Cognitive and Scientific Brainology

Security - consulting,assessment,research,solutions,penetration tests.
Face - detect,track,recognize,extract features,learn emotions,character animation.

[ACSA-2012-04] HP JetDirect Download Manager for Windows suspicious "backdoor" functionality

01/14/12 | by zveriu | Categories: Software, Hack, Security, ACSA

[ACSA-2012-04] HP JetDirect Download Manager for Windows suspicious “backdoor” functionality

Jumping ahead, Secunia confirmed that from their point of view the “HP JetDirect Download Manager” is not backdoored/infected. Nevertheless, I’m posting the details for the interested ones.

My suspicions lied within this functionality:

Code:

"Model found in backdoor file!"
"FirmwareFileManager::ReadFirmwareBackDoorFile"
"FirmwareFileManager::ReadBackDoorfile"

Leave a comment •

28C3 (Chaos Computer Club Kongress 2011) presentations

01/09/12 | by zveriu | Categories: Security, Conference, CCC

28C3 (Chaos Computer Club Kongress 2011) presentations

Video - Hacking MFPs - PostScript:um, you’ve been hacked

Download slides:

Leave a comment •

...on Google Hall of Fame...

01/09/12 | by zveriu | Categories: Hack, Security

Have open my New Year with myself closing Google Hall of Fame October-December 2011 (I guess it was the last entry of 2011, since I submitted during last days of December)

More details about why I ended up there will follow, hopefully at one of the next conference talks.

Stay tuned. Stay secure.

9 comments •

Hacking MFPs Part1/Part2 - Videos

11/04/11 | by zveriu | Categories: Conference, T2, SyScan, EuSecWest, phNeutral, #days, SEC-T, hack.lu, HackCon

So here we are, summing up 1.5 years of research of “Hacking MFPs Part1″ and opening dawns of “Hacking MFPs Part2″.

This post will present the videos that accompanied the presentations. Source code to follow in the upcoming days.

NOTE: the videos are subtitled - use CC button in the players window to turn them on

Hacking MPFs/printers Part1 - Printer map, geolocation, public-exposure, data-harvesting

Hacking MFPs Part1 - Locally-Initiated PPE (Printing Payload Exploit)

Hacking MPFs Part1 - Remote-Initiated PPE (Printing Payload Exploit)

Hacking MFPs Part2 (soon to come) - Printer code execution - Shell, Memory dumper, Printer connections

Thanks to the great organisers of the conferences where these were presented, as well as big thank for the nice and patient audiences !

Hacking printers MFPs part1 for fun and profit andrei costin #days EuSecWest hack.lu HackCon phNeutral SEC-T SyScan T2

Leave a comment •

Harvesting Boarding Passes

11/02/11 | by zveriu | Categories: Software, Hack, Security

Harvesting Boarding Passes

It’s clear that personal and sensitive data should be protected by all means.
However it’s trully sad to see that people deliberately or unconsciously reveal very sensitive details about them, despite the fact that society is very concerned with “big brother” actions of 3rd-parties in the first place.

Following are just few (ab)use scenarios which I quickly came up with - the sky is the limit (in all it’s meanings !) when playing with someone’s flight…

I am not saying that every everage Joe kind of person will be tracked by these means in “a la” agent 007 style, but imagine an important science person/professor (dealing with sensitive issues, like for example nuclear R & D) being a target of such attack. And yes, I have seen interesting university&academia related boarding passes exposed…

Person identification

- learn sensitive details
- learn (airline) preferences and Frequent Traveller (FT) (to put the importance of this kind of information, let me remind you about WhiteHouse directive leaked thru WikiLeaks suggesting FT data harvesting by US embassies worldwide)
- learn susceptability to “Frequent Traveller Customer Service” impersonation/social engineering attacks
- learn travelling habits (departure hours, taken routes, etc.)