Jump to content

Versus71

Active Members
  • Posts

    110
  • Joined

  • Last visited

  • Days Won

    5

Posts posted by Versus71

  1. Anti-exploit tool

    What is Sentinel?

    Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses. It can protect your programs against 0-day attacks or publicly known bugs.

    Why Sentinel?

    When a 0-day attack is used in the wild, nobody knows about the existence of this bug except the attacker himself. Some antiviruses implement heuristics to detect new attacks but usually they are unreliable. Sometimes, your computer is not up to date, in this case you are vulnerable to attacks against public bugs.

    In both cases, one way to protect your "vulnerable programs" against old or new attacks is adding extra protections (usually, exploit mitigations).

    What kind of programs can Sentinel protect?

    Any 32 bit program can be protected by Sentinel. E.g: "Internet Explorer", "Acrobat Reader", "Word", "Excel", your applications, etc ..

    What kind of exploit attacks can Sentinel stop?

    Sentinel is able to detect attacks against user mode binary bugs. Binary bugs can be understood as bugs where the instruction pointer (EIP) can be modified. E.g: Stack overflows, Heap overflows, memory corruptions, Use after-free, etc.

    What kind of exploit attack behavior can Sentinel detect?

    • ROP activity
    • Stack Pivoting
    • Invalid Caller
    • Return Address modification
    • Stack Execution
    • Stack Returning (previous step to stack execution)
    • Base Pointer modification (experimental)

    Video demonstration:

    Download:

    http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=tool&page=sentinel&file=Sentinel.zip

  2. ev153p.jpg

    The SI6 Networks' IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets.

    List of Tools:

    • addr6: An IPv6 address analysis and manipulation tool.
    • flow6: A tool to perform a security asseessment of the IPv6 Flow Label.
    • frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects.
    • icmp6: A tool to perform attacks based on ICMPv6 error messages.
    • jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms.
    • na6: A tool to send arbitrary Neighbor Advertisement messages.
    • ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets.
    • ns6: A tool to send arbitrary Neighbor Solicitation messages.
    • ra6: A tool to send arbitrary Router Advertisement messages.
    • rd6: A tool to send arbitrary ICMPv6 Redirect messages.
    • rs6: A tool to send arbitrary Router Solicitation messages.
    • scan6: An IPv6 address scanning tool.
    • tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks.

    Download:

    http://www.si6networks.com/tools/ipv6toolkit/ipv6toolkit-v1.5.2.tar.gz

    • Upvote 1
  3. iMdZyCXALdR19.PNG

    When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.

    Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking.

    Link:

    https://www.dnsleaktest.com

  4. icH6kDkYBWlD7.PNG

    Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.

    In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first investigate the conditions (e.g., lighting and camera orientation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern.

    Link:

    http://static.usenix.org/events/woot10/tech/full_papers/Aviv.pdf

  5. safe2t.jpg

    This inexplicably brief "research" paper presents an interesting physical world attack that may be easily deployed by a determined attacker to compromise many high-security access control systems in use today. Although this paper's findings are hardly groundbreaking (and in some ways, are downright obvious), it includes some cool pictures of what should be most certainly taken into account in risk management, secure zone planning, and when drafting operating procedures for high-risk areas.

    More info:

    http://lcamtuf.coredump.cx/tsafe

  6. logo.png

    Protect Yourself From Internet Virus Attacks

    Browsers and their plug-ins may be insecure. How to protect yourself from viruses? You can check your system with SurfPatrol and prevent attacks via your browser. Press "Check your browser" and follow SurfPatrol recommendations. SurfPatrol will point out those programs that need protection — be sure that your computer is secure.

    Link:

    http://www.surfpatrol.ru

  7. update v.0.12

    iv6sR9bTZvYDD.jpg

    New features: [v.0.7-0.12]

    • SIP Scanner (udp or tcp) with administration services detection and information gathering on SIP UA or server
    • Threads have been implemented in the launcher. Several tools can now be used at the same time.
    • Scanner: VxWorks debug mode detection
    • Exploit: Aastra IP Phone hardcode telnet login/password.
    • Exploit: Polycom HDX telnet authorization bypass (OSVDB 90125)
    • Tool: Cisco phone: Having fun with SSH
    • Exploit: Alcatel OXO FTP Denial of service.
    • Exploit: Mitel ip phone information disclosure.
    • Exploit: Mitel IP phone XSS vulnerability detection.
    • Tool: Add Cisco phone SSH server detection.
    • Tool: Add Cisco phone logout mobility feature abuse.
    • Tool: Implement a module to detect the use of default Login/password on embedded web interface from Mitel phones.
    • Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID 17376).
    • Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure.
    • Exploit: Add the script providing phone call and remote taping on SNOM phones.
    • Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID: 69934/EDB-ID 15807).

    Download:

    http://www.cedric-baillet.fr/IMG/zip/isme_v0.12.zip

    Documentation:

    http://www.cedric-baillet.fr/IMG/pdf/ISME_Documentation_v0.12.pdf

  8. ibsbZhaKcjvT97.PNG

    Because of the nature of barcodes, developers may not be expecting attacks from that vector and thus don't sanitize their inputs properly. I had previously written "XSS, Command and SQL Injection vectors: Beyond the Form" so this was right up my alley. I constructed this page that lets you make barcodes in Code 93, Code 39, Code 39ext and Code 128A, B and C.

    Link:

    http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php

  9. iAghpqlZUai2d.png

    P2P Email-Client based on library of Spot-on with Echo Protocol.

    Features:

    • Secure P2P Email from Friend to Friend without relying on a central server.
    • Key- / Repleo-Exchange.
    • Full decentral Email-Network using the Echo Protocol.
    • Store Email for Offline-Friends in the P2P Network.
    • Chat and Instant Messaging is build in. Define & Add your friends.
    • Strong e2e Multi-Encryption (PGP-kind/AES over SSL: using libgcrypt).
    • Libspoton Integration.
    • Additional Security Layer with the GB-Feature for Emails.
    • Preventing Data Retention (VDS). WoT-less.
    • HTTP & HTTPS Connections.
    • Open Source. BSD License.

    Download:

    BitMail - Secure P2P Email Client.

  10. ibeQkKKpdEQD2r.png

    Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won't show up in a pcap. Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range.

    Usage:

    run python send.py in one terminal window and python listen.py in another. Text you input into the send.py window should appear (after a delay) in the listen.py window.

    Warning: May annoy some animals and humans.

    Download:

    https://github.com/Katee/quietnet/archive/master.zip

  11. ib1MhAQzWtis4f.png

    Share Only What You Want Microsoft Word (.DOC) files can contain more than just text you see while editing them. Depending on the settings or features you use, they may contain all kinds of additional information that you may not want shared outside your home or company. Doc Scrubber lets you see that information, and scrub it from files before sending them to others.

    Powerful Features:

    • Analyze Word Documents. And discover hidden or potentially embarrassing data they may contain.
    • Scrub Word Documents. Remove hidden or potentially embarrassing data from your documents.
    • Scrub Multiple Documents at a Time. Scrub selected Word documents in a folder, or all documents in a folder, all at once - saving you time and effort.
    • Tested Compatibility with Word 97, 2000, and XP documents. Doc Scrubber can clean documents from multiple versions of Word.

    Download:

    http://www.brightfort.net/downloads/docscrubbersetup12.exe

  12. update v.2.1.0

    Major improvements are as follows:

    • Identifies sites co-hosted on IPs of your target.
    • Checks whether your target, affiliates or co-hosts have a bad reputation (PhishTank, Google SafeBrowsing, McAfee SiteAdvisor, abuse.ch and many more.)
    • Identifies the ISPs and BGP AS of your target.
    • Smarter at identifying owned netblocks.
    • UI enhancements, including some data visualizations.
    • More comprehensive searches across other Internet TLDs.
    • Identifies the use of non-standard HTTP headers.
    • Bing searches.
    • Many tweaks, improvements and bug fixes.

    Link:

    https://github.com/smicallef/spiderfoot/archive/2.1.zip

  13. SSLyze changed hosting.

    Key features include:

    • Multi-processed and multi-threaded scanning (it's fast)
    • SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
    • Performance testing: session resumption and TLS tickets support
    • Security testing: weak cipher suites, insecure renegotiation, CRIME and more
    • Server certificate validation and revocation checking through OCSP stapling
    • Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP
    • Support for client certificates when scanning servers that perform mutual authentication
    • XML output to further process the scan results

    New link:

    https://github.com/iSECPartners/sslyze

    https://github.com/iSECPartners/sslyze/archive/master.zip

  14. sat2.jpg

    • Search Malc0de Database
    • Search MS Malware Protection Center
    • Malware News Feed
    • Format JavaScript C0de
    • Decode Base64
    • Decode Unescape
    • Check Your REGX
    • Convert Shellcode to an EXE
    • Reverse IP Lookup (robtex.com)
    • Decode Obfuscated JavaScript (jsunpack)
    • Analyze URL/Binary (Anubis)
    • Decode JavaScript, Flash and PDF files (Wepawet)
    • Search Threat Expert
    • Check AntiVirus Coverage (Virustotal)

    Link:

    Malc0de

  15. ib2BjfntFvklok.PNG

    Affected products:

    Vulnerable are WordPress 3.7.1 and previous versions. And also WP 3.8, which was released at 14.12.2013 (since developers traditionally made their new version "vulnerabilities compatible").

    Description:

    The login and password from e-mail are saved in DB in plain text (unencrypted) in Writing Settings (http://site/wp-admin/options-writing.php), if this functionality is used. So by receiving data from DB via SQL Injection or Information Leakage vulnerability, or by receiving content of this page via XSS, or by accessing admin panel via any vulnerability, it's possible to get login and password from e-mail account.

    Which allows to take over this site (including in the future, via password recovery function) and other sites, where there is password recovery function, which will send letters to this e-mail. Because an user may use his main e-mail account in the settings (I saw such cases in Internet). This is complete jackpot.

    Backdoor:

    This functionality also can be used as backdoor. When attacker's e-mail is set in options Writing Settings, from which the posts will be published at web site. With XSS code, with black SEO links, with malware code, etc.

    ©websecurity.com.ua

  16. i8LJ4UBskrx7s.png

    Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers. Bitmessage encrypts each users' message inbox using strong encryption and replicates it inside its P2P network mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and protect the network from any control. The Bitmessage communication protocol avoids sender-spoofing through strong authentication, and hides metadata from wiretapping systems.

    Download:

    https://bitmessage.org/download/windows/Bitmessage.exe [Win]

    https://bitmessage.org/download/osx/Bitmessage.dmg [OS X]

    https://github.com/Bitmessage/PyBitmessage [Source code]

×
×
  • Create New...