Background Image

Developer Blog

Found 18 results.

Jul 18

Malware Found In Arch Linux


3 or more packages in the Arch Linux user repositories were found to contain malware due to orphaned repository ownership changes, and the resulting packages in question are marked as follows. The packages themselves pose minimal risk but should be removed by anyone using Arch (or any Arch based distro) or anyone using Arch User Repo packages via apt or pacman via source change audits. 

acroread 9.5.5-8
balz 1.20-3
minergate 8.1-2

Read More

Apr 15

Black Hat Asia 2018


While Black Hat 2017 videos are still in my YouTube list we are already looking at the newest Black Hat 2018 videos. I'll include many but certainly not all of them in one article. This first video uploaded by Seunghun Han's Conference Video is regarding Shadow Box Version 2 and highlights how :"If you use kernel-level protection mechanisms with Shadow-box v2 (for ARM), then rootkits can not neutralize it and the system, Raspberry Pi 3, will be safe."  

Read More

Feb 19

Recent Software Bugs Hacks And Exploits


Mac users will be delighted to know that a single character can crash any existing Mac, Iphone, Ipad, and even watch os device. The character is a Telugu character from the native Indian language charset used by over 70 million people.  The potential for this character to be spammed across social media is fairly high. The attack doesn't seem to affect Skype however the character can disable third-party apps like iMessage, Slack, Facebook Messenger, WhatsApp, Gmail, and Outlook for iOS, as well as Safari and Messages for the macOS versions.  

Read More

Feb 05

EternalChampion EternalRomance EternalSynergy Ported To All Versions Of Windows


The Shadow Brokers - A group claiming to have stolen this code from the NSA - This code was included in the April 2017 Shadow Brokers Dump which was reported by Bleeping Computers on April 14th. A security researcher has ported the exploits to work on every existing version of Windows. The full article by Bleeping Computers can be found here. 

Security researcher Sean Dillon, aka @zerosum0x0, is who ported the Microsoft Server Message Block (SMB) exploits to work on Windows versions released over the past 18 years. - CSO reporting here on the exploit vectors.

The Shadow Brokers activities are reasonably well documented, and articles like this one from The Atlantic give an overview of their general representation by small media. These ported exploits in question were not altogether as popular as Eternal Blue (Used in Wannacry and related ransomware) but as there are now open source projects on Metasploit for these vulnerabilities/exploits, I suspect we'll be hearing more about this in the near future.     

Read More

Jan 23

Ransomware 2017-2018


By the 3rd quarter of 2017 64% of malicious email attacks contained one form of ransom ware or another. These attacks are on the rise so it seems prudent to disclose some information regarding these attacks, and perhaps some strategies for prevention and removal. Below we'll list the top 10 ransom ware attacks and below that some specific steps that can be taken.

Read More

Jan 16

AI Cyber Attacks VS Scripted Botnets


2017 is over and 2018 is already buzzing with thoughts about what role AI based cyber attacks will play in an evolving landscape. To be clear, artificial intelligence does not have to be either particularly clever, nor does it have to be significantly adept, to become a nuisance. A system that can do 20 scans per hour and only bother executing an exploit under even the most exacting specifications could be set and forgotten on a server, waiting for the unsuspecting visitor. If such a system targeted either a given IP range, a specific OS, or even a set of ssh keys that hadn't been changed from their defaults, such a system could prove devastating with very little functional intelligence.

Read More

 

Jan 10

VMware API Threats Explained


Enterprises often require that their IT teams have no access to data kept inside the machines they administer, a separation that is crucial for compliance, privacy and defense in depth. To this end, industries use VMWare's rich security model to separate the infrastructure domain from the guest machine domain. For example, most companies allow their IT teams to create, modify, backup and delete guest machines, but deny them guest machine operation functions such as file manipulation and console interaction. ~ By Ofri Ziv

Read More

Jan 05

Meltdown And Specter


Everything you know about hacking is probably going to change soon. Specter and Meltdown are "among" the first vulnerabilities that potentially make use of weaknesses in isolation layers. Layers that generally are protected from programs that might try to bypass them through more conventional exploitation. The x86 addresses and sinkholes - which are only documented by the manufacturers of processors in ways that read like censored encyclopedias, are in fact being documented in the wild by a few hackers - if not many. This means that anyone who knows how to fuzz a processor's microcodes and has enough time on their hands can in point of fact find exactly the kinds of exploitable snippets of microcode that would make use of vulnerabilities like the ones we are discussing.

Read More

Jan 02

Monolithic Vs Micro The Kernel Conundrum


Ancient scholars would debate endlessly about all things theoretical. They could imagine the factual basis for their arguments were completely valid, thanks mostly to confirmation bias. It happens once in a while that people come to such erroneous conclusions about things in the modern age, especially things like this. Many of you neither know nor care what a kernel even is, but it is an essential component of your computer's operating system, that determines how your machine will present your requests to the processors, memory, or controlled devices. It does little things like: running device drivers either within, or outside of itself in user space, determining where file systems are accessed, holding the modules that communicate through itself. This topic actually gave rise in the 1970's to a debate that still continues to this day, over whether it is better to use a Micro Kernel, or Monolithic Kernel. Many of those debating still rely on the same arguments in spite of decades of minor changes that pretty much negate any significant difference between these subsystems as anything more than a happenstance.

Read More

Dec 13

Why Kaspersky Is Now Banned From US Government Computers


Kaspersky Labs has a rich history as the maker of the worlds first true antivirus product. The company introduced heuristics based antivirus ages ago and long before any of it's competition. The company is based in Moscow and has operated well above the expected standard for a normal antivirus product. So why has the US government banned it's use recently? Are they really working with Russian government? Where is the evidence?

Read More

Nov 28

Getting Started In Information Security


Some of the challenges of breaking into information security as a career involve finding the right resources. Fortunately it is becoming easier and with the right mentality you can avoid becoming a pseudo expert by learning the real fundamental skills to make the constant evolution in a challenging field.

Read More

Nov 26

Why Linux Developers And Security Professionals Need Common Goals


In recent weeks we've heard how fuzzing is good for Linux, and how security professionals are posing dangers to the Linux kernel's functionality. Both of these statements were entirely fair, and both were from Linux creator Linus Torvalds. His instruction to: ""Do no harm,"" perhaps requires an overview of how security implementations often disable useful services, change commonly used protocols, and similarly can: "complicate existing infrastructures" in ways that can lead to general avoidance of use. From a developer's point of view, security is just one small aspect of a much larger picture. From a security perspective, it is a landscape full of weaknesses that were caused by poor planning by developers.  

Read More

Nov 24

Google Dorking 101


Google search terms used in penetration testing of websites. Google Dorking 101.

Operators which can be strung together to find hidden data via google search.

Read More

 

Nov 17

Sandsifter


How many times have you seen the list of updates on any given OS and wondered what went wrong? Security patches, bugfixes, upgrades, and even some of the stuff you know you aren't using seems to just need constant babying to keep it operational. Chances are you are using an x86 or x86_64 machine, but even on arm there are plenty of updates - just a bit less often. The reason that many of you don't really hear about is kind of a neat story.

Read More

Nov 14

Vulnerability Assessment Tools


Whether you prefer Windows or Linux there are steps you can take to improve your system's security and network topology. Step 1 is always information gathering, and that is true of your host system as well. No matter if you are a Pen Tester or just feeling anxious about people sniffing around your PC, these tools help.

Read More

Nov 13

Comparing Security Distributions Of Linux


In recent years I've had the opportunity to test and use many of the Linux Distributions, centered around information security. To be clear what I'll be doing in this article is evaluating overall impressions of the distribution, and not the specific tool sets. Many of the tools are suited to many IT tasks and might be confusing to use as a basis for comparison, especially considering they can generally be added to other distributions of Linux. Our evaluation will include overall performance, ease of use, adaptability, and scale, as these are the important factors to consider when selecting a tool for protecting an infrastructure.

Read More

Nov 13

Google's Bounty Hack


Mashable mentioned in an article, that Google is looking for hackers to participate in their challenge. The goal is of course to pay out $1000 in addition to the reward from any given app exploited and reported. To quote the article: "Here's how it works. If you find a security vulnerability in one of the participating apps, you can report that vulnerability to the developer, and work with them to fix it. When the problem has been resolved, the Android Security team will pay you $1,000 as a reward, on top of any reward you get from the app developer."
As an example of what they might expect - I'll offer the following:

Read More

Nov 13

At Home Pen Test For Kali


Whether you are just looking for something to do with a weekend, or are trying to get enough experience with testing to start a career in Cyber Security, practical exercises can be hard to come by. I'll share a few videos here and make a few suggestions, and depending on the questions we get this might become a regular feature here.

Read More
RSS