Hacking News (26 Posts)

1 2 3 . Last - Previous >>

How to build a Red Team and Why?

I recently gave a talk at the Rant Forum in London on the topic of "RedTeam, why this is more than a buzz word?". It was an interesting experience and whilst different from traditional security events, as the crowd can and will interrupt you at any time, it was very enjoyable.
Many attendees asked if I could produce some "slides" after the talk. As no slides were used, below is a collection of notes from wich the talk was based on.

In this post we will explain what RedTeam is, how does it fit with other similar security services and what advantages does it bring to an organisation. We will also look into what works? what doesn’t? And where is this “new” type of service going?
1. DEFINITION
A Red Team is part of a trio of services which increases in sophistication: Vulnerability Assessment, Penetration Testing and then Red Teaming. We will d...
>>[READ MORE]


RANT FORUM - Red Team Recipes Presentation

I will be giving a talk tomorrow evening, the 28th of November at around 6pm, in London at the Risk and Network Threat (RANT) Forum .

The topic is:
Why RedTeam is more than just a buzz word? What works? What doesn't? And where is this "new" type of service might be going? All those questions answered by someone who is actually delivering Red Team activities.

Registration is free, you get free drinks and food... plus you get to hear me talk, so what is not to like?! :)

You can register HERE

The RANT Forum is quite different from your typical free security briefing, for a start it is not a sales forum. However, the company behind it is a recruitment agency, so they are still interested in taping the UK Security professional community!
...
>>[READ MORE]


IDS used as a Network Forensic Tool

Note: This is the second post of a two parts series on how to use IDS in a different way.

Intrusion Detection Systems are traditionally seen as Defensive tools. They can however be used for different purposes than initially designed for as highlighted in the previous post , where we discussed how IDS could be used as an offensive tool.
The popularity of pre-configured/packaged IDS environments such as SELKS or Security Onion provide various software packages and Graphical User Interfaces to navigate through large volume of data by parsing/categorising/filtering it automatically.

More importantly, such systems are starting to provide mo...
>>[READ MORE]


IDS used as an Offensive Security Tool

Note: This is the first post of a two parts series on how to use IDS in a different way.

Intrusion Detection Systems such as Snort and Suricata are traditionally seen as Defensive tools, and in essence they are. They can alert on security issues occurring on your network such as Botnet Activities, network based attacks, hosts/servers activities and vulnerabilities.

That last point is important.

It is important because that same information used for defence activities, could be used by an attacker as part of an attack reconnaissance. For example, being able to identify a list of hosts that use outdated SSH/SSL servers, a vulnerable Flash Client or other vulnerable software/services; HTTP logs highlighting users web activities, clear text passwords, etc.
When looking at an IDS that way, it becomes a passi...
>>[READ MORE]


iOS Backdoors

In the last few days there has been an increasing noise related to some iOS backdoors. Apple does not deny they exist, but contests how they can be used.

This is not new, and the security researcher who presented his findings did highlight that, it is likely related to methods being used by certain forensic software sold to law enforcement.
What is “concerning” is the following:
– These backdoors are actively maintained and developed by Apple, how much more data will they allow to be extracted from iOS device in future;
– Those backdoors provide access to SMS, Contact, and other potential sensitive data on the phone; they also allow to bypass full disk encryption. This highlight the fact that unless you phone is off, the data on your phone is no longer encrypted per say, but only protected by access control (PIN);
– If it can be used by law enforcement, it can be used by “greyer” parties ...
>>[READ MORE]


Bluetooth under attack

I have heard of Ubertooth for a while now and it seems it use to attack bluetooth devices keep growing. Once recent attack described HERE can leverage the Ubertooth sniffing capability to crack the encryption algorithm used by the Bluetooth Low Energy (BLE) standard. BLE is also referred to as Bluetooth Smart.

 

Sure, BLE/Bluetooth Smart is different from Bluetooth, but it issupported by most recent mobile devices (i.e.: the latest iPads and iPhone as well as some Android devices), and will be increasingly used in “smart” appliances, from toothbrushes to fridge if you believe this >>[READ MORE]


Using a phone as a keylogger, next it will be a smartwatch!

There is an interesting paper from Georgia Tech College describing a clever proof of concept where a phone is used to eavesdrop on keystrokes.
This is done by leveraging the phone motion sensor capability and placing it next to a keyboard. They managed to create a dictionary of words/vibrations that is able to recognise words typed on a keyboard just by analysing the vibrations made from typing.
Of course, you are likely to notice someone’s else phone sitting next to your keyboard but what if your phone got hacked and that software loaded onto it?

They conducted their proof of concept on an iPhone 4 but this is likely to be also possible on other platforms/devices.

In fact, with upcoming smart watches this concept will be even more relevant! Now I can see a use for that Apple M7 chip! ;)

As I am typing this note, my phone is next to my keyboard. Maybe I should move it awayR...
>>[READ MORE]


A new iOS 6.1 hack

As seen on the Hacker news, there is currently a way to bypass the iPhone lock screen (iPad with SIM too?) running iOS 6.1.x

I had to change the steps listed in “The Hacker news” slightly for it to work:
-Go to emergency call, push down the power button and tap cancel.
-Dial 112 and tap green and inmediately red.
-Go to lock screen, by pressing the power button
-Go to passcode screen, by pressing the home button
-Keep pushing down the power button …1…2…3…seconds and before showing the slider “turn off”…tap the emergency call button and …voil!
-Then without releasing the power button press the home button and let go…

From there you gain full access to the phone application and can change/add/delete contact, as ...
>>[READ MORE]


Old tricks will always work…

There is something about deception, it can bypass a lot of security controls through a very basic principle, to make you believe about something that isn’t there. It is a bit like magic.

Like this WEBSITE, where you can see an example of what the new HTML5 fullscreen function could make you believe. That you are on a bank website, where in fact you are on a phishing site. The previous link is harmless and only serves as an example, one I would advise you to try yourself (you can’t enter any details anyway in case you haven’t understood it isn’t really a Bank of America website).

Basically, they use the HTML5 Fullscreen function to recreate your browser TABS and URL. If you are not used to browse the internet in full screen mode then you would see the trickstraightaway. However, if you are following the trend to browse in full screen mode, especially on mobile phones or on MACs where app...
>>[READ MORE]


Wipe out/Factory Reset some Android’s phones

According to this FRENCH WEBSITE, a major security vulnerability has been disclosed at the Ekoparty 2012Security Conferencewhich affects some android handsets. It it is possible to reset those affected handsets to factory default settings and in the process wipe out all data.This vulnerability exploits a “secret” code that can be used to trigger the factory reset automatically, without asking any confirmation from the user. That code is:*2767*3855#

There are different methods known to date to push that code onto those handsets:

– SMS in Wap Push mode (where the user would have to click on a link)

– QR Code

– NFC Protocol

Or… if users go to some websites where either

<frame src="tel:*2767*3855%23" />... 
>>[READ MORE]