Hidden threats of the IPv6

The most conservative estimates indicate that, by the end of 2015, the share of IPv6 traffic will reach at least 10%, and this growth will continue. A special protocol for regional registries also came into force recently. Now, a new block of IPv4 addresses will be issued only if the company proves it has already implemented IPv6. So if anyone needs a subnetwork of white IPv4 addresses, they will need to implement IPv6. This fact will also encourage the further growth of IPv6 systems and lead to an increase in traffic. As far as ordinary users are concerned, providers began appearing all over the world, issuing real IPv6-addresses to end subscribers. And so, IPv6 will be encountered more and more often, and that’s a fact we cannot ignore.

Read full article →


How to keep an eye on someone through an Android phone without bothering the owner

Everyone cares about their significant others' security. We all know that feeling when your calls are not answered and your Whatsapp messages not marked as read. In a moment like that you would do a lot to have any idea what is happening there. Although cell phone carriers offer geolocation services to locate another user, knowing your girlfriend is somewhere in the middle of Main Street will barely help. So what can we do about it?

Read full article →


What data Windows 10 sends to Microsoft and how to stop it

Since its rise Windows was a natural habitat for all kinds of malware. Now the OS itself seems to have become one big trojan. Right after being installed it starts acting weird. The data flows in rivers to dozens of servers belonging to Microsoft and its partner companies. We will try to look into complaints of espionage manners of Windows 10 and find out what data it sneaks and where it sends it.

Read full article →


How to use WSUS to get control over Windows

This was one of the most interesting attacks showed on Black Hat Las Vegas 2015. Let’s imagine the situation: there’s a large park of Windows computers in a large organization, and they all need to be updated. Obviously, getting all of them to download updates over the Internet is both pricy and uncomfortable. The common solution is a WSUS (Windows Server Update Services) server, which is used to manage updates. It downloads the updates and delivers them to all other computers.

Read full article →


0-day attacks using “keep-alive” connections

Before turning to unconventional methods of usage, I will describe how “keep-alive” is working. The process is utterly simple – in a connection, multiple requests are sent instead of just one, and multiple responses come from the server. The benefits are obvious: there is less time spent on establishing connection, less load on CPU and memory. The number of requests in a single connection is usually limited by settings of the server (in most cases, there are at least several dozen). The procedure for establishing a connection is universal.

Read full article →


7 non-trivial ways to hack your MySQL Database

We will start with a definition. MySQL is a relational database management system with different data storage engines, such as MyISAM, InnoDB, Archive and others. Like most open source projects, it has its own branches, for example, MariaDB. Before going into details, I would like to mention that most of discussed vectors/techniques/bugs apply to various engines and branches, though not always.

Read full article →


TOP–10 ways to boost your privileges in Windows systems

Well, how could we ‘boost’ privileges on Windows? First of all, we should say that there were found, lately, a lot of vulnerabilities regarding fonts parsing which make the process of privileges elevation rather simple as long as we have a proper exploit. If you use the Metasploit then you need only one command to get the system shell. However, it will only work if the system is not fully patched. In case if the machine has all the updates installed, despite the Linux, we will not be able to find SUID-binaries in here, furthermore the environmental variables usually do not transmitted to services or processes with higher privileges. So, what we can do then?

Read full article →