATIONS

Letter from the Vice Chairman:

Dear OWASP Community,

Since last month the foundation has been busy working towards enabling our project leaders and community members to utilize funds to work on nurturing and developing projects. So far there has been huge uptake on this initiative. It's great to see so many people passionate about collaborating at project summits.

Our Global AppSec Tel-Aviv is nearly upon us, for members, there is an extra incentive for attending this conference, in the form of a significant discount. This and the sandy beaches and beautiful scenery, not to mention the great speakers and trainers we have lined up, is a great reason to attend. If you have not done so we would encourage you to attend this great conference - https://telaviv.appsecglobal.org.

One of the key things I've noticed in my Board of Director tenure is the passion our community emits, sometimes this passion aids in growing the foundation, but sometimes it also forces us to take a step back and look at how we do things within the foundation. With Mike, our ED and staff we have seen a lot of good change from an operations perspective, with more in the pipeline. Mike's appointment has allowed the Board of Directors to take a step back from operations and enable us to work on more strategic goals. To this end at a recent Board meeting we discussed each Board member taking up one of the following strategic goals, as set out at the start of the year:

1.Marketing the OWASP brand
2.Membership benefits
3.Developer outreach

Improve benefits
Decrease the possibility of OWASP losing relevance
Reaching out to management and Risk levels
Increase involvement in new tech/ ways of doing things – dev ops

4.Project focus

Get Universities involved
Practicum sponsored ideas
Internships

5.Improve finances
6.Improve OWAP/ Board of Directors Perception
7.Process improvement
8. Get consistent ED
9.Community empowerment

I would encourage the community to come forward if you have any ideas on the above and are happy to work with one of the 7 Board of Directors and community members on one of these initiatives.

Thanks and best wishes,
Owen Pendlebury
Vice Chair

OWASP FOUNDATION UPDATE FROM INTERIM EXECUTIVE DIRECTOR:

OWASP Foundation welcomes aboard Emily Berman as Events Director. Emily was most recently with the Scrum Alliance where she planned high-profile functions for upwards of 2,000 guests. Emily brings a fresh approach to events planning and her 12 years of experience planning and organizing large-scale events worldwide well in advance will greatly benefit our Global AppSecs.

Did you Register yet?

Global AppSec DC September 9-13, 2019
submit to the Call for Papers and Call for Training
Check out Sponsorship Opportunities while they are still available.

Save the Date for Global AppSec Amsterdam Sept 23-27, 2019
Sponsorship Opportunities are available

EVENTS

You may also be interested in one of our other affiliated events:

REGIONAL AND LOCAL EVENTS

Event	Date	Location
Latam Tour 2019	Starting April 4, 2019	Latin America
OWASP Portland Training Day	September 25, 2019	Portland, OR
OWASP Italy Day Udine 2019	September 27,2019	Udine, Italy
OWASP Portland Day	October 16,2019	Wroclaw, Poland
LASCON X	October 24-25,2019	Austin, TX
OWASP AppSec Day 2019	Oct 30 - Nov 1, 2019	Melbourne, Australia

PARTNER AND PROMOTIONAL EVENTS

Event	Date	Location
Open Security Summit	June 3-7,2019	Woburn Forest Center Parcs, Bedfordshire
Hack in Paris 2019	June 16-20, 2019	Paris
Cyber Security and Cloud Expo Europe	June 19-20, 2019	Amsterdam
IoT Tech Expo Europe	June 19-20, 2019	Amsterdam
BlackHat USA 2019	August 3-8,2019	Las Vegas, Nevada
DefCon 27	August 8-11,2019	Las Vegas, Nevada
it-sa-IT Security Expo and Congress	October 8-10, 2019	Germany

PROJECTS

We have had the following projects added to the OWASP inventory. Please congratulate these leaders and check out the work they have done:

Project	Type	Leader(s)
Risk Assessment Framework	Documentation	Ade Yoseman Putra, Rejah Rehim
QRLJacker	Tool	Mohammed Baset
Container Security Verification Standard	Documentation	Sven Vetsch
Find Security Bugs	Code	Philippe Arteau
Vulnerable Web Application	Code	Fatih Çelik
D4N155	Tool	Julio Pedro de Lira Neto
Jupiter	Tool	Matt Stanchek
Top 10 Card Game	Documentation	Dennis Johnson
Samurai WTF	Code	Kevin Johnson
DevSecOps Maturity Model	Documentation	Timo Pagel

Also, we will have the following projects presenting at the Project Showcase Global AppSec Tel Aviv:

Final Schedule
Wednesday, May 29th				Thursday, May 30th
Time	Project	Presenter(s)	Confirmed	Time	Project	Presenter(s)	Confirmed
10:45 a.m.	Glue Tool	Omer Levi Hevroni	Yes	10:30 a.m.	API Security	Erez Yalon, Inon Shkedy	Yes
			7

11:55 a.m.	IoT & Embedded AppSec	Aaron Guzman	Yes	11:50 a.m.	Mod Security Core Rule Set	Tin Zaw	Yes
				12:25 p.m.	Automated Threats	Tin Zaw	Yes
12:30 p.m. Lunch Break				12:55 p.m. Lunch Break
2:35 p.m.	SAMM	John DiLeo	Yes
3:10 p.m.	Application Security Curriculum	John DiLeo	Yes	3:10 p.m.	Damned Vulnerable Serveless Application	Tal Melamed	Yes

Finally, if you are able to help participate in the Project Reviews at the Conference, please send me an email at harold.blankenship@owasp.com. We have a large line-up of projects to review this time around:

Project	To Level	Leader(s)
Snakes and Ladders	Flagship	Katy Anton, Colin Watson
Cheat Sheet Series	Flagship	Dominique Righetto, Jim Manico
Mobile Security Testing Guide	Flagship	Jeroen Willemsen, Sven Schleier
Amass	Lab	Jeff Foley
Attack Surface Detector	Lab	Ken Prole
SecureTea	Lab	Ade Yoseman Putra, Bambang Rahmadi K.P, Rejah Rehim.A.A
Serverless Goat	Lab	Ory Segal

Google Summer of Code Update:
We were allocated 13 students this year! The current timeline is as follows:

Google Season of Docs:
We were accepted into the Google Season of Docs. There will be a single technical writer resource. The current timeline is as follows:

COMMUNITY

New OWASP Chapters
Riyadh, Saudi Arabia
Guayaquil, Equador
Lome, Togo
Natal, Brazil
Nashua, New Hampshire
Gwalior, India
Louisville, Kentucky
Nainital, India
Liverpool, United Kingdom
Syracuse, New York