What this means is that in case we store a credential in a Database and later check for the validity of a password the check will always result in TRUE (i.e correct)
Excerpt of "Bluetooth Security - All your base are belong to us.
Whitepapers
TLS/SSL Renegotiation Vulnerability (CVE-2009-3555) This paper explains the SSLv3/TLS renegotiation
vulnerability for a broader audience and summarizes the information that
is currently available. It includes original research and Proof of
concept code.
Updates:
Updated : Added SMTP over TLS attack scenario
Updated : Added FTPS analysis
Updated : New attacks against HTTPS introduced
Updated : PoC files for TRACE and 302 redirect using TLS rengotiation flaw
TLS/SSL hardening and compatibility report 2011
What started as an "I need an overview of best practise in SSL/TLS configuration" type of idea, ended in a 3 month code, reverse engineer and writing effort.
This paper aims at answering the following questions :
What SSL/TLS configuration is state of the art and considered secure enough ?
What SSL/TLS ciphers do modern browsers support ? What SSL/TLS settings do server and common SSL providers support ?
What are the cipher suites offering most compatibility and security ?
Should we really disable SSLv2 ? What about legacy browsers ?
How long does RSA still stand a chance ?What are the recommended hashes,ciphers for the next years to come
The paper includes two free tools :
SSL Audit : SSL/TLS scanner
Harden SSL/TLS : Windows server and client SSL/TLS hardening tool
I do not consider myself to be a developer, I have however during my career developed a lot of Proof of Concept code. including offensive and defensive tools that I have made public.
BTCrack 1.11
BTCrack was the worlds first Bluetooth Pass phrase (PIN) and linkkey brute-force tool. It was presented it the renowned SAAL1 at the 23C3 in Berlin. BTCrack will brute-force the Passkey and the Link key from captured Bluetooth pairing exchanges.
To capture the pairing exchange it is necessary to have a Professional Bluetooth Analyzer : FTE (BPA 100, BPA 105, others), Merlin OR to know how to flash a CSR based consumer USB dongle with special firmware. (Update 2011: Ubertooth also is a possibility now)
As of version 1.1, BTCrack started to include FPGA support through picocomputing E-Series.
Secure-It™ is a local Windows security hardening tool, proactively secures your PC by either disabling the intrusion and propagation vectors proactively or simply by reducing the attack surface by disabling unimportant functions.
The tool secured Windows workstation as-well as servers against new dangers by blocking the root cause of the vulnerabilities exploited by malware, worms and spyware. Secure-it had a track record of preventing several 0-day exploits pro actively
History of real-life proactive protection :
2004 Protected against the Help Active X control exploit in advance.
2004 Protected against the second Help Active-X control exploit not correctly patched.
2004 Protected against the DHTML Active-x Control exploit in advance.
Harden-It™ is a Network and System hardening tool for Windows, by hardening the IP stack your Network can sustain or completely thwart various sophisticated network attacks:
Harden your server's TCP and IP stack (ICMP, SYN, SYN-ACK..)Reduces or mitigates effects from DoS and other network based attacks
Enable SYN flood protection when an attack is detected▪ Set the threshold values that are used to determine what constitutes an attack
Various other protections.
History of real-life proactive protection : ▪ 2006 Protected against the Windows IGMP Denial of service attack in advance. Details ▪ More information Tag
Tags : Defensive, Hardening, Tool
Remote Administration Tool (GPL)
Remote Administration Tool is a small free remote control software package derived from the popular TightVNC software.
With "Remote Administration Tool", you can see the desktop of a remote machine and control it with your local mouse and keyboard, just like you would do it sitting in the front of that computer. Small, easy, no installation required.
CSS-DIE CSSDIE is a community-developed fuzzer for verifying browser integrity, written by H D Moore, Matt Murphy, Aviv Raff, and Thierry Zoller. CSSDIE will look for common CSS1/CSS2/CSS3 implementation flaws by specifying common bad values for style values Details ▪ More information
Tags: Fuzzer, Offensive, Tool
Omron Communicator
This software is based on my efforts to reverse engineer the Hitachi Omron Hybrid Card readers. Omron Card readers are used in various commercial setups like ATM, identity management, payment systems, parking systems. The effort displayed on this blog is purely done out of research and awareness purposes.
Consistent hashing must work. Given the current status of random configurations, biologists famously desire the deployment of PKI, which embodies the intuitive principles of cryptanalysis.
The implications of certifiable configurations have been far-reaching and pervasive. After years of confirmed research into flip-flop gates, we disprove the analysis of robots that would make simulating context free grammar a real possibility, which embodies the confusing principles of stenography.
Our focus in this work is not on whether multiprocessors can be made authenticated, random, and empathic, but rather on presenting new semantic communication (Moo).
The study of the location-identity split has evaluated linked lists, and current trends suggest that the analysis of evolutionary programming will soon emerge.
Unified optimal symmetries have led to many extensive advances, including SCSI disks and agents [10]. After years of appropriate research into cache coherence, we prove the improvement of digital-to-analog converters, which embodies the robust principles of cryptanalysis. Valence, our new heuristic for the construction rasterization, is the solution to all of these problems.
The emulation of erasure coding is an essential challenge. ApodAni, our new framework for pseudo random theory, is the solution to all of these grand challenges.
Excerpt of discovered Vulnerabilities
Below is an overview of new vulnerabilities I have discovered, coordinated and disclosed, this list does not include vulnerabilities that were being discovered during my professional career.
2020
After evolving career wise into different Management Roles (CISO, Country Head of IS Risk) I wanted to deep dive again and proove to myself that I can still do a bit of vulnerability research, so without further ado, here we go :
This is my version of the the Bluetooth Sniper weapon, it features a medium sized YAGI antenna combined with a 10* magnification scope and a metalized parabolic which may bundle the Bluetooth signal, thus further enhancing the range.
Disclaimer: The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.
How Cryptocurrency Turns to Cash in Russian Banks
-
A financial firm registered in Canada has emerged as the payment processor
for dozens of Russian cryptocurrency exchanges and websites hawking
cybercrime s...
Weekly Update 429
-
A super quick intro today as I rush off to do the next very Dubai thing:
drive a Lambo through the desert to go dirt bike riding before jumping in a
Can-...
Update: 1768.py Version 0.0.22
-
This is a bug fix version. 1768_v0_0_22.zip (http)MD5:
6446F5C09BF70FAFBB3171734844B350SHA256:
4716A4A72FB4C0265CAF541D5FF709615B9CB4129C20C98F1BBA535AA5D4...
What to Do With Products Without SSO?
-
First, let’s get this out of the way: SaaS vendors that lock Single Sign-On
(SSO) behind enterprise-only plans are disadvantaging their customers and
the i...
Is Telegram really an encrypted messaging app?
-
This blog is reserved for more serious things, and ordinarily I wouldn’t
spend time on questions like the above. But much as I’d like to spend my
time writ...
What a lovely sunset
-
Oh, hi. Long time no blog, eh?
Well, it is time to sunset this blog, I will be deleting it in the next few
weeks.
So long, and thanks for all the fis...
The Future of the FTC: Part II
-
A previous blog post discussed FTC Chairwoman Slaughter’s first priority as
the newly designated chairwoman – the COVID-19 pandemic. The FTC’s second
prior...
Minecraft Mod, Follow up, and Java Reflection
-
After yesterday's post, I received a ton of interesting and creative
responses regarding how to get around the mod's restrictions which is what
I love abou...
Youtube channel
-
I've continued to make updates to the python version of satori and have put
a lot of time in the past few weeks to updating fingerprints and fixing
some mi...
In Which You Get a Chance to Save Democracy
-
Let’s start with the end: you can do something to change the broken
political landscape in the United States, but you have to act quickly.
Here’s a link to...
Ma contribution au mois de la cybersécurité
-
Dans le cadre du mois de la sécurité, l'ANSSI met en avant son MOOC : la
SecNumAcadémie. Il m'a semblé opportun de vous résumer les 2h48 que j'ai
passées ...
Introducing Qualys Project Zero?
-
Google's Project Zero team was announced in July 2014. Since then, it has
become very well known for publishing offensive security research of
exceptional ...
Rogue One Sequel already being filmed!
-
There’s some really interesting leaked photos and analysis by Charles
Goodman. “Leaked photos from the Rogue One sequel (Mainly Speculation –
Possible Spoi...
VulnHub Stapler 1 Solution
-
Well, after long time, I'm back to blogging ..!!
This post is about the solution for the Stapler VM from VulnHub. The VM
gets the following IP:
Stapler VM...
McAfee SiteList.xml password decryption
-
Recently, a very good friend of mine (@Sn0rkY) pointed me out the story of
a pentester who recovered the encrypted passwords from a McAfee
SiteList.xml fil...
La géolocalisation du salarié par l’employeur
-
Avec l’avènement des nouvelles technologies et leur perfectionnement, de
plus en plus d’employeurs décident de recourir à la géolocalisation de
leurs véh...
Learning SDR
-
I recently launched Software Defined Radio with HackRF, an instructional
video series that I hope will make it easier than ever for people to learn
the bas...
USENIX Security Symposium Slides
-
We're very happy to present the paper
Revisiting SSL/TLS Implementations - New Bleichenbacher Side Channels and
Attacks
by Christopher Meyer, Juraj Somo...
New Insights into Email Spam Operations
-
Our group has been studying spamming botnets for a while, and our efforts
in developing mitigation techniques and taking down botnets have
contributed in d...
RSA Announces End of RSA Security Conference
-
Aims to bring clarity to cloudy marketing messages through exhibit hall
chotskies Bedford, MA., – April 1, 2014 – RSA, the security division of
EMC, today ...
Samsung Galaxy S5 could be cheaper than Galaxy S4
-
Good news for would-be Samsung Galaxy S5 customers - the main smartphone
may end up being more economical as opposed to Galaxy S4 was when it
established. ...
Why I _am_ Speaking At RSA 2014
-
There’s been quite a bit of drama with regards to whether or not to boycott
the RSA conference over a deal that the RSA security vendor had made with
the N...
Router backdoor reloaded...
-
S i vous avez aimé l'histoire de la backdoor D-Link, vous allez A-DO-RER
celle-ci. C'est encore sur /dev/ttyS0 que ça se passe, où on apprend que
les route...
One year after, end of Magnificent 7 project !
-
It has been a year already since the start of the Magnificient 7 program !
So what happened during this year ? We added some features to enhance your
analy...
Mobile Device Forensics - Course Update
-
It's been a few weeks since the last update, but things have been busy. The
Fall 2012 term is now in Week 5 (wow, the semester is flying by). We've
covered...
NWScript JIT engine: Wrap-up (for now)
-
Yesterday, I provided a brief performance overview of the MSIL JIT backend
versus my implementation of an interpretive VM for various workloads.
Today, I’l...