Event Related

Resources

  • Access Control Part 3: Using the Big Guns! – penturalabs.wordpress.com
    Or rather miniature guns, that pack a powerful punch… Our previous posting on Access Control Part 2: Mifare Attacks, we demonstrated a weakness in some Mifare implementations.
  • IPMI:Freight Train to Hell – fish2.com
    IPMI is a protocol mainly used to facilitate remote management of servers. Published by
    Intel and created in conjunction with other major vendors it’s nearly universally
    supported and is widely used for emergency maintenance as well as the provisioning and
    rollout of applications, operating systems, and various other administrative tasks.
  • Domains That Are Typos of Other Domains – cert.org
    I’ve been investigating the usage of domains that are typos of other domains. For example, foogle.com is a typo of google.com, and it’s a common one since ‘f’ is next to ‘g’ on the standard keyboard. The existing hypothesis has been that typo domains would be used for malicious purposes.

Tools

  • What’s new in IronWASP v0.9.6.5 – blog.ironwasp.org
    IronWASP v0.9.6.5 is now available for download. Users of older versions should get an update prompt when using IronWASP. This is what you get with the new version.
  • gabemarshall/ntrace – github.com
    Command-line security tool to detect Cross-Site Tracing vulnerabilities, written in node.
  • levle/PHPmap – github.com
    PHPmap – Exploitation of the PHP eval() function where user input is passed
  • Egresser – Tool to Enumerate Outbound Firewall Rules – blog.cyberis.co.uk
    Egresser is a tool to enumerate outbound firewall rules, designed for penetration testers to assess whether egress filtering is adequate from within a corporate network.
  • pyreshark – code.google.com
    A Wireshark plugin providing a simple interface for writing dissectors in Python.
  • ZMap – The Internet Scanner – zmap.io
    ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.

Techniques

  • HackRF
    • Sniffing GSM with HackRF – binaryrf.com
      I recently had a play with sniffing some gsm using the HackRF, The clock was a little unstable and drifted quite a bit but in the end I was able to view lots of different system messages etc. I will assume you have a working linux system with gnuradio and hackrf running for this turotial, If not you can use the live cd which I referenced in the software section of the forum its a great tool and the hackrf works right out of the box.
    • Decoding Pocsag Pagers With The HackRF – binaryrf.com
      This is another quick tutorial on things you can do with the HackRF. I was lucky enough to get one as part of the beta, it is a great piece of hardware and it is my hope that with these tutorials I can do my part in getting more people interested and we can get massive community built around the HackRF. Today I am going to be talking about decoding pocsag pager messages, for this I will assume you are using the great ubuntu live cd for the hackrf.
  • The Burp SessionAuth Extension – skora.net
    Normally a web application should identify a logged in user by data which is stored on the server side in some kind of session storage. However, in web application audits someone can often observe that internal user identifiers are transmitted in HTTP requests as parameters or cookies.
  • Remote Code Execution on Wired-side Servers over Unauthenticated Wireless – blog.opensecurityresearch.com
    There’s a remote code execution vulnerability that can be exploited via 802.11 wireless to compromise a wired side server. The attacker needs no prior knowledge of the wireless network or authenticated access in order to exploit.
  • Nitesh Dhanjani: Hacking Lightbulbs – dhanjani.com
    The phenomenon of the Internet of Things (IoT) is positively influencing our lives by augmenting our spaces with intelligent and connected devices. Examples of these devices include lightbulbs, motion sensors, door locks, video cameras, thermostats, and power outlets.

Other News