«
Expand/Collapse
190 items tagged "attack"
Related tags:
usa [+],
read [+],
web application [+],
stp [+],
security vulnerabilities [+],
packet generator [+],
independent network [+],
hyenae [+],
cross site scripting [+],
chaos communication congress [+],
black hat [+],
audit framework [+],
application [+],
tool 1 [+],
google [+],
packet [+],
china [+],
video [+],
paper [+],
hacker [+],
evasion [+],
darknet [+],
anonymous [+],
ExploitsVulnerabilities [+],
whitepaper [+],
web attack [+],
txt [+],
tool [+],
timing [+],
thc ipv [+],
thc [+],
proof of concept [+],
format string attack [+],
chotext [+],
audio [+],
aspx [+],
IPv6 [+],
website [+],
vulnerability [+],
u.s. [+],
tls server [+],
security [+],
schuyler towne [+],
schuyler [+],
proxy [+],
phone [+],
padding [+],
new [+],
network [+],
mathias payer [+],
malware [+],
library [+],
key [+],
iran [+],
instrumentation [+],
hacking [+],
hacker attack [+],
hack attack [+],
hack [+],
gtk interface [+],
format string attacks [+],
fhttp [+],
facebook [+],
ddos [+],
cryptographic authentication [+],
countermeasure [+],
code [+],
cell phone users [+],
binary fields [+],
attacker [+],
attack patterns [+],
Newbie [+],
Area [+],
yamas [+],
wreaks [+],
trash attack [+],
trash [+],
tls [+],
thai duong [+],
testing intrusion detection systems [+],
tehtri security [+],
targeting [+],
tabnapping [+],
symlink [+],
statistical properties [+],
stack overflow [+],
ssl [+],
sql [+],
spray [+],
smart phones [+],
slides [+],
sean barnum [+],
ruby [+],
rsa [+],
rizzo tags [+],
risk [+],
quantum cryptography [+],
quantum [+],
portuguese [+],
patrick engebretson [+],
pass [+],
pal [+],
outbreak [+],
org uk [+],
org [+],
operation [+],
open [+],
olympics [+],
ms10 [+],
mobile hotspot [+],
mobile application [+],
mobile [+],
microsoft [+],
methodologies [+],
manipulations [+],
london olympics [+],
london [+],
liu sebastien sauge [+],
lawyers [+],
latin america [+],
korean institutions [+],
korea [+],
kevin mahaffey [+],
josh pauli [+],
john hering [+],
john benson [+],
joe [+],
iphone [+],
ipad [+],
intrusion detection systems [+],
ids [+],
hering [+],
heap [+],
havoc [+],
eve [+],
enemies [+],
electronic discovery [+],
election systems [+],
download [+],
development frameworks [+],
detail [+],
department of homeland security [+],
demonstration [+],
ddos attacks [+],
ddos attack [+],
cryptography [+],
crypto [+],
credentials [+],
comodo [+],
comms [+],
claims [+],
certificate [+],
boston [+],
bob [+],
barnum [+],
backdoors [+],
back doors [+],
avalanche photodiodes [+],
authors [+],
asp [+],
arbitrary files [+],
arbitrary code [+],
app [+],
apache myfaces [+],
apache [+],
anti virus [+],
anatomy [+],
alice [+],
akamai [+],
abu dhabi [+],
zvi [+],
zombies [+],
zero day [+],
zero [+],
wpa wpa2 [+],
wpa [+],
work [+],
wont work [+],
wnage [+],
wireless keyboards [+],
wireless keyboard [+],
windows security software [+],
will [+],
wepkey [+],
wep [+],
website offline [+],
web servers [+],
web server platforms [+],
web pages [+],
web applications [+],
water facility [+],
war [+],
vows [+],
vista [+],
virus vendors [+],
virus [+],
use [+],
twitter [+],
tuples [+],
trees [+],
trawl [+],
toys [+],
token system [+],
timing attack [+],
threatens [+],
threat modeling [+],
threat [+],
thousands [+],
than [+],
teredo [+],
tear gas [+],
targeting iran [+],
targeted [+],
target user [+],
tags [+],
syria [+],
symlink attack [+],
swedish [+],
sweden [+],
suspicion [+],
surface [+],
supermarket chain [+],
sun patch [+],
study [+],
string [+],
strike [+],
still [+],
stealth attack [+],
stealth [+],
ssl servers [+],
sql injection [+],
spotlight [+],
spills [+],
sparks [+],
source [+],
solaris [+],
software vulnerabilities [+],
social engineering [+],
soca [+],
smutware [+],
smudge [+],
smartphone [+],
smart [+],
smacks [+],
skimming [+],
sites [+],
simultaneous attacks [+],
set [+],
service [+],
server [+],
seo [+],
security science [+],
security researchers [+],
security implications [+],
security firm [+],
security attack [+],
secureid [+],
scott blake [+],
scareware [+],
scandal [+],
safe bet [+],
safari [+],
rsa security [+],
royal engagement [+],
robert baird [+],
rfid systems [+],
researchers [+],
researcher [+],
replay attack [+],
remote attack [+],
remote [+],
record label [+],
random number generator [+],
pwns [+],
pushers [+],
pump [+],
privilege escalation vulnerability [+],
private keys [+],
poc [+],
pirate bay [+],
phishing [+],
pcap [+],
pattern sequences [+],
password list [+],
party websites [+],
papers [+],
page [+],
ottawa [+],
order [+],
openssh [+],
open source web [+],
obtain [+],
nuclear plant [+],
nss [+],
norway [+],
nick depetrillo [+],
next gen [+],
news [+],
nabs [+],
murdoch hack [+],
murdoch [+],
mr. phatak [+],
mike lynn robert baird [+],
middleware [+],
metasploit [+],
meta characters [+],
malware trail [+],
major defenses [+],
mail [+],
machine learning algorithms [+],
mac hole [+],
lulzsec [+],
lukas grunwald [+],
lol [+],
logarithm [+],
lock [+],
location [+],
local privilege escalation [+],
linux [+],
linked [+],
lian cai [+],
leak [+],
law firm [+],
krebs [+],
knows [+],
kim jong [+],
kills [+],
k. record [+],
joint chiefs [+],
joint [+],
jim hoagland [+],
jailed [+],
irc users [+],
ip addresses [+],
ioc [+],
intrusion prevention [+],
insulin pump [+],
insulin [+],
input [+],
injection [+],
immune [+],
imminent [+],
house hearing [+],
house [+],
hits [+],
hit [+],
hash functions [+],
hash [+],
hardlink [+],
hao chen [+],
hacks [+],
gyroscopes [+],
gyroscope based [+],
gutterman [+],
guardian [+],
gsm location [+],
gsm [+],
greets [+],
governments [+],
gmail [+],
fuzzdb [+],
functionality [+],
full swing [+],
fucks [+],
fragmentation [+],
fortune 500 company [+],
format [+],
firefox [+],
file [+],
fedora [+],
federal reserve [+],
federal probe [+],
fake [+],
extension [+],
european banks [+],
engagement story [+],
elephant [+],
eastern european [+],
drupal [+],
drill [+],
dos attack [+],
dos [+],
doomsday scenarios [+],
don bailey [+],
dog [+],
disclosure [+],
detection [+],
details web [+],
details [+],
design authors [+],
denial of service attack [+],
denial of service [+],
denial [+],
democrat [+],
defense contractor [+],
database [+],
cyberbullying [+],
critic [+],
cripples [+],
crime [+],
credit card information [+],
creating web [+],
cops [+],
confidential data [+],
confesses [+],
clickjacking [+],
clever [+],
claim [+],
city website [+],
cia website [+],
cia [+],
china arrests [+],
chiefs [+],
chief security architect [+],
change [+],
cdu [+],
causes [+],
catalogue changes [+],
carnal [+],
carmen san diego [+],
card skimming [+],
card [+],
cape city [+],
cant block [+],
bypasses [+],
brute force attack [+],
brown emails [+],
brazilian government [+],
brazilian [+],
bot [+],
booz allen hamilton [+],
bbc [+],
based [+],
baits [+],
backends [+],
aurora [+],
attackers [+],
attack trees [+],
attack targets [+],
attack signatures [+],
attack of the clones [+],
attack detection [+],
asia [+],
arrests [+],
argument [+],
apple users [+],
apache server [+],
announces [+],
android [+],
analyzer [+],
amateurs [+],
allen hamilton [+],
algerian [+],
al qaida web site [+],
al qaida [+],
akamai report [+],
advanced [+],
activists [+],
abortion provider [+],
Tools [+],
Skype [+],
Pentesting [+],
Hardware [+],
Countermeasures [+],
11b [+],
web [+],
hackers [+],
mitm [+],
cyber attack [+],
cyber [+]
-
-
![Permalink for '[Video] I Control Your Code'](/themes/lilina/web//media/mark_off.gif)
21:51
»
SecDocs
Authors:
Mathias Payer Tags:
exploiting Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Unsafe languages and an arms race for new bugs calls for an additional line of defense in software systems. User-space virtualization uses dynamic instrumentation to detect different attack vectors and protects from the execution of malicious code. An additional advantage of these virtualization systems is that they can be used to analyze different exploits step by step and to extract the exploit code from a running program. This talk explains the concept of different attack vectors (stack buffer overflows, format string attacks, return to libc attacks, race attacks / TOCTTOU, integer overflows, heap buffer overflows, and code anomalies). For each of these attack vectors we show possible exploits and explain how the virtualization system is able to detect and prevent the exploit. User-space virtualization uses a binary translation framework to instrument all running code. The instrumentation works like an additional virtualization layer and makes it possible to observe any changes to the runtime datastructures (code and data) of a running program. We use fastBT to instrument and analyze different exploitable programs. The added instrumentation detects changes in runtime layout and stops the program whenever exploit code is about to be executed. This talk presents different classes of exploits that can be observed in a dynamic instrumentation system. The exploits are analyzed and different security strategies are discussed. We then show how the instrumentation framework can implement an online protection mechanism against each class of attack vectors. Observable Attack Vectors Stack Overflow A limited buffer is (over) flown with user-data and over writes data on the stack (e.g., the return instruction pointer). Format String Attack An attack can write to an arbitrary address (e.g., the return instruction pointer or the address of a library function) if unvalidated user input is passed directly to the printf function. Return to libc Attack This attack prepares multiple stack frames that execute code sequences in libraries. The stack frame can be constructed so that (almost) arbitrary code is executed. Race Attacks / TOCTTOU Time-of-check-to-time-of-use race conditions exploit the fact that they can change values on the stack after they are checked but before they are used in the program or kernel. Integer Overflow Overflows can be triggered by using a negative integer value instead of an unsigned value. Heap Overflow A heap buffer overflow is used to overwrite function pointers or data from the memory allocator to trigger execution of arbitrary code. Code Anomalies x86_64 code is backward compatible to ia32 and in modern operating systems x86_64 and ia32 code can be mixed. The mix of different system calls makes it possible to break out of sand boxes that are not aware of all possible combinations of system calls. The exploits are detected generally whenever the program branches to the injected code or to the constructed code fragments. The program is interrupted and a debugger can be attached to analyze the state of the program. TOCTTOU attacks can be detected by observing the threads and using a specific system call architecture. Conclusion Dynamic instrumentation is an important tool to prohibit, detect, and analyze different attack vectors to running programs. Additional instrumentation guards can be used to better understand exploits. The additional layer of virtualization implemented through dynamic instrumentation can be used to detect and log bugs and is an additional line of defense against new exploits. Related Work A detailed discussion of related work is in the paper. These references here are for informational purposes only (to show how this talk was inspired) and not complete.
-
-
21:50
»
SecDocs
Authors:
Mathias Payer Tags:
exploiting Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Unsafe languages and an arms race for new bugs calls for an additional line of defense in software systems. User-space virtualization uses dynamic instrumentation to detect different attack vectors and protects from the execution of malicious code. An additional advantage of these virtualization systems is that they can be used to analyze different exploits step by step and to extract the exploit code from a running program. This talk explains the concept of different attack vectors (stack buffer overflows, format string attacks, return to libc attacks, race attacks / TOCTTOU, integer overflows, heap buffer overflows, and code anomalies). For each of these attack vectors we show possible exploits and explain how the virtualization system is able to detect and prevent the exploit. User-space virtualization uses a binary translation framework to instrument all running code. The instrumentation works like an additional virtualization layer and makes it possible to observe any changes to the runtime datastructures (code and data) of a running program. We use fastBT to instrument and analyze different exploitable programs. The added instrumentation detects changes in runtime layout and stops the program whenever exploit code is about to be executed. This talk presents different classes of exploits that can be observed in a dynamic instrumentation system. The exploits are analyzed and different security strategies are discussed. We then show how the instrumentation framework can implement an online protection mechanism against each class of attack vectors. Observable Attack Vectors Stack Overflow A limited buffer is (over) flown with user-data and over writes data on the stack (e.g., the return instruction pointer). Format String Attack An attack can write to an arbitrary address (e.g., the return instruction pointer or the address of a library function) if unvalidated user input is passed directly to the printf function. Return to libc Attack This attack prepares multiple stack frames that execute code sequences in libraries. The stack frame can be constructed so that (almost) arbitrary code is executed. Race Attacks / TOCTTOU Time-of-check-to-time-of-use race conditions exploit the fact that they can change values on the stack after they are checked but before they are used in the program or kernel. Integer Overflow Overflows can be triggered by using a negative integer value instead of an unsigned value. Heap Overflow A heap buffer overflow is used to overwrite function pointers or data from the memory allocator to trigger execution of arbitrary code. Code Anomalies x86_64 code is backward compatible to ia32 and in modern operating systems x86_64 and ia32 code can be mixed. The mix of different system calls makes it possible to break out of sand boxes that are not aware of all possible combinations of system calls. The exploits are detected generally whenever the program branches to the injected code or to the constructed code fragments. The program is interrupted and a debugger can be attached to analyze the state of the program. TOCTTOU attacks can be detected by observing the threads and using a specific system call architecture. Conclusion Dynamic instrumentation is an important tool to prohibit, detect, and analyze different attack vectors to running programs. Additional instrumentation guards can be used to better understand exploits. The additional layer of virtualization implemented through dynamic instrumentation can be used to detect and log bugs and is an additional line of defense against new exploits. Related Work A detailed discussion of related work is in the paper. These references here are for informational purposes only (to show how this talk was inspired) and not complete.
-
21:50
»
SecDocs
Authors:
Mathias Payer Tags:
exploiting Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Unsafe languages and an arms race for new bugs calls for an additional line of defense in software systems. User-space virtualization uses dynamic instrumentation to detect different attack vectors and protects from the execution of malicious code. An additional advantage of these virtualization systems is that they can be used to analyze different exploits step by step and to extract the exploit code from a running program. This talk explains the concept of different attack vectors (stack buffer overflows, format string attacks, return to libc attacks, race attacks / TOCTTOU, integer overflows, heap buffer overflows, and code anomalies). For each of these attack vectors we show possible exploits and explain how the virtualization system is able to detect and prevent the exploit. User-space virtualization uses a binary translation framework to instrument all running code. The instrumentation works like an additional virtualization layer and makes it possible to observe any changes to the runtime datastructures (code and data) of a running program. We use fastBT to instrument and analyze different exploitable programs. The added instrumentation detects changes in runtime layout and stops the program whenever exploit code is about to be executed. This talk presents different classes of exploits that can be observed in a dynamic instrumentation system. The exploits are analyzed and different security strategies are discussed. We then show how the instrumentation framework can implement an online protection mechanism against each class of attack vectors. Observable Attack Vectors Stack Overflow A limited buffer is (over) flown with user-data and over writes data on the stack (e.g., the return instruction pointer). Format String Attack An attack can write to an arbitrary address (e.g., the return instruction pointer or the address of a library function) if unvalidated user input is passed directly to the printf function. Return to libc Attack This attack prepares multiple stack frames that execute code sequences in libraries. The stack frame can be constructed so that (almost) arbitrary code is executed. Race Attacks / TOCTTOU Time-of-check-to-time-of-use race conditions exploit the fact that they can change values on the stack after they are checked but before they are used in the program or kernel. Integer Overflow Overflows can be triggered by using a negative integer value instead of an unsigned value. Heap Overflow A heap buffer overflow is used to overwrite function pointers or data from the memory allocator to trigger execution of arbitrary code. Code Anomalies x86_64 code is backward compatible to ia32 and in modern operating systems x86_64 and ia32 code can be mixed. The mix of different system calls makes it possible to break out of sand boxes that are not aware of all possible combinations of system calls. The exploits are detected generally whenever the program branches to the injected code or to the constructed code fragments. The program is interrupted and a debugger can be attached to analyze the state of the program. TOCTTOU attacks can be detected by observing the threads and using a specific system call architecture. Conclusion Dynamic instrumentation is an important tool to prohibit, detect, and analyze different attack vectors to running programs. Additional instrumentation guards can be used to better understand exploits. The additional layer of virtualization implemented through dynamic instrumentation can be used to detect and log bugs and is an additional line of defense against new exploits. Related Work A detailed discussion of related work is in the paper. These references here are for informational purposes only (to show how this talk was inspired) and not complete.
-
-
21:47
»
SecDocs
Authors:
Karsten Nohl Luca Melette Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. Most severe attack vectors on mobile phones are due to an outdated technology base that lacks strong cryptographic authentication or confidentiality. Given this discrepancy between protection need and reality, a number of countermeasures were developed for networks and phones to better protect their users. We explain the most important measures and track their deployment. Furthermore, we will release tools to measure the level of vulnerability of networks. Sharing the results of these measurements will hopefully create problem awareness and demand for more security by phone users around the world.
-
-
21:41
»
SecDocs
Authors:
Karsten Nohl Luca Melette Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. Most severe attack vectors on mobile phones are due to an outdated technology base that lacks strong cryptographic authentication or confidentiality. Given this discrepancy between protection need and reality, a number of countermeasures were developed for networks and phones to better protect their users. We explain the most important measures and track their deployment. Furthermore, we will release tools to measure the level of vulnerability of networks. Sharing the results of these measurements will hopefully create problem awareness and demand for more security by phone users around the world.
-
21:41
»
SecDocs
Authors:
Karsten Nohl Luca Melette Tags:
GSM phone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. Most severe attack vectors on mobile phones are due to an outdated technology base that lacks strong cryptographic authentication or confidentiality. Given this discrepancy between protection need and reality, a number of countermeasures were developed for networks and phones to better protect their users. We explain the most important measures and track their deployment. Furthermore, we will release tools to measure the level of vulnerability of networks. Sharing the results of these measurements will hopefully create problem awareness and demand for more security by phone users around the world.
-
16:53
»
Packet Storm Security Misc. Files
This is a brief whitepaper discussing how to set up QT Mobile Hotspot and YAMAS applications to man in the middle connections using your phone.
-
-
21:37
»
SecDocs
Tags:
malware DoS Event:
Black Hat Abu Dhabi 2011 Abstract: A Distributed Denial-of-Service(DDoS), one of the simplest and most powerful cyber attacks is a big problem nowadays. It has existed since the past, but now attackers can give greater damage to their target due to the development of more effective attack techniques and the propagation of high-speed internet and so on. Especially DDoS attack is now getting a huge problem because the unspecified individuals(called zombie PCs) are used in loading malicious codes while attacking a single site or system. DDoS attack is directly related to targeted companies, institutions and even governments, security companies and users as well. Plus, there is a possibility of running malicious code onto many other types of electronic devices such as smart phones, game consoles, home appliances and even cars. Therefore a new type of DDos attack might be seen in various places. In this presentation, we will figure out the large-scale DDoS attacks occurred in Korea(July 2009, March 2011) with detailed analysis and reverse tracking and how defenders(Korean institutions and security companies) coped with the attack. WE WILL NOT MENTION WHO THE ATTACKER IS. Also we will show the new type of DDoS attacks (by PC, smart phone, game console and so on) through demonstration. In this demonstration, we will handle the mechanism of DDos attacks including the type of attack, damage and preparation stage as well. Finally, we will suggest a solution of this problem. *IMPORTANT* This presentation tries not to include boring stuff. It will be fun with easy explanation and interesting demonstration.
-
21:37
»
SecDocs
Tags:
malware DoS Event:
Black Hat Abu Dhabi 2011 Abstract: A Distributed Denial-of-Service(DDoS), one of the simplest and most powerful cyber attacks is a big problem nowadays. It has existed since the past, but now attackers can give greater damage to their target due to the development of more effective attack techniques and the propagation of high-speed internet and so on. Especially DDoS attack is now getting a huge problem because the unspecified individuals(called zombie PCs) are used in loading malicious codes while attacking a single site or system. DDoS attack is directly related to targeted companies, institutions and even governments, security companies and users as well. Plus, there is a possibility of running malicious code onto many other types of electronic devices such as smart phones, game consoles, home appliances and even cars. Therefore a new type of DDos attack might be seen in various places. In this presentation, we will figure out the large-scale DDoS attacks occurred in Korea(July 2009, March 2011) with detailed analysis and reverse tracking and how defenders(Korean institutions and security companies) coped with the attack. WE WILL NOT MENTION WHO THE ATTACKER IS. Also we will show the new type of DDoS attacks (by PC, smart phone, game console and so on) through demonstration. In this demonstration, we will handle the mechanism of DDos attacks including the type of attack, damage and preparation stage as well. Finally, we will suggest a solution of this problem. *IMPORTANT* This presentation tries not to include boring stuff. It will be fun with easy explanation and interesting demonstration.
-
-
21:49
»
SecDocs
-
21:49
»
SecDocs
-
-
8:06
»
Packet Storm Security Recent Files
Whitepaper called Web Backdoors - Attack, Evasion and Detection. This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. It explains a few techniques that could be used to render undetectable and unnoticed backdoors inside web applications.
-
8:06
»
Packet Storm Security Misc. Files
Whitepaper called Web Backdoors - Attack, Evasion and Detection. This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. It explains a few techniques that could be used to render undetectable and unnoticed backdoors inside web applications.
-
-
8:55
»
Packet Storm Security Recent Files
This whitepaper goes into detail on how to break 802.11 detailing the various attack methodologies and tools needed to perform the attacks. Written in Spanish.
-
8:55
»
Packet Storm Security Misc. Files
This whitepaper goes into detail on how to break 802.11 detailing the various attack methodologies and tools needed to perform the attacks. Written in Spanish.
-
-
8:30
»
Packet Storm Security Recent Files
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
8:30
»
Packet Storm Security Tools
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
8:30
»
Packet Storm Security Misc. Files
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
8:23
»
Packet Storm Security Recent Files
This short paper describes the trash attack which is effective against the majority of fully- verifiable election systems. The paper then offers a simple but counter-intuitive mitigation which can be incorporated within many such schemes to substantially reduce the effectiveness of the attack. This mitigation also offers additional benefits as it significantly improves the statistical properties of existing verifiable systems.
-
8:23
»
Packet Storm Security Misc. Files
This short paper describes the trash attack which is effective against the majority of fully- verifiable election systems. The paper then offers a simple but counter-intuitive mitigation which can be incorporated within many such schemes to substantially reduce the effectiveness of the attack. This mitigation also offers additional benefits as it significantly improves the statistical properties of existing verifiable systems.
-
-
7:36
»
Packet Storm Security Misc. Files
Whitepaper called Using QR Tags to Attack Smart Phones (Attaging). It discusses the threatscape related to arbitrary scanning of these tags and using Metasploit to exploit them.
-
-
10:23
»
SecDocs
Authors:
Josh Pauli Kyle Cronin Patrick Engebretson Tags:
IDS sniffer Event:
Black Hat USA 2010 Abstract: Testing Intrusion Detection Systems (IDS) to ensure the most malicious attacks are detected is a cornerstone of these systems, but there is no standardized method to execute these tests. Running live exploitations is not always a viable option – especially when the rule set isn’t finalized, and clients are often nervous about the use of “hacker tools” on their networks. Furthermore, educators struggle to teach IDS concepts as a standalone principle without teaching attack methodologies at the same time. We are releasing two artifacts to help solve these problems. First we introduce PAL, a PCAP Attack Library full of individual pre-captured attack files that can be easily replayed for IDS testing and education. This library is completely preassembled, clean, and extendable to include further additions of attacks. Our initial library is created from the findings in the Common Attack Pattern Enumeration Classification (CAPEC) from the Department of Homeland Security. Second, we introduce SprayPAL, a software tool that we’ve developed to replay the PCAP attack library files. Users can send attacks to a specific target or broadcast to an entire subnet of machines. Additional features include the ability to select individual or multiple simultaneous attacks as well as provide layer 2 and 3 packet level manipulation. We conclude by presenting a methodology for capturing attacks and adding them to the public library. Both our PCAP attack library and SprayPAL tool will be released at Black Hat 2010 to the general public.
-
10:23
»
SecDocs
Authors:
Josh Pauli Kyle Cronin Patrick Engebretson Tags:
IDS sniffer Event:
Black Hat USA 2010 Abstract: Testing Intrusion Detection Systems (IDS) to ensure the most malicious attacks are detected is a cornerstone of these systems, but there is no standardized method to execute these tests. Running live exploitations is not always a viable option – especially when the rule set isn’t finalized, and clients are often nervous about the use of “hacker tools” on their networks. Furthermore, educators struggle to teach IDS concepts as a standalone principle without teaching attack methodologies at the same time. We are releasing two artifacts to help solve these problems. First we introduce PAL, a PCAP Attack Library full of individual pre-captured attack files that can be easily replayed for IDS testing and education. This library is completely preassembled, clean, and extendable to include further additions of attacks. Our initial library is created from the findings in the Common Attack Pattern Enumeration Classification (CAPEC) from the Department of Homeland Security. Second, we introduce SprayPAL, a software tool that we’ve developed to replay the PCAP attack library files. Users can send attacks to a specific target or broadcast to an entire subnet of machines. Additional features include the ability to select individual or multiple simultaneous attacks as well as provide layer 2 and 3 packet level manipulation. We conclude by presenting a methodology for capturing attacks and adding them to the public library. Both our PCAP attack library and SprayPAL tool will be released at Black Hat 2010 to the general public.
-
-
7:45
»
Packet Storm Security Recent Files
This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more.
-
7:45
»
Packet Storm Security Tools
This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more.
-
7:45
»
Packet Storm Security Misc. Files
This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more.
-
6:01
»
Hack a Day
A pair of security researchers have recently unveiled an interesting new keylogging method (PDF Research Paper) that makes use of a very unlikely smartphone component, your gyroscope. Most smart phones now come equipped with gyroscopes, which can be accessed by any application at any time. [Hao Chen and Lian Cai] were able to use an Android phone’s [...]
-
-
7:22
»
Packet Storm Security Recent Files
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
7:22
»
Packet Storm Security Misc. Files
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
7:00
»
Packet Storm Security Exploits
This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.
-
7:00
»
Packet Storm Security Recent Files
This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.
-
7:00
»
Packet Storm Security Misc. Files
This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.
-
-
18:08
»
Carnal0wnage
Carnal0wnage/Attack Research Blog is back on blogspot. URL is still
http://carnal0wnage.attackresearch.com and
http://carnal0wnage.blogspot.com should redirect you to the right place. I doubt that RSS feeds will be so lucky though...you'll probably want to update your feeds.
Hopefully being back on blogger will allow for more and better discussions than on the drupal site and if the
blind elephant guy is working on an update, hopefully this fucks up his talk and he doesn't get to call us out this year b/c Drupal sucks to update/manage.
-CG
-
-
8:14
»
Packet Storm Security Recent Files
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
8:14
»
Packet Storm Security Tools
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
8:14
»
Packet Storm Security Misc. Files
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
-
-
15:51
»
Packet Storm Security Recent Files
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
15:51
»
Packet Storm Security Tools
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
15:51
»
Packet Storm Security Misc. Files
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
-
16:19
»
Packet Storm Security Recent Files
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
16:19
»
Packet Storm Security Tools
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
16:19
»
Packet Storm Security Misc. Files
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
-
21:01
»
Packet Storm Security Tools
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
21:01
»
Packet Storm Security Recent Files
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
-
-
0:01
»
Packet Storm Security Recent Files
Akamai's Download Manager allows attackers to download arbitrary files onto a user's desktop. Using a so-called blended threat attack it is possible to execute arbitrary code. This attack affects the ActiveX control as well as the Java applet. This was fixed in version 2.2.5.4.
-
0:01
»
Packet Storm Security Exploits
Akamai's Download Manager allows attackers to download arbitrary files onto a user's desktop. Using a so-called blended threat attack it is possible to execute arbitrary code. This attack affects the ActiveX control as well as the Java applet. This was fixed in version 2.2.5.4.
-
-
13:02
»
Packet Storm Security Recent Files
TEHTRI-Security has released advisories discussing a stack overflow inside the iPhone iOS4 CFNetwork API, a client-side attack for BlackBerry devices, a client-side attack for HTC Windows Mobile cellphones, a client-side attack for the iPad and security issues related to trains.
-
13:01
»
Packet Storm Security Advisories
TEHTRI-Security has released advisories discussing a stack overflow inside the iPhone iOS4 CFNetwork API, a client-side attack for BlackBerry devices, a client-side attack for HTC Windows Mobile cellphones, a client-side attack for the iPad and security issues related to trains.
-
-
2:59
»
SecDocs
-
2:59
»
SecDocs
-
-
21:05
»
SecDocs
Authors:
Thai Duong Juliano Rizzo Tags:
web application cryptography cracking Event:
Black Hat EU 2010 Abstract: In 2009, we released a paper on MD5 extension attack ([1]), and described how attackers can use the attack to exploit popular web sites such as Flickr, Vimeo, Scribd, etc. The attack has been well-received by the community, and made the Top Ten Web Hacking Techniques of 2009 ([2]). In the conclusion of that paper, we stated that we have bexen carrying out a research in which we test-run a number of identified practical crypto attacks on random widely-used software systems. To our surprise, most, if not all, can be attacked by one or more of well-known crypto bugs. In this talk, we present the latest result of that research, where we choose another powerful crypto attack, and turn it into a new set of practical web hacking techniques. We show that widely used web development frameworks and web sites are using encryption wrongly that allow attackers to read and modify data that should be protected. It has been known for years in cryptography community that encryption is not authentication. If encrypted messages are not authenticated, data integrity cannot be guaranteed which makes systems vulnerable to practical and dangerous chosen-ciphertext attacks. Finally, we list several popular web development frameworks and web sites that are vulnerable to Padding Oracle attacks, including, but not limited to, eBay Latin America, Apache MyFaces, SUN Mojarra, Ruby On Rails, etc. These are all 0-day vulnerabilities. We show that even OWASP folks can't get it right, how can an average Joe survive this new class of vulnerabilities? We strongly believe that this is just the tip of the iceberg, and the techniques we describe in this research would uncover many more vulnerabilities for years to come.
-
2:13
»
SecDocs
Authors:
Thai Duong Juliano Rizzo Tags:
web application cryptography cracking Event:
Black Hat EU 2010 Abstract: In 2009, we released a paper on MD5 extension attack ([1]), and described how attackers can use the attack to exploit popular web sites such as Flickr, Vimeo, Scribd, etc. The attack has been well-received by the community, and made the Top Ten Web Hacking Techniques of 2009 ([2]). In the conclusion of that paper, we stated that we have bexen carrying out a research in which we test-run a number of identified practical crypto attacks on random widely-used software systems. To our surprise, most, if not all, can be attacked by one or more of well-known crypto bugs. In this talk, we present the latest result of that research, where we choose another powerful crypto attack, and turn it into a new set of practical web hacking techniques. We show that widely used web development frameworks and web sites are using encryption wrongly that allow attackers to read and modify data that should be protected. It has been known for years in cryptography community that encryption is not authentication. If encrypted messages are not authenticated, data integrity cannot be guaranteed which makes systems vulnerable to practical and dangerous chosen-ciphertext attacks. Finally, we list several popular web development frameworks and web sites that are vulnerable to Padding Oracle attacks, including, but not limited to, eBay Latin America, Apache MyFaces, SUN Mojarra, Ruby On Rails, etc. These are all 0-day vulnerabilities. We show that even OWASP folks can't get it right, how can an average Joe survive this new class of vulnerabilities? We strongly believe that this is just the tip of the iceberg, and the techniques we describe in this research would uncover many more vulnerabilities for years to come.
-
-
0:54
»
SecDocs
Authors:
Vikram Phatak Tags:
antivirus vulnerability IDS Event:
Source Conference Boston 2010 Abstract: What you don’t know can hurt you. NSS Labs will share research findings from our analysis of the attack and potential variants, along with a breakdown of security vendor approaches to protecting against these types of threats. Includes discussion of what security vendors are not covering that could prevent the next big attack. Vikram Phatak is CTO and leads the research team at NSS Labs. Mr. Phatak has over 15 years of experience in computer, network, and information security. Prior to joining NSS Labs, Mr. Phatak was CTO of Trustwave, founded and was CTO for an intrusion prevention product company, was chief security architect for a Fortune 500 company, and started one of the first Internet service providers in 1994.
-
-
3:45
»
SecDocs
Authors:
Nick DePetrillo Don Bailey Tags:
GSM phone locating Event:
Source Conference Boston 2010 Abstract: Using new resources in concert with new and old telephony tricks, the speakers have been able to successfully track users of GSM mobile phones without direct access to SS7. Though, initially, the granularity of the location information was not fine enough, the speakers have been able to develop effective techniques to supplement the location data. Augmenting this attack is the ability to learn a target user's mobile phone number without the user's knowledge, enhancing the passive nature of the attack. The speakers will elaborate on new real world attack vectors that make these threats both credible and practical. GSM location data in the US is private. However, unscrupulous providers have exposed this data to an international audience, allowing anyone access to this information for a price. The researchers will elaborate on the technical details of how and why the above attacks work, what solutions are possible, and how users can protect themselves.
-
-
10:37
»
remote-exploit & backtrack
Does anyone know of a freely available pcap "attack library" which could be run through TCPreplay? Specifically, I'd like the ability to select either specific individual or multiple-simultaneous attacks and send those attacks down the wire.
I've run some searches but haven't come up with anything yet---thought I would post here before I start building it out myself.
Thanks!
-
-
22:57
»
remote-exploit & backtrack
When the attacker not associated with a WPA or WPA2 station and finds a client that is on one of these types of stations. The attacker can still find useful information in the packets such as Google search terms among other things.
What is this kind of attack called?
-
-
17:22
»
remote-exploit & backtrack
Attack Simulation and Threat Modeling is a book that explores the abundant resources available in advanced security data collection, classification, processing and mining. It attempts to give insight into a number of alternative methods of security and attack analytics that leverage methodologies adopted from various other disciplines in extracting valuable data to support security research work and chart a course for enterprise security decision making.
Synopsis
Threat Vectors and Attack Signatures
Attack Virtualization and Behavioural analysis
Security Event Correlation and Pattern Recognition
Exploratory Security Analytics and Threat Hypothesis
Machine Learning Algorithms
It is released under the GNU FDL v1.3 License and can be downloaded here:
inverse.com.ng/book2/Attack_Simulation_and_Threat_Modeling.pdf
Cheers!
Olu
-
-
21:02
»
SecDocs
Authors:
Qin Liu Sebastien Sauge Tags:
cryptography quantum cryptography Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during the conference. Quantum cryptography, as being based on the laws of physics, was claimed to be much more secure than all classical cryptography schemes.(Un)fortunately physical hardware is not beyond of an evil control: We present a successful attack of an existing quantum key distribution system exploiting a photon detector vulnerability which is probably present in all existing devices. Without Alice and Bob losing their faith in their secure communication, we recorded 100% of the supposedly secret key. Single photon detectors based on passively quenched avalanche photodiodes are used in a number of quantum key distribution experiments. A vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click [1]. An attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem [2,3] is feasible. By controlling the polarization of a bright beam the eavesdropper Eve can force any detector of her choice to fire in the legitimate receiver Bob, such that she gets a full control of it without introducing additional errors. This allows Eve to run an intercept-resend attack without getting caught, and obtain a full copy of the transmitted secret key. We have fully demonstrated this attack under realistic conditions on an installed fiber optic quantum key distribution system. The system uses polarization encoding over 290 m of optical fiber spanning four buildings. A complete eavesdropper has been built, inserted at a mid-way point in the fiber line, and 100% of the secret key information has been recorded. Under attack, no significant changes in the system operating parameters have been observed by the legitimate users, which have happily continued to generate their 'secret' key.
-
21:02
»
SecDocs
Authors:
Qin Liu Sebastien Sauge Tags:
cryptography quantum cryptography Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during the conference. Quantum cryptography, as being based on the laws of physics, was claimed to be much more secure than all classical cryptography schemes.(Un)fortunately physical hardware is not beyond of an evil control: We present a successful attack of an existing quantum key distribution system exploiting a photon detector vulnerability which is probably present in all existing devices. Without Alice and Bob losing their faith in their secure communication, we recorded 100% of the supposedly secret key. Single photon detectors based on passively quenched avalanche photodiodes are used in a number of quantum key distribution experiments. A vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click [1]. An attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem [2,3] is feasible. By controlling the polarization of a bright beam the eavesdropper Eve can force any detector of her choice to fire in the legitimate receiver Bob, such that she gets a full control of it without introducing additional errors. This allows Eve to run an intercept-resend attack without getting caught, and obtain a full copy of the transmitted secret key. We have fully demonstrated this attack under realistic conditions on an installed fiber optic quantum key distribution system. The system uses polarization encoding over 290 m of optical fiber spanning four buildings. A complete eavesdropper has been built, inserted at a mid-way point in the fiber line, and 100% of the secret key information has been recorded. Under attack, no significant changes in the system operating parameters have been observed by the legitimate users, which have happily continued to generate their 'secret' key.
-
-
15:30
»
SecDocs
Tags:
cryptography Abstract: In this paper, we study the existence of multicollisions in it- erated hash functions. We show that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, i.e. pairs of messages, even for extremely large values of r. More precisely, the ratio of the complexities of the attacks is approximately equal to the logarithm of r. Then, using large multi- collisions as a tool, we solve a long standing open problem and prove that concatenating the results of several iterated hash functions in or- der to build a larger one does not yield a secure construction. We also discuss the potential impact of our attack on several published schemes. Quite surprisingly, for subtle reasons, the schemes we study happen to be immune to our attack.
-
-
15:04
»
remote-exploit & backtrack
I´m stuck on cracking a wepkey on an AP.
I did this a lot of times..
but this time
fragmentation attack won´t work
chopchop attack won´t work
is there another way?
What can cause this?
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution