Jump to content

Matasareanu

Members
 View Profile  See their activity

  • Posts

    30

  • Joined

  • Last visited

 Content Type 

Posts posted by Matasareanu

  8. DefCamp 2017

    in Anunturi importante

    Posted

    20 hours ago, Ossian said:

    perioada, si detalii despre voluntariat. Daca e ceva ce trebuie stiut inafara de ce au mentionat ei pe site. 

     

    Edit: In acelasi an se desfasoara in aceeasi perioada oare?

    Edit2 : doamne, acuma am vazut ce obosit is, scuzati exprimarea. 

    Perioada mereu a cam fost aceasi, plus minus o saptamana.
    Despre voluntariat, poti aplica aici cred https://def.camp/become-a-volunteer/  si te contacteaza ei.

    Le poti scrie si pe FB si  or sa iti raspunda :)

     

     

     

    • Like 1
    • Upvote 1

  14. MacOS user "root" without password

    in Exploituri

    Posted

    Acum vreo doua saptamani userul   chethan177  a postat pe Apple development forum si well, Apple missed it :)

    Momentul ala cand lumea il considera feature. 

    Se pare ca mizeria merge si remote daca ai Screen sharing activat.

    Temp fix: parola custom pusa pentru root. Disable root user nu afecteaza.

     

    Eu personal nu am putut reproduce pe doua mac-uri mai vechiute(un air si un pro) cu High Sierra pe ele. Tot upgrade de la Sierra.

  20. WiFi Krack (key reinstallation attacks) - all WiFi vulnerable

    in Stiri securitate

    Posted

    6 minutes ago, TheTime said:
    7 minutes ago, TheTime said:

    Ceva de genul:

    1. update firmware pe router
    2. panou de administrare cu parola strong
    3. setari din router pentru a nu permite clientilor sa comunice intre ei
    4. VPN intre clienti si un server extern sau VPN intre clienti si router
    5. Setari statice pe clienti pentru IP si DNS.
    6. HTTPS peste tot, inclusiv pentru site-urile din reteaua interna; asta ar trebui sa faca oricum, indiferent de vulnerabilitatea asta

    1. Updateuri e posibil sa nu vedem prea curand. Avand in vedere ca sunt routere vechi peste tot care nu au mai primit de secole updateuri sau nu o sa stea nimeni sa faca updateuri.

    2. Nu cred ca ajuta. E in protocol vulnerabilitatea.

    3. WiFi-ul in sine ca si canal de comunicatie face broadcast in aer. Nu este single channel ca prin cablu :)

    4. cred ca momentan este cam singura solutie.

    5. doar mitigheaza riscul de MiTM cu astea.

    6. asta cred ca este cel mai important.

    In concluzie cred ca doar sa ai un server de vpn in LAN ar mitiga problema. Chiar daca esti interceptat o sa fie gibberish.

    Alta problema: Toate IoT devices need to be burned. Majoritatea nu or sa primeasca updateuri la wpa_supplicant. Toate deviceurile cu XP care mai exista nu or sa primeasca update, deci or sa fie easy targets.

  22. Phishy Basic Authentication prompts

    in Proiecte RST

    Posted

    Title:Phishy Basic Authentication prompts

    URL: https://securitycafe.ro/2017/09/06/phishy-basic-authentication-prompts/

    Author: @TheTime

     

    Quote

     

    In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they accidentally enter invalid domains in web browsers.
    Responder’s approach is pretty good and it does some “magic” to catch and respond to DNS requests for in-existing domais,  however I think that there is way more potential in using Basic Authentication for phishing purposes.
    What I like (or dislike) most about basic authentication is that it is NEVER clear who is asking for your credentials and where they will end up. This type of confusion often tricks users into falling for simple phishing tricks, allowing attackers to easily gather user credentials.

    Users should be able to determine if a Basic Authentication request is genuine based on 2 security indicators:
    the IP address or domain of the entity that requests authentication. This often doesn’t help users since attackers can register domain names that resembles trusted domains. For example, when trying to leak the credentials for targetdomain.com, an attacker can register similar domains:
    targetdomain.co / .net
    target-domain.com
    targetdomain-oauth.com
    targetdomain-cdn.com
    targetdomain-images.com
    login-targetdomain.com
    the authetication parameter “Realm”, however this is a string that can be arbitrary provided by the attacker. Depending on the context, simple strings might trick users to consider that the Basic Authentication prompt is genuine:
    “Network proxy authentication required”
    “You were logged out due to inactivity, please login again.”
    Too much theory, let’s see a few examples where basic authentication prompts can be really confusing for the users. Presuming that targetdomain.com is a genuine website, an attacker can simply register (and control) target-domain.com, a website which might be confused with the original by some users.

     

     

    • Like 1
    • Upvote 4

  23. Going further with Responder’s Basic Authentication

    in Tutoriale in engleza

    Posted

    Going Further with Responder's Basic Authentication

    There are a good number of situations when we find ourselves abusing the LLMNR and NBT-NS protocols on an infrastructure penetration test, more specifically on an Active Directory setup. These 2 protocols are enabled by default on most of the Windows operating systems. What are they doing is they facilitate the communication between network machines when searching for a DNS hostname regardless if it’s a share, a server or a web hostname.

    The overview picture of the attack vector:

    • the victim is looking for a non-existing hostname
    • the DNS server cannot resolve the request
    • we reply and resolve the hostname resolution query
    • we ask the victim for authentication

     

    • Upvote 4
×
×
  • Create New...