background preloader

Weblog : News from the Lab

Weblog : News from the Lab
Whether he's the guy or not… it fits the typical profile. A young person with good SEO skills pushing a rather useless app. Lame "SEO apps" are prevalent on Google Play. They're easy to find if you look. For example: • Best Antivirus Lite • SAFE antivirus Limited • Skulls Antivirus • Shnarped Hockey antivirus lite Best and SAFE link to one "developer" — while Skulls and Shnarped Hockey link to another. Though there are two different developers… the apps are identical apart from their name. Android apps: no developer skills required. So what do the apps do? Well, the "antivirus" open sa screen label "anti spyware". Hmm, the terms changed. Click "Start Scan" and the app does a basic scan of permissions for installed apps. Google Play: caveat emptor. P.S. Check out F-Secure App Permissions for Android. There has been plenty of noise about Heartbleed, so if you're an admin, you already know what to do. 1. As recommended reading we would suggest: OWASP Transport Layer Protection Cheat Sheet 5. 6.

SecuriTeam Blogs - Roger's Information Security Blog MSI :: State of Security | Insight from the Information Security Experts Neohapsis Labs Dan Kaminsky's Blog A Day in the Life of an Information Security Investigator Recent blog entries by Chief Monkey Articles The Links - Yes They are Broken :( Folks, I appreciate all the e-mail regarding broken links on the blog. From The Toolkit: Extending Burp Proxy with Extensions No joke, Burp Suite is one of my favorite application security testing tools, period. How the Heck Do You Test the Security of IPv6? "How the heck does one test IPv6?" Cheat Sheet: Master Boot Record While sorting through the mailbox this week, I happened upon an aspiring forensics student that was looking for some quick reference sheets to add to his ... Seven Hours of Video from TrustyCon 2014 For those of you that couldn't make it to TrustyCon in San Francisco today, never fear! OS X/IOS SSL Flaw Proof of Concept Tool I spent the past week at the RSA 2014 security conference in San Francisco this past week, and ran into the usual characters. EyeWitness: Rapid Web Application Triage Tool Jamming WiFi For Annoyance and No Profit From the Toolkit: Create Your Own Wordlists From Anything U.S.

Wargames We're hackers, and we are good-looking. We are the 1%. The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. If you have a problem, a question or a suggestion, you can join us on IRC. Suggested order to play the games in Bandit Leviathan or Natas or Krypton Narnia Behemoth Utumno Maze … Each shell game has its own SSH port Information about how to connect to each game using SSH, is provided in the top left corner of the page. ha.ckers.org web application security lab Here we are, my friends. The 1000th post. Whew! It’s quite a load off to have finally made it. Hopefully this doesn’t come as a surprise to anyone since I’ve been announcing it for months, and if you have questions, hopefully the FAQ can answer them. I wrote and re-wrote this post several times. It wasn’t that long ago that I unfortunately lost my love affair with security. I started ha.ckers.org as a place for me to experiment on my own, and share ideas with a few like-minded folks. With any kind of work you get a sense of anxiety. They say that if you look at the graph of happiness in your life you can tell what sort of life you led. I’m not an oracle and I really don’t like giving people incorrect information. Although I’m a fun loving person in many ways I also tend to be a pessimist and I do take things too seriously sometimes - definitely to a fault. So… where can this mythical happiness monster be found, you may be asking?

Command Line Kung Fu Chip and Skim: cloning EMV cards with the pre-play attack September 10th, 2012 at 19:25 UTC by Mike Bond November last, on the Eurostar back from Paris, something struck me as I looked at the logs of ATM withdrawals disputed by Alex Gambin, a customer of HSBC in Malta. Comparing four grainy log pages on a tiny phone screen, I had to scroll away from the transaction data to see the page numbers, so I couldn’t take in the big picture in one go. And with that the ball started rolling on an exciting direction of research that’s kept us busy the last nine months. Mike Bond, Omar Choudary, Steven J. Let’s go back to the start. Early on Alex smelled a rat. Expecting some sort of foul play we examined Alex’s log data in detail and found the vulnerabilities in the ATM. We also acquired three ATMs from Ebay and have been analysing them to determine the random number generation algorithm. As we considered the ramifications of the attack we realise that there are bigger issues at stake. First, there is an easier attack than predicting the RNG.

Blog In my previous post about clustering, I mentioned that it can be used as an efficient data reduction technique. I also provided some examples of timestamps that could be useful for detecting suspicious files on the system. One of them was a compilation time embedded inside Portable Executables (PE). The script scans directory (recursively, if requested) and finds all Portable Executables. On a screenshot below you can see the script at work – finding all PE files and grouping them into clusters: And after processing the whole folder, the resulting clusters are printed out: One needs to quickly scroll through these groups and look at isolated / oprhaned files or small groups and this should hopefully help in finding the bad apples. For example, after running it over the c:\window\system32 directory of various Windows flavors you may spot some interesting patterns: Compilation time is a very useful characteristic of Portable Executable. Speaking of the devil. Why?

Hacking Virtual Machines Part 2 - Virtualization Environments Read Hacking Virtual Machines Part 1 - Sniffing HERE. Virtualization is considered to be the new renaissance in computing. Suddenly, all those over sized servers are put to great use by putting multiple Guest OS's on them. But running IT services in a virtualized environment brings a whole host of new opportunities for hackers. In this article, we'll review the environment in which Virtualization lives, and which targets will yield most benefits for an attacker: The environment Virtualization for production use is not a home tool - Virtualization is usually used by organizations of 500 employees or more. The best virtualization attack targets, in order of preference are: Training platforms - These platforms are created by the 'Let's see if I can do this' philosophy. With this description of the environment, an attacker can prepare him/herself for attack on virtualization: Virtual machines are targets of opportunity - Virtual machines are not advertised. Conclusion

Android Forensics « Forensic Focus – Articles Smartphones are changing the IT and Communication landscape vastly. A Smartphone can do almost every good thing a computer can do. Today most of the corporate employee access and manage their official emails through the e-mail client installed on their Smartphone. Right from booking movie tickets to making fund transfers, all e-commerce and online banking transactions can be done using a Smartphone. As Smartphone market is growing, it is also catching bad guy’s attentions. There are number of Mobile Operating Systems present in the market. It is quite obvious that the widely used platform is likely to be targeted more, as in the case of Microsoft Windows Operating System. It is always a challenge for forensic examiners to discover the evidences from the Android devices. How Android can be used in Cyber Crime Android can be used in cyber crime in two ways: • Android device is targeted by the attacker. • Android device is used as a means to carry out cyber crime. Investigation • External Card

Homeland Security Watch

Related: