Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

The Syrian Electronic Army's Most Dangerous Hack

April 3, 2015, 8:35 am
Search

Hiding Functionality with Exception Handlers (1/2)

April 3, 2015, 8:37 am
$
0
0
This post will cover the topic of hiding functionality by taking advantage of the OS-supported exception handling provided by Windows. Namely, it will cover Structured Exception Handling (SEH), and how it can be utilized to obscure control flow at runtime and how it can make it more difficult to perform static analysis on a binary.

more here..........http://www.codereversing.com/blog/archives/198

Python tricks: counting

April 3, 2015, 8:47 am
$
0
0
Last year, my buddy Kevin Thompson and I submitted a talk to Pycon 2015. It didn't get accepted, so I thought I'd write a few blog posts with some of the material.

When we started working with Python, like a lot of folks, we went through a few code tutorials and then immediately got to work writing ROCK SOLID PRODUCTION CODE. Well, we immediately started writing code, anyway. Along the way, we learned some tricks the hard way. This series explores a few of those tricks. Advanced programmers will already know most of these, but hopefully newer programmers will learn a few things that can make their lives a bit easier.

more here........http://xwell.org/2015/04/03/python-tricks-counting/

Project PQCRYPTO

April 3, 2015, 9:02 am
$
0
0
PQCRYPTO will allow users to switch to post-quantum cryptography: cryptographic systems that are not merely secure for today but that will also remain secure long-term against attacks by quantum computers. PQCRYPTO will design a portfolio of high-security post-quantum public-key systems, and will improve the speed of these systems, adapting to the different performance challenges of mobile devices, the cloud, and the Internet of Things. PQCRYPTO will provide efficient implementations of high-security post-quantum cryptography for a broad spectrum of real-world applications.

more here......http://pqcrypto.eu.org/index.html

Frida PluginFor Ida Pro

April 3, 2015, 9:11 am
$
0
0
This is plugin for ida pro thar uses the Frida api. Mainly trace functions.

"Your own scripts get injected into black box processes to execute custom debugging logic. Hook any function, spy on crypto APIs or trace private application code, no source code needed"

more here.......https://github.com/techbliss/Frida_For_Ida_Pro

Linux Loadable Kernel Module in Assembly

April 3, 2015, 9:36 am
$
0
0
Hello everyone! First of all, sorry for being silent for the last two years. There have been certain reasons for this. Anyway, I am back and I am going to share a portion of what I've learnt over this period.

Before I begin, as usual, a note for nerds: the code in this article is for demonstration purposes only and does not contain certain things, like error checking, that would otherwise be inevitable.

I have recently seen tones of posts about writing kernel module for a pre-compiled kernel on the Internet. Guys are doing good work, but there is one thing that I personally did not like - they all refer you to the configuration file for such kernel, which may be obtained this way or the other. Well, having configuration of the running kernel makes it almost no different from building a module for a kernel you compiled yourself (just almost). The bottom line - you want something to be done your way, do it yourself.

more here..........http://syprog.blogspot.com/2015/04/linux-loadable-kernel-module-in-assembly.html

XML External Entity attack (XXE) in a Nutshell

April 3, 2015, 9:37 am
$
0
0
The XXE attack has been around for a few years, but hasn’t gotten much attention until the last couple of years with some high-profile cases in Facebook and PayPal.

So, what is the XML External Entity attack? XXE is an abbreviation for XML External Entity. It is a part of the XML spec that allows a document to have entities that resolve to someplace external (not within the same document).

Some examples probably describe it best here........https://www.chs.us/xml-external-entity-attack-xxe-in-a-nutshell/

SedSystems D3 Decimator Multiple Vulnerabilities with Exploit

April 3, 2015, 9:48 am
Search

Reverse Port Forward through a SOCKS Proxy

April 3, 2015, 10:47 am
$
0
0
I had a friend come to me with an interesting problem. He had to get a server to make an outbound connection and evade some pretty tough egress restrictions. Egress is a problem I care a lot about [1, 2, 3]. Beacon is a working option for his Windows systems. Unfortunately, the server in question was UNIX-based. He asked if there were a way to make the UNIX system tunnel through Beacon to make its outbound connection.

read more here......http://blog.cobaltstrike.com/2015/04/02/reverse-port-forward-through-a-socks-proxy/

Remote Code Execution Possible Via Dell System Detect

April 3, 2015, 12:48 pm
$
0
0
Journalist John Leyden recently contacted us for our opinion on vulnerability research by Tom Forbes. The focus of Forbes' research was Dell's "System Detect" utility and a flaw that allows for remote code execution. Forbes reported his findings last November and Dell mitigated the issue in January (and also again last week).

But a significant problem remains from our point of view.

more here........https://www.f-secure.com/weblog/archives/00002800.html


and here is an additional article referencing Dell System Detect.........https://blog.malwarebytes.org/exploits-2/2015/04/dell-system-detect-vulnerability-now-classified-as-a-pup/

How I cracked NQ Vault's "encryption"

April 3, 2015, 10:53 am
$
0
0
Google it up if you want to: NQ Vault. I don't wanna link it form here. It's got some really nice ratings on the Play Store.

★ The most popular app with over 30 million users worldwide

★ CTIA - "The Best App of CTIA by the Techlicious 2012 Best of CTIA Awards"

★ PC Magazine - "PC Magazine Best Apps"

★ TRUSTe - Received "TRUSTe Privacy Seal"

★ Global Mobile Internet Conference App Space - "A top 50 app"

Day 1

I made a 1x1px png [test.png] in GIMP and ran echo NINJADOGE24 >> test.png and encrypted it in NQ Vault v6.1.00.22 with a simple password 2424.

more here.......https://ninjadoge24.github.io/#002-how-i-cracked-nq-vaults-encryption

2015-04-03 - NUCLEAR EK DROPS TESLACRYPT MALWARE

April 3, 2015, 11:53 am
$
0
0
PCAP AND MALWARE:

PCAP of the infection traffic:  2015-04-03-Nuclear-EK-traffic.pcap
PCAP from malwr.com analysis of the payload:  2015-04-03-malwr.com-analysis-of-payload.pcap
ZIP file of the malware:  2015-04-03-Nuclear-EK-malware.zip


NOTES:

Today, Nuclear EK used a serveftp.com domain, which is normally associated with Fiesta EK.
Those Nuclear EK URLs keep getting longer.
Today's payload is Teslacrypt ransomware, and the bitcoin address for the ransom payment is: 18Vfp5yaeqJcrQ5dGqYbR8qvfnAznw1oVv

more here..........http://malware-traffic-analysis.net/2015/04/03/index.html

Identifying and Disrupting Crypto-Ransomware (and Destructive Malware)

April 3, 2015, 6:49 pm
$
0
0
In recent years, malware has become very personal. Crypto-ransomware threats, including CryptoLocker, CryptoWall and TorrentLocker (pdf), have infected home users, businesses and even police departments, all of whom have had their personal data and hard work held hostage. When we think of precious family photos or an academic thesis being wiped by pure greed, it can become rather emotive. This is nasty stuff, and we need to do something about it!

I have been giving some thought to how we can stop crypto-ransomware doing it's thing. Initially, I thought about interfering with the Windows CryptAPI, perhaps hooking the CryptEncrypt function, however page 16 of a report analysing various samples by Bromium shows that some samples use CryptoAPI, others use OpenSSL libraries and a few even use custom inline code.

I then began thinking about what else was common to all of these threats and realised that they all (by their very nature) access a LOT of files, and therefore create an above average number of handles

more here........http://digital-forensics.sans.org/blog/2015/04/03/identifying-and-disrupting-crypto-ransomware-and-destructive-malware#

Integrating Outdated Flash is a Bad Idea, Even Worse Running It Without a Sandbox

April 4, 2015, 1:44 am

HackerKast 29 Bonus Round: Formaction Scriptless Attack

April 4, 2015, 1:48 am
$
0
0
Today on HackerKast, Matt and I discussed something called a Formaction Scriptless Attack. Content Security Policy (CSP) has put a big theoretical dent in cross site scripting. I say theoretical because relatively few sites are taking advantage of it yet; but even if it is implemented to prevent JavaScript from loading on the page, that doesn’t necessarily remove the possibility of attack from HTML injection.

more here...........https://blog.whitehatsec.com/hackerkast-29-bonus-round-formaction-scriptless-attack/
Search

godebug- A cross-platform debugger for Go

April 4, 2015, 2:10 am
$
0
0
godebug uses source code generation to instrument your program with debugging calls. go tool cover takes a similar approach to code coverage. When you run godebug, it parses your program, instruments function calls, variable declarations, and statement lines, and outputs the resulting code somewhere, and runs it. When this modified code runs, it stops at breakpoints and lets you step through the program and inspect variables.

more here..........https://github.com/mailgun/godebug

Delve

April 4, 2015, 2:13 am

The lack of HTTPS at Amazon: identifying items purchased using information leakage

April 4, 2015, 4:28 am
$
0
0
If you were to browse Amazon right now and someone was eavesdropping on your connection, they could tell exactly what you were looking at. Even if you're logged in, all item browsing takes place over HTTP. This is tremendously odd given that it's 2015 and encryption is well and truly fast enough for the masses

more here......http://smerity.com/articles/2015/amazon_information_leakage.html

The truth about the Bitcoin Foundation

April 4, 2015, 7:17 am

pixiewps: WPS Attacking Tool Video

April 4, 2015, 8:30 am
Viewing all 8064 articles
Browse latest View live
Search