background preloader

Computer Security

Facebook Twitter

Dynamically Unpacking Malware With Pin. A common approach that malware takes to hide itself is packing.

Dynamically Unpacking Malware With Pin

Sources. Buying Personal Information in the Deep Web. The criminal underground Before starting our quick tour in the criminal underground to collect information on the principal items and services offered for sale and rent, lets clarify some useful concepts.

Buying Personal Information in the Deep Web

What is the underground ecosystem? The term underground ecosystem is usually used to refer a collection of forums, websites and chat rooms that are designed with the specific intent to advantage, streamline and industrialize criminal activities. The underground ecosystem represents a portion of cyberspace that is considered vital for criminal communities, where criminals can acquire and sell tools, services and data for various kinds of illegal activities.

Ethical Hacking Training – Resources (InfoSec) Recently a team of experts from Dell SecureWorks released a report on black hat markets, titled “Underground Hacker Markets“, which reported a number of noteworthy trends, the most interesting of which is the growing interest in personal data. Shellcodes Database. Description Although now the shellcodes are rarely used, this page lists some shellcodes for study cases and proposes an API to search a specific shellcode.

Shellcodes Database

If you want add your shellcode in this database, send an email at submit at shell-storm org This is very straightforward to communicate with this API. Just send a simple GET method. The "s" argument contains your keyword. Use "*" for multiple keyword search. /? Photos of an NSA “upgrade” factory show Cisco router getting implant. A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered.

Photos of an NSA “upgrade” factory show Cisco router getting implant

These Trojan horse systems were described by an NSA manager as being “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.” The document, a June 2010 internal newsletter article by the chief of the NSA’s Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a “load station” designed specifically for the task. Startup finds malware intrusions by keeping an eye on processor radio frequencies. Bwall/HashPump.

Banking Trojans & Tesi

Qualys SSL Labs - Projects / SSL Server Test. Future South Gazette. Gyrophone: Recognizing Speech from Gyroscope Signals. BetterCrypto⋅org. Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube. Table of Contents Introduction About 3 months after finishing my previous exploit writing related tutorial, I finally found some time and fresh energy to start writing a new article.

Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube

Plain Text Offenders - About. Elvanderb/TCP-32764. Have I been pwned? Check if your email has been compromised in a data breach. ShellNoob 1.0 - a shellcode writing toolkit. Mmozeiko/aes-finder. Online x86 and x64 Intel Instruction Assembler. Exploit writing tutorial part 3 : SEH Based Exploits.

James Lyne: Everyday cybercrime. Security Circus. Images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf. XSS Filter Evasion Cheat Sheet. Interview With A Blackhat (Part 2) [Please note that this series of posts discusses criminal activities from the perspective of the criminal.

Interview With A Blackhat (Part 2)

Hijacking a Facebook Account with SMS. This post will demonstrate a simple bug which will lead to a full takeover of any Facebook account, with no user interaction.

Hijacking a Facebook Account with SMS

Enjoy. Facebook gives you the option of linking your mobile number with your account. This allows you to receive updates via SMS, and also means you can login using the number rather than your email address. The flaw lies in the /ajax/settings/mobile/confirm_phone.php end-point. This takes various parameters, but the two main are code, which is the verification code received via your mobile, and profile_id, which is the account to link the number to. Malware Hidden Inside JPG EXIF Headers. A few days ago, Peter Gramantik from our research team found a very interesting backdoor on a compromised site.

Malware Hidden Inside JPG EXIF Headers

This backdoor didn’t rely on the normal patterns to hide its content (like base64/gzip encoding), but stored its data in the EXIF headers of a JPEG image. It also used the exif_read_data and preg_replace PHP functions to read the headers and execute itself. Technical Details. How to 0wn the Internet in Your Spare Time. This paper appears in the Proceedings of the 11th USENIX Security Symposium (Security '02) Also in PDF optimized for reading onlinePDF optimized for printing Abstract The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet.

How to 0wn the Internet in Your Spare Time

Hackers Hut: Exploiting the heap. NextPreviousContents 11.

Hackers Hut: Exploiting the heap

Exploiting the heap Sometimes the buffer that overflows is not a local buffer on the stack, but a buffer obtained from malloc() and freed with free(). Let us do a small demo. Exploit the program heapbug.c: #include <stdio.h> #include <string.h> #include <stdlib.h> int main(int argc, char **argv) { char *p, *q; p = malloc(1024); q = malloc(1024); if (argc >= 2) strcpy(p, argv[1]); free(q); free(p); return 0; } Hacker uses an Android to remotely attack and hijack an airplane. The Hack in the Box (#HITB2013AMS) security conference in Amsterdam has a very interesting lineup of talks [pdf]. One that jumped out was the Aircraft Hacking: Practical Aero Series presented by Hugo Teso, a security consultant at n.runs in Germany. According to the abstract, “This presentation will be a practical demonstration on how to remotely attack and take full control of an aircraft, exposing some of the results of my three years research on the aviation security field.

The attack performed will follow the classical methodology, divided in discovery, information gathering, exploitation and post-exploitation phases. The complete attack will be accomplished remotely, without needing physical access to the target aircraft at any time, and a testing laboratory will be used to attack virtual airplanes systems. While keeping an eye on Twitter #HITB2013AMS, greatly interesting tweets started to appear as hackers who attended were excited. LinkedIn vs. password cracking. Index of /content/downloads/pdf. Smashing the Stack for Fun and Profit by Aleph One.