Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18725

  • Joined

  • Last visited

  • Days Won

    706

 Content Type 

Everything posted by Nytro

  1. Nytro
    Ostinato : Packet/Traffic Generator and Analyzer Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. Windows, Linux, BSD and Mac OS X (Will probably run on other platforms also with little or no modification but this hasn't been tested) Open, edit, replay and save PCAP files Support for the most common standard protocols Ethernet/802.3/LLC SNAP VLAN (with QinQ) ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6, 4over4, 6over6) TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD Any text based protocol (HTTP, SIP, RTSP, NNTP etc.) More protocols in the works ... Modify any field of any protocol (some protocols allow changing packet fields with every packet at run time e.g. changing IP/MAC addresses) User provided Hex Dump - specify some or all bytes in a packet User defined script to substitute for an unimplemented protocol (EXPERIMENTAL) Stack protocols in any arbitrary order Create and configure multiple streams Configure stream rates, bursts, no. of packets Single client can control and configure multiple ports on multiple computers generating traffic Exclusive control of a port to prevent the OS from sending stray packets provides a controlled testing environment Statistics Window shows realtime port receive/transmit statistics and rates Capture packets and view them (needs Wireshark to view the captured packets) Framework to add new protocol builders easily Demo Download Ostinato Sursa: Ostinato : Packet/Traffic Generator and Analyzer | Tools Yard - The Hacker News
  2. Nytro
    The Network Diagnostic Tool (NDT) v 3.6.5 released The Network Diagnostic Tool (NDT) is a client/server program that provides network configuration and performance testing to a users desktop or laptop computer. The system is composed of a client program (command line or java applet) and a pair of server programs (a webserver and a testing/analysis engine). Both command line and web-based clients communicate with a Web100-enhanced server to perform these diagnostic functions. Multi-level results allow novice and expert users to view and understand the test results. How-To Setup your Own NDT Server Download The Network Diagnostic Tool (NDT) v 3.6.5 Sursa: The Network Diagnostic Tool (NDT) v 3.6.5 released | Tools Yard - The Hacker News
  3. Nytro
    Bypassing SEHOP Stéfan Le Berre s.leberre a sysdream.com Damien Cauquil d.cauquil a sysdream.com Table of contents 0. Introduction...............................................................................................................3 1. SEHOP specifications (short version).......................................................................3 2. Dealing with SEHOP when exploiting a stack overflow...........................................6 2.1. Breaking out the classical exploitation scheme........................................................................6 2.2. The tricky part...........................................................................................................................7 3. Proof Of Concept.......................................................................................................7 3.1. Target program & constraints...................................................................................................7 3.2. crash and exploitation...............................................................................................................8 4. Conclusion.................................................................................................................9 5. Credits......................................................................................................................10 6. Bibliography............................................................................................................10 Download: http://shell-storm.org/papers/files/760.pdf
  4. Nytro
    Anti-Debugging – A Developers View Tyler Shields tshields a veracode.com Veracode Inc., USA 4 Van de Graaff Drive, Burlington, MA 01803 Abstract— Anti-debugging is the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target binary. Within this paper we will present a number of the known methods of antidebugging in a fashion that is easy to implement for a developer of moderate expertise. We will include source code, whenever possible, with a line by line explanation of how the antidebugging technique operates. The goal of the paper is to educate development teams on anti-debugging methods and to ease the burden of implementation. Keywords— anti-debugging, security, debugging, copy protection, anti-piracy, reverse engineering I. INTRODUCTION Anti-debugging, when implemented properly, can be a significant deterrence to would be reverse engineers and software pirates. There is no foolproof solution to thwart the dedicated reverse engineer; however, making the task as arduous and difficult as possible increases the time and expertise required for full analysis of the binary application. Application developers should not be required to spend significant amounts of time understanding and examining the specifics of a software protection scheme. Straight forward implementation of a best of breed solution helps to achieve the aforementioned goals while leaving the developer additional time to implement features and other necessary application components. The majority of data on the topic of anti-debugging has been presented from the vantage point of a reverse engineer. Anti-debugging methods typically have been presented in assembly language dumps with minimal explanation as to the high level code constructs involved in the technique. Unless the developer is adept at reading and comprehending assembly language code, the anti-debugging method is incomprehensible and thus will not be implemented. Download: http://shell-storm.org/papers/files/764.pdf
  5. Nytro
    Writing shellcode for Linux and *BSD Author: Daniele Mazzocchio Last update: Apr 26, 2005 Latest version: Writing shellcode for Linux and *BSD - Table of contents Table of Contents 1. Introduction...................................................................................................................................... 2 2. Linux system calls............................................................................................................................ 3 2.1 int 0x80...................................................................................................................................... 3 2.2 libc............................................................................................................................................. 4 3. *BSD system calls............................................................................................................................6 4. Writing the shellcode........................................................................................................................7 4.1 In assembler............................................................................................................................... 7 4.2 In C............................................................................................................................................ 9 5. Spawning a shell.............................................................................................................................11 6. Shellcode analysis.......................................................................................................................... 15 6.1 Trust is good............................................................................................................................ 15 6.2 ...but control is better............................................................................................................... 15 7. Appendix........................................................................................................................................ 19 7.1 References................................................................................................................................19 7.2 Bibliography............................................................................................................................ 19 Download: http://www.shell-storm.org/papers/files/442.pdf
  6. Nytro
    Understanding Windows Shellcode skape mmiller a hick.org Last modified: 12/06/2003 Contents 1 Foreword 3 2 Introduction 4 3 Shellcode Basics 5 3.1 System Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2 Finding kernel32.dll . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2.1 PEB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.2.2 SEH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2.3 TOPSTACK . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.3 Resolving Symbol Addresses . . . . . . . . . . . . . . . . . . . . . 11 3.3.1 Export Directory Table . . . . . . . . . . . . . . . . . . . 11 3.3.2 Import Address Table (IAT) . . . . . . . . . . . . . . . . 13 4 Common Shellcode 15 4.1 Connectback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.2 Portbind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5 Advanced Shellcode 29 5.1 Download/Execute . . . . . . . . . . . . . . . . . . . . . . . . . . 29 6 Staged Loading Shellcode 39 6.1 Dynamic File Descriptor Re-use . . . . . . . . . . . . . . . . . . . 39 6.2 Static File Descriptor Re-use . . . . . . . . . . . . . . . . . . . . 42 6.3 Egghunt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 6.4 Egghunt (syscall) . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 6.5 Connectback IAT . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 7 Conclusion 49 8 Detailed Shellcode Analysis 50 8.1 Finding kernel32.dll . . . . . . . . . . . . . . . . . . . . . . . . . 50 8.1.1 PEB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 8.1.2 SEH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 8.1.3 TOPSTACK . . . . . . . . . . . . . . . . . . . . . . . . . 53 1 8.2 Resolving Symbol Addresses . . . . . . . . . . . . . . . . . . . . . 54 8.2.1 Export Table Enumeration . . . . . . . . . . . . . . . . . 54 8.3 Common Shellcode . . . . . . . . . . . . . . . . . . . . . . . . . . 56 8.3.1 Connectback . . . . . . . . . . . . . . . . . . . . . . . . . 56 8.3.2 Portbind . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 8.4 Advanced Shellcode . . . . . . . . . . . . . . . . . . . . . . . . . 71 8.4.1 Download/Execute . . . . . . . . . . . . . . . . . . . . . . 71 8.5 Staged Loading Shellcode . . . . . . . . . . . . . . . . . . . . . . 81 8.5.1 Dynamic File Descriptor Re-use . . . . . . . . . . . . . . 81 8.5.2 Egghunt . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 8.5.3 Egghunt (syscall) . . . . . . . . . . . . . . . . . . . . . . . 88 Download: http://www.hick.org/code/skape/papers/win32-shellcode.pdf http://projectshellcode.com/downloads/http___www.hick.org_code_skape_papers_win32-shellcode.pdf
  7. Nytro
    Return Oriented Programming CSCI 6621: Network Security Week 11, Lecture 21: Tuesday, 04/04/2011 Daniel Bilar University of New Orleans Department of Computer Science Spring 2011 Goals today • Review: Buffer overflow, format string • Return Oriented Programming – Chain together sequences (‘gadgets’) ending in RET – Can use good code chunks as ‘alphabet’, string together to get for bad code • Some similarities to an antigram (form of anagram) Within earshot ‡ I won't hear this – Build “gadgets” for load?store, arithmetic, logic, control flow, system calls – Attack can perform arbitrary computation using no injected code at all Some slides gratefully adapted from Shacham BH 08 presentation (UCSD) Download: http://shell-storm.org/papers/files/779.pdf
  8. Nytro
    X86/WIN32 REVERSE ENGINEERING CHEATSHEET Instructions GENERAL PURPOSE 32BIT REGISTERS ADD <dest>, <source> Adds <source> to <dest>. <dest> may be a register or memory. <source> may EAX Contains the return value of a function call. Be a register, memory or immediate value. ECX Used as a loop counter. "this" pointer in C++. CALL <loc> Call a function and return to the next instruction when finished. <proc> EBX General Purpose may be a relative offset from the current location, a register or memory addr. EDX General Purpose CMP <dest>, <source> Compare <source> with <dest>. Similar to SUB instruction but does not ESI Source index pointer Modify the <dest> operand with the result of the subtraction. EDI Destination index pointer DEC <dest> Subtract 1 from <dest>. <dest> may be a register or memory. ESP Stack pointer DIV <divisor> Divide the EDX:EAX registers (64?bit combo) by <divisor>. <divisor> may be EBP Stack base pointer a register or memory. Download: http://shell-storm.org/papers/files/797.pdf
  9. Nytro
    Defeating DEP through a mapped file by Homeostasie (Nicolas.D) Contents 1. Introduction............................................................................................................3 2. Description of the attack scenario..........................................................................4 3. Building a ROP exploit..........................................................................................7 3.1. Step 1 - Open a file containing our shellcode ......................................................................7 3.2. Step 2 - Craft mmap() parameters into the stack..................................................................9 3.2.1. ROP chaining for crafting the first argument to 0......................................................10 3.2.2. ROP chaining for crafting the second and the fourth argument to 1..........................12 3.2.3. ROP chaining for crafting the third argument to 4.....................................................13 3.2.4. ROP chaining for crafting the fifth argument to “fd” value (file descriptor).............14 3.2.5. ROP chaining for crafting the sixth argument to 0.....................................................14 3.3. Step 3 – Call mmap() and jump on the mapped area..........................................................15 4. Conclusion...........................................................................................................18 Download: http://shell-storm.org/papers/files/800.pdf
  10. Nytro
    Autor: Nytro Data: 03.12.2011 Ultimele zile pe Yahoo! Messenger au fost foarte "interesante". Vreau sa lamuresc oarecum lumea, sa explic atat "povestea" cat si cateva detalii tehnice pe intelesul tuturor. Povestea: Pe scurt, de ceva timp exista o problema de securitate in Yahoo! Messenger, o problema care se stia de ceva timp de anumite persoane si care nu a fost facuta publica un timp, problema care, pe langa alte "facilitati", oferea atacatorului posibilitatea de a schimba statusul oricarui utilizator de Yahoo! Messenger (versiunea 11-11.5). Chiar daca problemele au aparut acum in jur de 2 zile pentru utilizaotrii de rand, soft pentru a schimba statusul exista de mai mult timp, insa nu aflasera de el "prietenii" nostri dragi. Mai intai a aparut un soft, destul de bine facut, numit "Y! Disruption". Programul e acesta: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Acest program a fost facut public pe un forum cu multi membri, cea mai mare dintre ei niste script-kiddies, adica persoane extrem de interesate de astfel de lucruri penibile, ce in ochii lor sunt numite "hacking". Astfel de persoane folosesc tot felul de programe in special pentru a fura parole sau alte informatii si aceste persoane sunt de vina pentru faptul ca acest program a devenit atat de "popular". Partea oarecum placuta e ca nu au ajuns extrem de multi romani in posesia sa, insa sunt o gramada de persoane care il au. Ideea e simpla: cu doua clickuri poti schimba statusul cuiva, deci nu trebuie sa fii tocmai un inginer pentru a face acest lucru. De aceea si aceasta popularitate a programului. Apoi a aparut problema: niste persoane pasionate de lucruri ca "yahoo invisible detector", pasionate de Yahoo!, au creat o versiune online a acestui program - Ymland. Chiar mai mult, au creat ei ID-urile de pe care se trimit datele (o sa revin cu detalii mai jos), iar copiii enervanti trebuie doar sa specifice un ID si un status, apoi sa apese un buton si gata, se schimba statusul. Moral vorbind, ar fi cateva concluzii de tras de catre cei care au avut statusul schimbat, principala fiind ca aveti persoane in lista de messenger, cunoasteti persoane care nu sunt tocmai genul de prieteni pe care si i-ar dori oricine. Apoi e ideea schimbatului statusului, lucru extrem de usor de realizat si cu rezultate extrem de "marete". Practic e ceva ce "se vede", si din acest motiv stupid au aparut multi ratati care au inceput sa schimbe statusuri. Ai facut si tu asta? Imi pare rau pentru tine daca ai mai mult de 15 ani, nu e tocmai un motiv de mandrie si tot un ratat ramai. Modul de functionare nu e deloc complicat, insa implementarea sa necesita destule cunostinte. Pe scurt, pasii care se executa pentru a se schimba statusul: 1. Se foloseste un ID de messenger de pe care se vor trimite datele, e nevoie de un ID si de o parola (orice cont de Yahoo!) 2. Se logheaza acel ID (numit bot) - cei de la Ymland au creat ei astfel de boti si ii folosesc 3. Acel bot incearca sa trimita un fisier, iar datele pe care le trimite sunt modificate 4. "Victimei" i se deschide o casuta noua de messenger in care botul respectiv incearca sa trimita fisierul 5. Datele modificate, contin un cod simplu HTML care se executa deoarece conversatiile de messenger apar intr-o "pagina" (sa zicem), aceeasi folosita de Internet Explorer 6. codul HTML apeleaza o functie folosita de Yahoo! Messenger, numita "SetCustonStatus" care schimba practic statusul Pentru a nu fi o astfel de "victima", poti face in principal doua lucruri: 1. Din messenger, din bara de meniu, click pe Messenger, apoi Preferences, mergeti la Ignore list, bifati "Ignore anyone who is not in my Yahoo! Contacts", click pe Apply apoi Ok. De ce va ajuta asta? Dupa cum spuneam mai sus, exista un bot care trimite acele date. Acel bot, desigur, poate sa fie un ID din lista voastra, dar astfel veti sti cine "va vrea raul", dar de cele mai multe ori sunt ID-uri aleatoare, create special pentru asa ceva. Practic, nu aveti acel ID in lista, deci daca bifati acea casuta, acel ID nu va putea sa va trimita acele date. Probleme pot sa apara daca doriti sa discutati cu persoane pe care nu le aveti in lista, pentru ca ele nu va vor putea contacta. 2. Folositi un alt client pentru Yahoo! Messenger. Eu va recomand sa folositi Pidgin, il puteti descarca de aici: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] , mie imi place foarte mult si are niste facilitati extraordinare. Exista si alternative: Trilian - Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] , Digsby - Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] si probabil altele. Problema nu mai apare deoarece acele programe nu folosesc acea "pagina" - frame - folosita de Yahoo! messenger, deci codul nu se poate executa. Partea tehnica: Nu e ceva complicat si oricine poate intelege ce se intampla practic, cum functioneaza aceste programe. Pentru inceput trebuie sa vorbim despre YMSG. Yahoo! Messenger, foloseste TCP (Transfer Control Protocol) ca protocol de comunicatie pe portul 5050, insa la nivel de aplicatie Yahoo! a definit un protocol special numit YMSG (va las sa ghiciti de la ce vine). Pe scurt, protocolul reprezinta regulile dupa care sunt trimise datele de Yahoo! Messenger astfel incat sa fie interpretate corect de destinatar. Partea oarecum buna, este ca acest protocol nu este public, dar e cunoscut in detalii oameni interesati. Ca idee, voi descrie procesul de logare in 3 pasi folosit de messenger: 1. Yahoo! Messenger se conecteaza la un server Yahoo! ca 67.195.187.213 - cs214.msg.ac4.yahoo.com si trimite un pachet YMSG (un pachet cu o strcutura bine stabilita, pachet ce contine de exemplu versiunea protocolului, dimensiunea pachetului si alte lucruri) care pe langa headerul YMSG contine doar ID-ul (doar ID-ul, fara parola sau altceva) pe care se doreste logarea. 2. Serverul trimite ca raspuns pe langa ID, o valoare calculata dupa un anumit algoritm specific Yahoo! 3. Yahoo! Messenger pe baza acelei valori, calculeaza folosind parola, dupa un anumit algormitm, doua valori pe care le trimite serverului, iar daca aceste valori sunt in regula, ID-ul e logat Screenshot-uri pentru fiecare pas: 1. Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] 2. Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] 3. Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Complet: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Pe acelasi principiu functioneaza si acest principiu functioneaza atat programul respectiv, cat si implementarea online a acestui "truc". Programul si scriptul folosit de ymland, logheaza un bot astfel, iar cu acel bot incearca sa trimita un fisier. Ce incearca sa trimita programul: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Deci codul e simplu: Code: <form><iframe onload="SetCustonStatus('Status nou');"></iframe></form> Problema este la ce face Yahoo! Messenger cu acest cod. Cum spuneam mai sus, foloseste frame-ul de la Internet Explorer pentru a reda conversatiile. Adica genereaza un HTML in functie de datele trimise/primite si se foloseste de ieframe.dll - pagina de continut din Internet Explorer (e un ActiveX Control, usor de folosit) si afiseaza acel HTML. In screenshot-ul de mai jos nu am facut decat sa modific cateva proproetati ale ferestrei respective pentru a se vedea mai clar acest lucru: Fereastra conversatii: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Am reusit dupa ceva chin sa obtin codul HTML al unei ferestre de messenger. Arata cam asa: Code: <BODY style="BACKGROUND: #fff" class=" IM" bottomMargin=0 background="" leftMargin=0 rightMargin=0 scroll=no topMargin=0 bgColor=white><BR style="DISPLAY: none"> <DIV id=ConversationBody class=" "> <DIV style="DISPLAY: none" id=RecentHistory></DIV> ................................................. Ceea ce ne intereseaza pe noi, este modul in care genereaza el codul HTML cand se trimite un fisier. Arata cam asa: ================================================== ================================================== ======= Code: <TABLE id=FT_YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA= class=prompt border=0 cellSpacing=0 cellPadding=0> <TBODY> <TR> <TD vAlign=top width="1%"><IMG class=icon src="file:///C:/Program%20Files/Yahoo!/Messenger/TEMPFTICON_YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=.JPG"></TD> <TD> <DIV id=FT_description_YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=> <H3>poyo_vl is sending you 1 photo:</H3></DIV> <DIV id=FT_list_or_progress_YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=>22222.JPG (189 KB) <BR></DIV> <DIV id=FT_action_YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=><A onclick='$InlineAction("ft_action,YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=,1");return false' href="file:///c://#"><B>Save As...</B></A> (Alt+Shift+A) <A onclick='$InlineAction("ft_action,YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=,2");return false' href="file:///c://#"><B>Decline</B></A> (Alt+Shift+D)</DIV></TD></TR></TBODY></TABLE> ================================================== ================================================== ======= Exemplul e pentru o imagine, dar nu e dificil de inteles. Pentru imaginea care se primeste, se salveaza un thumbnail temporar: Code: <TD vAlign=top width="1%"><IMG class=icon src="file:///C:/Program%20Files/Yahoo!/Messenger/TEMPFTICON_YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=.JPG"></TD> Mesajul care se afiseza (ce_requ_wa este un ID pentru teste), si dimensiunea fisierului: Code: <H3>ce_requ_wa is sending you 1 photo:</H3></DIV> <DIV id=FT_list_or_progress_YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=>22222.JPG (189 KB) <BR></DIV> Insa ceea ce ne intereseaza pe noi este: Code: <A onclick='$InlineAction("ft_action,YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=,1");return false' href="file:///c://#"><B>Save As...</B></A> Un screenshot explicativ: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Dupa cum puteti vedea in screenshot, "YzBjNThiMmVlZmY1ODVhZWJmNzQ0ZTRlNzIyNjQ0NTA=" este valoarea cheii 265 din pachetul de transfer al fisierului. Ei bine, acel program si implementarea sa in PHP (cel mai probabil), modifica acea valoare la valoarea: Code: <form><iframe onload="SetCustonStatus('Status nou');"></iframe></form> Si practic acest cod apeleaza functia SetCustonStatus() folosita de Yahoo! Messenger pentru a schimba statusul. Functia respectiva e definita astfel: Code: function SetCustomStatus(a){$Invoke(22,a)} Iar functia $Invoke este definita astfel: Code: function $Invoke(b,a){YAHOO.Msgr.Host.invokeCommand(b,a)} Si tot asa, poveseta cu JavaScriptul se complica, e 05:17 AM si imi e lene sa intru in detalii, oricum nu e nimic interesant. Tot ce trebuie sa stim e ca la apelul acestei functii se schimba statusul. Aveti aici un screenshot cu o parte din cod: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Am vazut ca si echipele de antivirusi s-au sesizat in aceasta privinta si mi-a placut de baietii de la BitDefender care au facut o prezentare tehnica a problemei, insa eu am vrut sa explic mai pe larg si pe intelesul tuturor. Aveti aici articolul lor: Doar utilizatorii inregistrati pot vedea linkurile. [ Click aici pentru a te inregistra ] Ei bine, cred ca este de ajuns. Sper ca v-a fost util. // Nyto @ Romanian Security Team
  11. Nytro
    Update zilnic: https://www.facebook.com/rstforum
  12. Nytro
    Hak5 WiFi Hacking Workshop Part 1.1 This time on the show, part 1 of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out Revision3 > HakTip Whether you're a beginner or a pro, Revision3 > HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more. And let's not forget to mention that you can follow us on Hak5 (Hak5) on Twitter and Hak5 | Facebook, http://revision3.com/hak5/follow to the show and get all your Hak5 goodies, including the infamous wifi-pineapple over at HakShop — Welcome . If you have any questions or suggestions please feel free to contact us at feedback@hak5.org. Hak5 WiFi Hacking Workshop Part 1.2 Published on Jul 19, 2012 by Hak5Darren This time on the show, part 1 of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out Revision3 > HakTip Whether you're a beginner or a pro, Revision3 > HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more. And let's not forget to mention that you can follow us on Hak5 (Hak5) on Twitter and Hak5 | Facebook, http://revision3.com/hak5/follow to the show and get all your Hak5 goodies, including the infamous wifi-pineapple over at HakShop — Welcome . If you have any questions or suggestions please feel free to contact us at feedback@hak5.org. Hak5 WiFi Hacking Workshop Part 1.3 Published on Jul 19, 2012 by Hak5Darren This time on the show, part 1 of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out Revision3 > HakTip Whether you're a beginner or a pro, Revision3 > HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more. And let's not forget to mention that you can follow us on Hak5 (Hak5) on Twitter and Hak5 | Facebook, http://revision3.com/hak5/follow to the show and get all your Hak5 goodies, including the infamous wifi-pineapple over at HakShop — Welcome . If you have any questions or suggestions please feel free to contact us at feedback@hak5.org. Hak5 WiFi Hacking Workshop Part 2.1 Published on Jul 25, 2012 by Hak5Darren This time on the show, part 2 of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. Hak5 WiFi Hacking Workshop Part 2.2 Published on Jul 25, 2012 by Hak5Darren This time on the show, part 2 of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. Hak5 WiFi Hacking Workshop Part 2.3 Hak5 WiFi Hacking Workshop Part 2.3 Published on Jul 25, 2012 by Hak5Darren This time on the show, part 2 of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. Hak5 WiFi Hacking Workshop Part 3.1 Published on Jul 31, 2012 by Hak5Darren This time on the show, the conclusion of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. Hak5 WiFi Hacking Workshop Part 3.2 Published on Jul 31, 2012 by Hak5Darren This time on the show, the conclusion of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco. Hak5 WiFi Hacking Workshop Part 3.3 Published on Jul 31, 2012 by Hak5Darren This time on the show, the conclusion of our WiFi from-the-ground-up series. Darren presents a wireless workshop at the Noisebridge hackerspace in San Francisco.
  13. Nytro
    [h=1]DeepSec 2010: LTE Radio Interface and its Security Mechanism by Herbert Koblmiller[/h] Published on Jul 30, 2012 by Sicherheitsforschung LTE Radio Interface structure and its security mechanism Herbert Koblmiller, T.B.A. LTE is using complete different Radio Architecture than GSM and UMTS and tries to simplify its Procedure- and Layer structure in order to improve data throughput and latency. Getting rid of the signalling overhead of UMTS but being comparable robust to GSM will possibly the path for LTE to become the successor for the next centuries. This could mean that security mechanism in the radio interface have to be flexible to future developments like LTE advanced.
  14. Nytro
    [h=1]nullcon Goa 2012: Application security cost management - By Ketan Vyas[/h] Published on Aug 1, 2012 by nullOxOO Increasing awareness about cost of data breach, regulatory compliance requirements and operational risk have increased spending for application security however economic downturn brought back the buzz word "do more with less". Security in development lifecycle hits budgetary constraints. This session will cover alternatives for business leader to achieve desired level of application security at rationalized cost.
  15. Nytro
    [h=1]DEFCON 15: LAN Protocol Attacks Part 1 - Arp Reloaded[/h] Uploaded by ChRiStIaAn008 on Jan 29, 2011 Speaker: Jesse "x30n" D'Aguanno Praetorian Global & Digital Revelation Ever wanted to hijack a connection between machines on a LAN, deny service between a host you're attacking and a log server or intrusion detection system, or maybe wanted to sniff traffic on a switched network? Now you can! Er, wait... You already could with the ARP attacks we all know and love. While these network attacks are quite effective, they do have their weaknesses, as well as security controls to help prevent them. In this talk I will build on the previous research in this field and introduce new, more reliable attacks against the ARP protocol which are much less identifiable and able to protect against. For more information visit: http://bit.ly/defcon15_information To download the video visit: Index of defcon-15-video - Good.net
  16. Nytro
    [h=1]25c3: OnionCat -- A Tor-based Anonymous VPN[/h] Uploaded by ChRiStIaAn008 on Dec 10, 2010 Speakers: Daniel Haslinger, Bernhard Fischer Building an anonymous Internet within the Internet OnionCat manages to build a complete IP transparent VPN based on Tor's hidden services, provides a simple well-known interface and has the potential to create an anonymous global network which could evolve to a feature- and information-rich network like we know the plain Internet today. Tor provides so-called "Hidden Services". These are services which are location hidden within the Tor network. This means that not only users are hidden but also services (destination). Tor manages this by assigning virtual addresses to them, so-called .onion-URLs. Tor builds all connections based on them. Unfortunately, access to hidden services is currently not very user-friendly which makes them unattractive although they could provide high privacy in today's world. OnionCat provides an IP-transparent service which does on-demand connections to designated hidden services. This is a Tor-specific virtual private network (VPN). Because of its IP-transparency any client program can use hidden services without further workarounds. This talk is about OnionCat in general, gives a brief introduction into its internals and application examples. More information about the 25th Chaos Communication Congress can be found via the Chaos Communication Congress website: 25C3: 25th Chaos Communication Congress Source: Conference Recordings - 25C3 Public Wiki
  17. Nytro

    Wpa2-psk

    Nytro replied to nslrocket's topic in Cosul de gunoi

    Postasei la Tutoriale Video, nu vad tutorialul video.
  18. Nytro
    [h=3]CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed[/h]Posted On 7/25/2012 12:19:00 PM By THN Security Analyst Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug. Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim's cookies of a domain of the attacker's choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains. Upon success, a sub-domain points to the attacker's IP, which enables the latter to steal wild card cookies of the attacked domain, and even set cookies. In addition, a malicious app instantiate the Browser app on the attacker's malicious web-page. If the attacker knows the PID (for example, a malicious app can access that information), the attack expected time can be reduced furthermore. Vulnerability dubbed as "CVE-2012-2808" Android 4.1.1 has been released, and patches are available on AOSP. The random sample is now pulled from /dev/urandom, which should have adequate entropy by the time network activity occurs. Sursa: CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed | The Hacker News
  19. Nytro
    [h=1]Introduction to Parallel Computing[/h] [TABLE=width: 100%] [TR] [TD]Author: Blaise Barney, Lawrence Liver[/TD] [TD=align: right][/TD] [/TR] [/TABLE] [h=2]Table of Contents[/h] [LIST=1] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Abstract"]Abstract[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Overview"]Overview[/URL] [LIST=1] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Whatis"]What is Parallel Computing?[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#WhyUse"]Why Use Parallel Computing?[/URL] [/LIST] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Concepts"]Concepts and Terminology[/URL] [LIST=1] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Neumann"]von Neumann Computer Architecture[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Flynn"]Flynn's Classical Taxonomy[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Terminology"]Some General Parallel Terminology[/URL] [/LIST] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#MemoryArch"]Parallel Computer Memory Architectures[/URL] [LIST=1] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#SharedMemory"]Shared Memory[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DistributedMemory"]Distributed Memory[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#HybridMemory"]Hybrid Distributed-Shared Memory[/URL] [/LIST] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Models"]Parallel Programming Models[/URL] [LIST=1] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ModelsOverview"]Overview[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ModelsShared"]Shared Memory Model[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ModelsThreads"]Threads Model[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ModelsMessage"]Distributed Memory / Message Passing Model[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ModelsData"]Data Parallel Model[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Hybrid"]Hybrid Model[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#SPMD-MPMD"]SPMD and MPMP[/URL] [/LIST] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Designing"]Designing Parallel Programs[/URL] [LIST=1] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignAutomatic"]Automatic vs. Manual Parallelization[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignUnderstand"]Understand the Problem and the Program[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignPartitioning"]Partitioning[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignCommunications"]Communications[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignSynchronization"]Synchronization[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignDependencies"]Data Dependencies[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignLoadBalance"]Load Balancing[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignGranularity"]Granularity[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignIO"]I/O[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignCosts"]Limits and Costs of Parallel Programming[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#DesignPerformance"]Performance Analysis and Tuning[/URL] [/LIST] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#Examples"]Parallel Examples[/URL] [LIST=1] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ExamplesArray"]Array Processing[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ExamplesPI"]PI Calculation[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ExamplesHeat"]Simple Heat Equation[/URL] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#ExamplesWave"]1-D Wave Equation[/URL] [/LIST] [*][URL="https://computing.llnl.gov/tutorials/parallel_comp/#References"]References and More Information[/URL] [/LIST] [TABLE=width: 100%] [TR] [TD=bgcolor: #98ABCE] Abstract [/TD] [/TR] [/TABLE] This tutorial is the first of eight tutorials in the 4+ day "Using LLNL's Supercomputers" workshop. It is intended to provide only a very quick overview of the extensive and broad topic of Parallel Computing, as a lead-in for the tutorials that follow it. As such, it covers just the very basics of parallel computing, and is intended for someone who is just becoming acquainted with the subject and who is planning to attend one or more of the other tutorials in this workshop. It is not intended to cover Parallel Programming in depth, as this would require significantly more time. The tutorial begins with a discussion on parallel computing - what it is and how it's used, followed by a discussion on concepts and terminology associated with parallel computing. The topics of parallel memory architectures and programming models are then explored. These topics are followed by a series of practical discussions on a number of the complex issues related to designing and running parallel programs. The tutorial concludes with several examples of how to parallelize simple serial programs. Tutorial: https://computing.llnl.gov/tutorials/parallel_comp/
  20. Nytro
    [h=1]Joe Stewart on APTs and Cyber Espionage[/h]August 1, 2012, 3:17PM by Dennis Fisher Podcast and Downloads digital_underground_101.mp3 Dennis Fisher speaks with Joe Stewart of the Dell SecureWorks Counter Threat Unit about his team’s new research on the landscape of APT malware families, who is behind the use of these tools and how poorly prepared most organizations are for attacks by these crews. *Podcast audio courtesy of sykboy65 Sursa: Joe Stewart on APTs and Cyber Espionage | threatpost
  21. Nytro
    [h=1]Seeing Through Walls With a Wireless Router[/h] Wi-Spy Click here to see this amazing image even larger. Kevin Hand In the 1930s, U.S. Navy researchers stumbled upon the concept of radar when they noticed that a plane flying past a radio tower reflected radio waves. Scientists have now applied that same principle to make the first device that tracks existing Wi-Fi signals to spy on people through walls. Wi-Fi radio signals are found in 61 percent of homes in the U.S. and 25 percent worldwide, so Karl Woodbridge and Kevin Chetty, researchers at University College London, designed their detector to use these ubiquitous signals. When a radio wave reflects off a moving object, its frequency changes—a phenomenon called the Doppler effect. Their radar prototype identifies frequency changes to detect moving objects. It’s about the size of a suitcase and contains a radio receiver composed of two antennas *and a signal-processing unit. In tests, they have used it to determine a person’s location, speed and direction—even through a one-foot-thick brick wall. Because the device itself doesn’t emit any radio waves, it can’t be detected. Wi-Fi radar could have domestic applications ranging from spotting intruders to unobtrusively monitoring children or the elderly. It could also have military uses: The U.K. Ministry of Defence has funded a study to determine whether it could be used to scan buildings during urban warfare. With improvements, Woodbridge says, the device could become sensitive enough to pick up on subtle motions the ribcage makes during breathing, which would allow the radar to detect people who are standing or sitting still. See image above for how it'll work. 1. MOVING SUBJECT When Wi-Fi radio waves bounce off a moving object, their frequency changes. If, for example, a person is moving toward the Wi-Fi source, the reflected waves’ frequency increases. If a person is moving away from the source, the frequency decreases. 2. REGULAR OL' ROUTER A Wi-Fi Internet router already in the room fills the area with radio waves of a specific frequency, usually 2.4 or 5 gigahertz. 3. BASELINE SIGNAL One antenna of the radar system tracks the baseline radio signal in the room. 4. SHIFTED SIGNAL A second antenna detects radio waves that have reflected off of moving objects, which changes their frequency. 5. PERP, SPOTTED By comparing the two antennas’ signals, the computer calculates the object’s location to within a few feet as well as its speed and direction. [h=2]BREATHE EASY[/h] Breathe Easy: It’s possible to detect a person’s breathing rate by surrounding him with radio waves. Neal Patwari’s wireless engineering group at the University of Utah designed a network of 20 inexpensive radio transmitters that are placed around a patient’s bed. Then they created an algorithm that detects a stationary person’s breaths better than current detectors do. Patwari plans to upgrade the algorithm by the end of the year to filter out body movements too. The system could someday be used in hospitals in place of tubes and masks. —Elbert Chu Sursa: Seeing Through Walls With a Wireless Router | Popular Science
  22. Nytro
    New Trojan “Aida1” has been Identified 2012-07-28 Hi After we ran our new Security Tool “Venak Could Technology” ( it’s not on public now, it’s on Maintenance ) we identified new Trojan called “Aida1” This Trojan used new Social engineering techniques to force computer users to execute the Trojan by user’s Rights click; also the Trojan has been spread By local Iranian Video Services ( “Aka Iranian YouTube” ) www.aparat.com As you can see the Trojan used lots of Enumeration Functions like Files and process and Etc. The attacker or attackers upload some free videos there and then attached this Trojan into comments part. MD5: 9c7002442ee10ee02d338e96708fb619 SHA1: dfdd88fc876d43a612d152e8c866619289255ff8 SHA256: a163d452b3d91e195ed9ece81ad5df331ca56a93baf488750079dd9776bf3913 Also Aida1’s Trojan used Internet Explorer Rights to bypass user’s Firewalls or Internet Security tools. Attackers sent a Message for someone – Aida is name of a Female Girl in Persian language We identified the other version of same Style worm which is used same trick to bypass most Anti Viruses and Internet Security solutions. As you well know most of Anti Viruses will be monitor the .exe files for hunting worms, but this worm will be Ran on “.Tso” file extension not “.exe” The system administrators or power user could not capable to detect the worm via Security tools like Task manager or Process explorer or anti Rootkits. PID 3748 is the Target Worm ( Process Explorer Can’t Verify that because it used the unusual Character ) But it is very similar to the original windows Service. The Worm’s file extension is “.Tso” not “.exe” – Venak and Avenak MPS Edition result If you had any comments and Questions you can ask it Via our Support Team at idea@u0vd.org or Support@u0vd.org Past week “Mehdi” or “Madi” worm was detected worldwide, this week “Aida1” ,we remembered the Alice and Bob ! , what the Nice Couples in Virus World ! Thanks, Support Team. Sursa: http://u0vd.org/index3.htm
  23. Nytro
    Cineva capabil sa faca acele tool-uri.
  24. Nytro
    Ba, Alina Dumitru a reprezentat cu SUCCES Romania la Jocurile Olimpice, si FIIND ACCIDENTATA a reusit sa castige medalia de ARGINT. Pula bleaga, Badea asta, pe langa faptul ca vorbeste mult si prost, ce pula mea a facut?
  25. Nytro
    [h=1]NIST Draft Guide to Malware Incident Prevention and Handling[/h]Tuesday, July 31, 2012 NIST announces the public comment release of Draft Special Publication 800-83 (SP) Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops. Malware is the most common external threat to most hosts, causing widespread damage and disruption and necessitating extensive recovery efforts within most organizations. This publication provides recommendations for improving an organization’s malware incident prevention measures. It also gives extensive recommendations for enhancing an organization’s existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones. Draft SP 800-83 Revision 1 updates the original SP 800-83, which was released in 2005. NIST request comments on draft SP 800-83 Revision 1 by Friday, August 31, 2012. Please send comments to 800-83comments@nist.gov, with the subject "SP 800-83 Comments" Downloiad the NIST Draft Guide to Malware Incident Prevention and Handling here: Guide to Malware Incident Prevention.pdf Sursa: NIST Draft Guide to Malware Incident Prevention and Handling
×
×
  • Create New...