Exploiting Same Origin Method Execution Vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick a user to visiting a malicious web-page which…

Whitehatsec’s Aviator

A new web browser is brought to us from Whitehatsec called Aviator, built for speed, security and privacy.  Its based on the Open-Source Chromium browser and can utilise many of Chrome’s browser plugins. The browser boasts that with every website you visit, you are potentially vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. That the “big browsers” don’t do enough…

Telephony Hacking and Fraud | Securing Telephony Systems

Telephony Fraud Telephony Hacking and Fraud is once again on the rise.  Phone Phreaking was common between the 60’s and 90’s; it allowed Phreakers to place free calls and access Remote Dial-In computers; from there they would add voicemail boxes, snoop on phone lines, add call forwarding etc. Phreaking once again is emerging with modern technology (VOIP, SIP, IAX etc).  Just like open web-services, that allow public internet users to…

WiFi Pineapple; Decrypting SSL Traffic on Mobile Applications

Introduction Most people view the WiFi Pineapple as in intrusive piece of kit. Marketed as a WiFi device that can trick unsuspecting clients to connect to the AccessPoint (AP) because the device is sending out Probe responses that match devices Probe requests.  From there a victim is then susceptible to Man-in-The-Middle (MiTM) attacks, interception and traffic manipulation.  The device has been famously used on Channel 4’s Derren Browns Apocalypse (http://en.wikipedia.org/wiki/Derren_Brown:_Apocalypse),…

Creating Your Own Certificate Authority | InteliSecure

Background Being a pentester I often have to tackle the issue of self-signed certificates on the internal network.  All our automated tools (Nessus, Nexpose, OpenVas) flag several SSL issues related to untrusted certificates, weak ciphers, weak hashing algorithms and self-signed certificates.  The usual advice is to disable weak ciphers, and to re-issue and re-sign the certificates.  The big question from customers is “But why should we purchase certificates for servers…

Pineapple Defences

Background With the previous post (Blue for the Pineapple); sharing instructions on how to create a cheaper and more affordable clone of the infamous Hak5 Pineapple.  Awareness has risen about the capabilities and exploitability of these WiFi honeypots.  This post will discuss possible defences against the pineapple: Setting Access Points to Use WPA2 or Enterprise Encryption SSL VPN Manual Connections

Ophcrack and Konboot

Floppies, CD-ROM’s and USB Drives Oh my! I’m going be doing a bit of an insight to physical  password attacks as in sat in front of your computer. I’m going to show you two tools, those tools are Ophcrack and Konboot the reason I have chosen these two is because firstly it’s incredibly easy to use these tools and also the two have different features of the common goal (compromising…

SHODAN Power…..

In this post I’ll demonstrate how search engine SHODAN can be used to identify and access unprotected network devices….and there are many such devices on the Internet.  Since SHODAN appeared onto the Internet scene, I’ve used it a fair bit for enumerating information from target address ranges.  I’ve also just finished watching a a great DEFCON 18 presentation titled SHODAN For Penetration Testing  by Michael Schearer  For those unaware, SHODAN…

Mixed content in different browsers

In security, one of the most old and famous attacks is Man In The Middle attack. With this technique we can read all the packets the user is sending to a server and analyse it. The solution? Use a secure layer to encrypt all the traffic. This, for web sites, require that the user browser use the HTTPS protocol. This relay in the authenticity of the server certificate and the…