ADS-B research was worth it - ICAO to create Cyber Security Task Force (CSTF)!

10/21/12 | by zveriu | Categories: Hack, Hack, Conference

ADS-B research was worth it!

ICAO to create Cyber Security Task Force (CSTF) - Our research is mentioned as key points!

Download/view here

Thanks to Aimee Turner for notifying us.

Errata: In the above PDF, it is wrongly mentioned “Dr. Andrei Costin” - wish I :). It’s still a long way, until than it should read “PhD candidate”

AthCon3 2012 Day2, Track1, 18:00-18:50 "Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"

09/19/12 | by zveriu | Categories: Conference, AthCon, Write-up

Download here.

Code:

athcon.org
Athens, 3-4 May, 2012
Day2, Track1, 18:00-18:50
"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements",
Michele Orru
 
"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"
 
BeEF
 
Demo Using the BeEF restuful api
1. beef programatically accessing metasploit
2. injects beef into some victim browser
3. inject an applet, then use the javascript to java communication to ge tthe hava version based on the hdk
4. then in meterpreter sysinfo to get the system info
5. then inject the "execute calc.exe" in the victim's machien thru the injjected java applet
 
New additions
    ajax calls posioning (xml request object is overriding)
    the module can have the target+_blank not to lose the victim
    getting the Persistence (history) from the civtim vrowsaer
 
New feature (in a testing branch - to be added soon)
    websocket support
    currently beef uses XHR, but for speed needs websocket
 
XHR in beef
pro - works everywhere (ie, chrome)
cons - (TODO)
 
if beef.browser.hasWebSocket(), don't use XHR pollin, open a websocket channel
support: firefox, chrome, safari, also mozwebsocket
https://github.com/radoen/beef-radoen - the experimental phase
 
Possibilities with WS
    real time VNC like hooked browser control
    faster tunneling proxy (fuzzin thru the hooked browser 4-5 times faster)
    general faster communication
 
 
Demo - BeEF with WS
    launch 1000 XHR-polling vs WS-based request
 
XssRays
    originally as pure JS-based XSS scanner, then integarted in beef
 
xssrays operation
    a page with links/forms which do get/post request intra or cross domain
    it adds the hidden iframe for each of the requests
    if the iframe is loading, then the resource was XSS-vulnerable
    it also works CROSS-DOMAINS (respecting the SOP!)

Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation

09/05/12 | by zveriu | Categories: Conference

Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation

Downloads

Timelines

  • Jun-2011 - Jul-2011 - Initial interest and research started
  • Jul-2011 - Feb-2012 - Some low-pace experiments, study of specifications, experiments, additional hardware acquisition
  • Feb-2012 - Mar-2012 - Revived interest
  • Mar-2012 - May-2012 - Development and preparation for BlackHat 2012 application
  • May-2012 - Application for BlackHat 2012 application
  • 07-Jul-2012 - Whitepaper and slides limited access available to BlackHat 2012 organizers only
  • 23-Jul-2012 - Whitepaper and slides public access available to all

Demo Ghost is in the Air(Traffic) - BlackHat 2012 - Airplane replay, fake airplane spoofing/impersonation

Read more! »

[ACSA-2012-16] - Microsoft Office CGM Images Memory Corruption CVE-2012-2524 Remote Code Execution Vulnerability

08/15/12 | by zveriu | Categories: ACSA

[ACSA-2012-16] - Microsoft Office CGM Images Memory Corruption CVE-2012-2524 Remote Code Execution Vulnerability

More on Microsoft security front.

As you might know, MS12-AUG is out on 14 Aug 2012.

Among the patches, there is one which addresses a vulnerability on CGM images corruption that I have reported to MS.

Details follow:

Related (older) reports, CVEs, patches:

Stay secure!

Securely yours,
Andrei

HIP2012 - Overview

07/01/12 | by zveriu | Categories: Conference, Hack In Paris, Write-up

Hack in Paris 2012 and Nuid du Hack 2012 are over - these were quite some nice days :)!

I would like to first thank the organizers, Sysdream and all the crews, for these two great events.

Hack In Paris is a all-in-all fun event, with great audience and smooth organization!

Nuid de Hack, on the over hand is a crazy gathering of enormous number of people under one roof (literally) and where you have the opportunity to meet from fiercful hard core hackers to pretty creative and constructive robot/cnc-mill makers who will share their great ideas and experience as part of the multitude of workshops taking place during the entire night!

Read more! »

:: Next Page >>

Ads

Blog-o-Mix

Mixing all blogs into a single access point.

| Next >

July 2014
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Misc

XML Feeds

What is RSS?

powered by b2evolution free blog software