SQL insertion
During the time that we were preparing for BlackHat, Haroon Meer (haroon@sensepost.com) started extensive fiddling with SQL insertion. A topic that has been touched on before, but never really studied in depth, Haroon decided to spend some time on it (between 2am and 5 am). He wrote a paper on it for Phrack Magazine that didn’t make it on account of formatting issues. After licking our wounds, we decided to put the paper out there and Haroon posted it to Pen-Test mailing list. In true Haroon style, the paper is a little difficult to follow, and I promised him I would recycle so that it would make sense to all the listeners out there.
Tuesday, October 29, 2002
very basics of TCP/IP - Layers and what they do
ntroduction – what is TCP/IP TCP/IP stands for Transmission Control Protocol/Internet Protocol and is the system of standard protocols that runs the web. That is to say, any computer that wants to send WWW information to another via the internet will almost certainly want to use TCP/IP as the transmission protocol, and understanding it is the key to understand the ‘lower levels’ of how the internet works. Though keep in mind that other protocols such as SMTP and FTP take over to control email and some file transfers respectively.
ntroduction – what is TCP/IP TCP/IP stands for Transmission Control Protocol/Internet Protocol and is the system of standard protocols that runs the web. That is to say, any computer that wants to send WWW information to another via the internet will almost certainly want to use TCP/IP as the transmission protocol, and understanding it is the key to understand the ‘lower levels’ of how the internet works. Though keep in mind that other protocols such as SMTP and FTP take over to control email and some file transfers respectively.
Freenet
Freenet is a large-scale peer-to-peer network which pools the power of member computers around the world to create a massive virtual information store open to anyone to freely publish or view information of all kinds.
Freenet is a large-scale peer-to-peer network which pools the power of member computers around the world to create a massive virtual information store open to anyone to freely publish or view information of all kinds.
Increasing Wireless Security with TKIP
TKIP is a quick-fix method to quickly overcome the inherent weaknesses in WEP security, especially the reuse of encryption keys. According to "802.11 Planet," "The TKIP [security] process begins with a 128-bit 'temporal key,' [which is] shared among clients and access points. TKIP combines the temporal key with the [client machine's] MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network."
TKIP is a quick-fix method to quickly overcome the inherent weaknesses in WEP security, especially the reuse of encryption keys. According to "802.11 Planet," "The TKIP [security] process begins with a 128-bit 'temporal key,' [which is] shared among clients and access points. TKIP combines the temporal key with the [client machine's] MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network."
The IP Smart Spoofing
This paper describe a new technique for spoofing an IP address with any networking application. IP spoofing is not new and various hacking tools have been developed to exploit it. In the following, we will discuss on the way to use it with any standard application. As a result, we will explain why IP based access control is not reliable in many cases, and should not be used in many corporate networks.
This paper describe a new technique for spoofing an IP address with any networking application. IP spoofing is not new and various hacking tools have been developed to exploit it. In the following, we will discuss on the way to use it with any standard application. As a result, we will explain why IP based access control is not reliable in many cases, and should not be used in many corporate networks.
Wednesday, October 23, 2002
Encryption method getting the picture
Researchers have created a new way to encrypt information in a digital image and extract it later without any distortion or loss of information.
A team of scientists from Xerox and the University of Rochester said that the technique, called reversible data hiding, could be used in situations that require proof that an image has not been altered.
Researchers have created a new way to encrypt information in a digital image and extract it later without any distortion or loss of information.
A team of scientists from Xerox and the University of Rochester said that the technique, called reversible data hiding, could be used in situations that require proof that an image has not been altered.
Using File Hashes to Reduce Forensic Analysis
The "hashkeeper" paradigm or model was first introduced a number of years ago by Brian Deering of the National Drug Intelligence Center (www.hashkeeper.org). Since then, computer forensic analysts have come to use the term hashkeeper when they discuss ways of using the hash values of files to assist in forensic analysis.
The "hashkeeper" paradigm or model was first introduced a number of years ago by Brian Deering of the National Drug Intelligence Center (www.hashkeeper.org). Since then, computer forensic analysts have come to use the term hashkeeper when they discuss ways of using the hash values of files to assist in forensic analysis.
Tuesday, October 22, 2002
Exposing the Underground: Adventures of an Open Proxy Server
This paper discusses the abuse of misconfigured HTTP proxy servers, taking a detailed look at the types of traffic that flow through this underground network. Also discussed is the use of a "honeyproxy", a server designed to look like a misconfigured HTTP proxy. Using such a tool we can spy on the Internet underground without the need for a full-blown honeypot.
This paper discusses the abuse of misconfigured HTTP proxy servers, taking a detailed look at the types of traffic that flow through this underground network. Also discussed is the use of a "honeyproxy", a server designed to look like a misconfigured HTTP proxy. Using such a tool we can spy on the Internet underground without the need for a full-blown honeypot.
EKAHAU
Ekahau Positioning Engine (EPE) is a powerful Java-based positioning server that provides PC and PDA location coordinates (x, y, floor) and tracking features to client applications. EPE includes a stand-alone Manager application for performing the site survey, drawing Ekahau Tracking Rails™, recording site calibration data, tracking wireless devices, and analyzing the positioning accuracy. Ekahau's patent-pending technology features up to 1 meter (3½ ft) average accuracy, enabling people and asset tracking both indoors and outdoors.
Ekahau Positioning Engine (EPE) is a powerful Java-based positioning server that provides PC and PDA location coordinates (x, y, floor) and tracking features to client applications. EPE includes a stand-alone Manager application for performing the site survey, drawing Ekahau Tracking Rails™, recording site calibration data, tracking wireless devices, and analyzing the positioning accuracy. Ekahau's patent-pending technology features up to 1 meter (3½ ft) average accuracy, enabling people and asset tracking both indoors and outdoors.
Writing a universal backdoor
The idea is to write a simple ( but universal ) backdoor, that is able to perform ANY TASK without knowing ( at the time it is written and installed ) which TASKS it will perform in the future. The backdoor will be very small, containing no coded functionality, but being able to be used for any purpose you don't even know of when you install the backdoor on the victim's PC. Plugin mechanism may be a better description for this kind of backdoor, because anytime your victim is online, you can "plugin" some "feature" and run it on his machine.
This article will focus on the underlying concept, not on the implementation of all the possible "features".
It's an article for people who want to programm a backdoor. Nevertheless it will present a simple ready-to-run backdoor that you just have to compile and install.
AND: I will use Java as the programming language !
The idea is to write a simple ( but universal ) backdoor, that is able to perform ANY TASK without knowing ( at the time it is written and installed ) which TASKS it will perform in the future. The backdoor will be very small, containing no coded functionality, but being able to be used for any purpose you don't even know of when you install the backdoor on the victim's PC. Plugin mechanism may be a better description for this kind of backdoor, because anytime your victim is online, you can "plugin" some "feature" and run it on his machine.
This article will focus on the underlying concept, not on the implementation of all the possible "features".
It's an article for people who want to programm a backdoor. Nevertheless it will present a simple ready-to-run backdoor that you just have to compile and install.
AND: I will use Java as the programming language !
Sunday, October 20, 2002
network Security Group
These are descriptions, slides and notes for the monthly OSU SECWOG meetings and for other talks that members of the group have given. In some cases you'll find slides (web, Adobe Acrobat (pdf), postscript...) and in others we just have notes available.
These are descriptions, slides and notes for the monthly OSU SECWOG meetings and for other talks that members of the group have given. In some cases you'll find slides (web, Adobe Acrobat (pdf), postscript...) and in others we just have notes available.
Thursday, October 17, 2002
IACIS Home Page
IACIS is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. IACIS members represent Federal, State, Local and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems.
IACIS is an international volunteer non-profit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science. IACIS members represent Federal, State, Local and International Law Enforcement professionals. Regular IACIS members have been trained in the forensic science of seizing and processing computer systems.
Computer Forensic Legal Standards and Equipment
This paper addresses an issue of increasing importance to companies in this modern era. Computer Incident Response Teams (CIRTs), network security, and intellectual property (IP) security are growing in importance and are becoming many companies’ top priority in this age of increased security conscious commerce. The topic of this document focuses on the CIRT aspect of security conscious commerce, but in a less familiar role. This less familiar role of CIRT is the function of investigations and more specifically, the role of computer forensics as part of a company’s arsenal in the war on network/resource abuse and intellectual property theft. This document is not designed to provide a specific checklist of everything that a CIRT must have, or provide expert knowledge of all laws related to the handling of evidence. It does however seek to provide the reader with some of the basic considerations and tools available to make a CIRT or corporate investigator effective in gathering, preserving and analyzing computer evidence.
This paper addresses an issue of increasing importance to companies in this modern era. Computer Incident Response Teams (CIRTs), network security, and intellectual property (IP) security are growing in importance and are becoming many companies’ top priority in this age of increased security conscious commerce. The topic of this document focuses on the CIRT aspect of security conscious commerce, but in a less familiar role. This less familiar role of CIRT is the function of investigations and more specifically, the role of computer forensics as part of a company’s arsenal in the war on network/resource abuse and intellectual property theft. This document is not designed to provide a specific checklist of everything that a CIRT must have, or provide expert knowledge of all laws related to the handling of evidence. It does however seek to provide the reader with some of the basic considerations and tools available to make a CIRT or corporate investigator effective in gathering, preserving and analyzing computer evidence.
Forensic Computer and Data Investigations
Things you should consider before gathering and determining who will examine your data.
Things you should consider before gathering and determining who will examine your data.
Computer Forensic Examiners
CYBER CRIMINALS MOST WANTED, The First One-Stop Cybercrime Awareness, Prevention and Safety Website. I'm on it!
CYBER CRIMINALS MOST WANTED, The First One-Stop Cybercrime Awareness, Prevention and Safety Website. I'm on it!
Hacking Citrix Citrix is a Remote Desktop application that is becoming widely popular. It is similar to Microsoft's Terminal Services, RDP (Remote Desktop Protocol). Unlike Terminal Services, Citrixs' lines of products allow the administrator to specify
certain applications to be run on the server. This allows them to control which programs they want to allow the end user to execute. There exists an interesting gray line for the security of citrix applications due to the mixing of both
citrix technology, and microsoft technology. With an application that allows users remote access to not only published programs, but remote desktops, a serious threat arises. Microsoft Terminal Services uses RDP, whereas Citrix uses ICA
(Independent Computing Architecture).
In this paper I will be outlining how citrix works, and how to take advantage of the way citrix handles user access to programs.
certain applications to be run on the server. This allows them to control which programs they want to allow the end user to execute. There exists an interesting gray line for the security of citrix applications due to the mixing of both
citrix technology, and microsoft technology. With an application that allows users remote access to not only published programs, but remote desktops, a serious threat arises. Microsoft Terminal Services uses RDP, whereas Citrix uses ICA
(Independent Computing Architecture).
In this paper I will be outlining how citrix works, and how to take advantage of the way citrix handles user access to programs.
Tuesday, October 15, 2002
How mobile phones let spies see our every move
Government's secret Celldar project will allow surveillance of anyone, at any time and anywhere there is a phone signal.
Government's secret Celldar project will allow surveillance of anyone, at any time and anywhere there is a phone signal.
Tuesday, October 08, 2002
Wireless & Devices: Secure Your Organization's Mobile Devices
Without proper security, mobile devices can present risks to your enterprise. Discover your options for securing them.
Without proper security, mobile devices can present risks to your enterprise. Discover your options for securing them.
Friday, October 04, 2002
Subscribe to:
Posts (Atom)
