Cyberdolphin. The story of Flipper — hacker’s Swiss Army knife

Date: 26/06/2020

Hacking and pentesting are normally associated with hours-long sitting at your computer, but this is not quite so: many devices and wireless networks can be accessed only personally. In such situations, you need a hacking multitool – portable and suitable for ‘field work’. While some people are only dreaming about such a miraculous device, others are going to launch its mass production soon. The forthcoming tool is called Flipper.

Read full article →


Android 6.0 permissions in protection and attack

Date: 09/02/2016

Everyday, new vulnerabilities are discovered in mobile devices that can be exploited by intruders. They can send an SMS to a pay-per-call number, they can collect and sell a large database of contact details, and they can also compromise a specific individual. Successful exploitation of a vulnerability requires that a whole range of conditions are met. There is another way, however! Provide the user with a really useful application (a game with birds), whose manifest contains a list of device information that we are interested in. In this article, we will look at ways of obtaining and saving important information from an Android device.

Read full article →


Hidden threats of the IPv6

Date: 28/10/2015

The most conservative estimates indicate that, by the end of 2015, the share of IPv6 traffic will reach at least 10%, and this growth will continue. A special protocol for regional registries also came into force recently. Now, a new block of IPv4 addresses will be issued only if the company proves it has already implemented IPv6. So if anyone needs a subnetwork of white IPv4 addresses, they will need to implement IPv6. This fact will also encourage the further growth of IPv6 systems and lead to an increase in traffic. As far as ordinary users are concerned, providers began appearing all over the world, issuing real IPv6-addresses to end subscribers. And so, IPv6 will be encountered more and more often, and that’s a fact we cannot ignore.

Read full article →


What data Windows 10 sends to Microsoft and how to stop it

Date: 14/10/2015

Since its rise Windows was a natural habitat for all kinds of malware. Now the OS itself seems to have become one big trojan. Right after being installed it starts acting weird. The data flows in rivers to dozens of servers belonging to Microsoft and its partner companies. We will try to look into complaints of espionage manners of Windows 10 and find out what data it sneaks and where it sends it.

Read full article →


Сode injections for Windows applications

Date: 14/10/2015

Code Injection is a process of injection code (often malicious) into third party application’s memory. A lot of software is using this technique: from malware to game bots. To show this approach, let’s try to execute third party application’s internal function with our own parameters, hacking simple application. Warning, C and debugger knowledge are required!

Read full article →


Hackbook #197. Set up Cisco as server, SOP bypass for Flash and others

Date: 04/08/2015

Task: Set up Cisco as server

Today we are going to cover the topic of Cisco-device (routers, switches) hacking, so to say, carrying on with the once started. Here I would like to amend the information which was presented in the previous issue. First, these devices have not two but three variants of user isolation: by password only, by login and password, or in “AAA” model (also by login and password). There seems to be no practical difference for a pen tester, but we’d still better rely on valid information.

Read full article →


Oracle DB vulnerabilities: the missing pentester handbook

Date: 29/07/2015

Outer Perimeter: The Listener is under Attack

Those who ever came across this database know that Oracle DB interacts with its external environment by using a listener, which is a kind of balancer. The listener listens to port 1521 and resolves incoming connections depending on the requested database. One listener allows you to serve different databases. Also, in some cases, it allows to launch DoS and RCE attacks against the server. The audit of an Oracle database usually begins with attacks against the listener service. A priority task that you need to resolve in order to connect to the listener is to get SID, a kind of unique database identifier. Without it, the listener will not communicate with you. Sh2kerr once wrote an excellent research paper on this subject (Different ways to guess Oracle database SID).

Read full article →


7 non-trivial ways to hack your MySQL Database

Date: 20/07/2015

We will start with a definition. MySQL is a relational database management system with different data storage engines, such as MyISAM, InnoDB, Archive and others. Like most open source projects, it has its own branches, for example, MariaDB. Before going into details, I would like to mention that most of discussed vectors/techniques/bugs apply to various engines and branches, though not always.

Read full article →


Dive into exceptions: caution, this may be hard

Date: 15/07/2015

__try

Suppose that you are facing a practical task that requires a full implementation of exception handling in a code embedded in someone else’s process, or you are creating your next PE packer/cryptor to ensure the functionality of exceptions in an unpacked image. In any case, it all comes down to the fact that the code using the exceptions is executed outside the image projected by the system boot loader, which will be the main cause of your problems.

Read full article →


Building kernel modules and native Linux applications for Android

Date: 07/07/2015

As everybody knows, Android has the foundation of the Linux kernel. This implies that in theory you can run on a smartphone all the applications that are available on desktop Linux. In practice, everything is more difficult. Since the set of Native libraries in Android differs from that on the desktop (not to speak of the platform architecture), the applications need to be compiled statically. And sometimes to be patched, as well. But in this case too, the application operation is not always guaranteed.

Read full article →


Welcome, Sails.js! The Missing Rails for Node.js

Date: 15/06/2015

Node.js is really cool, but the abundance of powerful frameworks that simplify the development of web applications for other programming languages was a significant deterrent to the popularity of the use of JavaScript on servers. Many people needed a simple tool, one like your favorite RoR, Yii or ASP .NET MVC. The community of JavaScript aficionados worked hard on correcting this unfortunate situation, and several interesting solutions emerged as a result. Each of them has their own arsenal of killer-features, but in all that diversity I was attracted by an ambitious project hidden under modest title Sails.js.

Read full article →


Full kit of a Security Officer for $100

Date: 09/06/2015

Our goal is to collect a kind of carry-on criminalistic handbag that would be available to general public as long as be compact, obtainable and legal.

So, all the gadgets in out kit are supposed to correspond to further parameters:

  • Legality
    Which means an absolute legitimacy in terms of purchase, transportation, and storage of gadgets. The usage stands slightly isolated, because, for example, we can use certain devices absolutely legally anywhere, while the usage of some other ones in terms of special institutions, or against certain individuals, and moreover, for personal purposes could end up with administrative or criminal responsibility.
  • Cheapness
    Quite important parameter. As a rule, we can get anything, it is always just the matter of price. Well, the devices that we are going to review in the article have quite moderate price range available for most people.
  • Accessibility
    Anyone could find all the components with little effort, which is to say except those that are designed for certain certified organisations, legal persons, furthermore, except those gadgets and devices that could be distributed only on designated area.
  • Easy handling
    In my opinion, this is one of the most important parameters. That means that anyone could use a gadgets after briefing.
  • Portability
    Here, everything is obvious: small size, light weight in order to ergonomic placement in our criminalistic handbag or organizer, as long as workability.
  • Portability
    That means the gadget could work off-line or urges for minimum requirements and little dependence on other devices. For example it could work on different software, in case if it is supposed to be connected to a computer or smartphone.

Read full article →


Complete guide for *nix backup solutions

Date: 01/06/2015

The aspect of backup saving (and storage) is, certainly, one of the most important in the world of information: why would anyone want to lose his/her data as a result of the error (whether software or hardware error)? Since, there is a wide array of backup tools. I list the most necessary requirements, in my view, to these tools:

  • Ease of automation and the very existence of such. However, this requirement is almost completely balanced by the presence of Cron in all the general purpose *nix distributives. Still, backing up is just the very case when you should not put all your eggs in one basket.
  • Supported media and network backups. A backup tool can be arbitrarily remarkable, but if it supports only a limited set of media available for storing backups, then it is not worth a button. Creation of backups via network (including cloud) storages stands alone. Here appears the aspect of encryption and transmission of data and of backups themselves.
  • Ease of recovery. I suppose, comments are needless here, because if the loss of data has occurred, its recovery should be as quick and painless as possible.
  • Ease of initial configuration. This requirement is, of course, debatable since backup creation is configured only once. However, people often make a choice in favor of far less functional tools only because of their simplicity.

I did not make it a point to describe in details this or that tool — it is possible to write a separate book or at least an article almost about each of them. Here is just a brief overview of them.

Read full article →


Review of ROSA Fresh Desktop 4

Date: 25/05/2015

ROSA Linux has no less than seven variants:

  • ROSA Enterprise Desktop X 1 is recommended for use in a corporate environment and is designed to equip the workstations and servers without special requirements for information security;
  • ROSA Enterprise Linux Server is, in fact, yet another clone of RHEL with some additions from the corporate variant of Mandriva;
  • ROSA Desktop Fresh is the most recent distribution that contains the latest improvements from the developer;
  • ROSA CHROME is a distribution certified by the Russian Federal Service for Technical and Export Control (FSTEC of Russia) and is designed for work with the state secrets;
  • ROSA NICKEL has the similar purpose as the previous variant, but it is certified by the Russian Defense Ministry;
  • ROSA COBALT is certified by FSTEC of Russia, including for the work with personal data.

Unfortunately, the last three distributions are not publicly available, and there is no point to talk about ROSA Enterprise Desktop and Server, so this article will focus on the recently released ROSA Desktop Fresh R5.

Read full article →


Building weather station with STM32F3DISCOVERY and WizFi220 Wi-Fi module

Date: 18/05/2015

Key to start

First goes the list of the components I used:

  1. Debug board STM32F3DISCOVERY.
  2. KS0108 controller based screen (in my case, it is Russian MT-12864A).
  3. WizFi220 Wi-Fi module.

Firmware may be developed at least in two IDEs: Keil Embedded Development Tools for ARM and IAR Embedded Workbench. I use the first one, but if you are interested in the other one, you will need IAR Embedded Workbench for ARM due to peculiarities of IAR.

Read full article →


Mobile backend for mobile hacker

Date: 13/05/2015

Currently, the backends focused on certain needs of application developers are actively “built” upon “low-level” cloud systems (bare virtual servers and virtual file storages). The so-called backend as a service (BaaS) are in really good demand with mobile software developers, due to which now the differences between BaaS and Mobile BaaS (MBaaS) are almost blurred out. MBaaS-services are very popular with online-games developers and start-up projects, because they help spare an ocean of resources and time for development and maintenance of server infrastructure. Today it’s possible both to connect client side to cloud storage, user maintenance service, social services, etc., and to bring the working prototype to operation within several hours and free of charge.

Read full article →


Let’s learn the basics of build automation with the help of Rake

Date: 04/05/2015

Any software development project is always associated with the automation of related routine tasks. Initially, IDE and a pair of manual operations will be enough for you. Then, the number of body movements begins to grow: you need to perform multiple sets of tests, embed various certificates, execute scripts in the database, generate documentation on the code, and so on. You also need to perform these and other operations on the Continuous Integration server. In addition, you may need to deploy applications on production servers (if we’re talking about a client-server solution). To automate such tasks, programmers sometimes create sets of batch or shell scripts, but more often, the team of developers comes to some consolidated decision.

Read full article →