Exploiting Same Origin Method Execution Vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick a user to visiting a malicious web-page which…

Yet Another HeartBleed.

This Heartbleed Information Disclosure Vulnerability has pretty much been covered all over the internet today (8th April 2014).  As a one-page-stop summary, please read below: An online site exists to check vulnerabilities: http://filippo.io/Heartbleed/ Source Code available at: https://github.com/FiloSottile/Heartbleed A python script (thats much better): http://s3.jspenguin.org/ssltest.py A second version of above code with STARTTLS Support: https://gist.github.com/takeshixx/10107280 A good breakout of why the bug exists is here: http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html Watching twitter has been entertaining, login.yahoo.com has been leaking user…

RFID Wallets/Sleeves. How much Security do they provide?

With the increasing amount of RFID technology creeping into everyday life.  Just how much data can be obtained from your wallet?  At Pentura we undertook a small experiment where using standard off-the-shelf products, we would attempt to obtain personal information leaked from RFID enabled devices: UK Passport UK Bank Cards Debit/Credit Access Control Tokens Our experiment used standard unmodified off-the-shelf RFID equipment: 13.56MHz ACR-122U Reader Proxmark3 with LF antenna Proxmark3…

Whitehatsec’s Aviator

A new web browser is brought to us from Whitehatsec called Aviator, built for speed, security and privacy.  Its based on the Open-Source Chromium browser and can utilise many of Chrome’s browser plugins. The browser boasts that with every website you visit, you are potentially vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. That the “big browsers” don’t do enough…

Telephony Hacking and Fraud | Securing Telephony Systems

Telephony Fraud Telephony Hacking and Fraud is once again on the rise.  Phone Phreaking was common between the 60’s and 90’s; it allowed Phreakers to place free calls and access Remote Dial-In computers; from there they would add voicemail boxes, snoop on phone lines, add call forwarding etc. Phreaking once again is emerging with modern technology (VOIP, SIP, IAX etc).  Just like open web-services, that allow public internet users to…

WiFi Pineapple; Decrypting SSL Traffic on Mobile Applications

Introduction Most people view the WiFi Pineapple as in intrusive piece of kit. Marketed as a WiFi device that can trick unsuspecting clients to connect to the AccessPoint (AP) because the device is sending out Probe responses that match devices Probe requests.  From there a victim is then susceptible to Man-in-The-Middle (MiTM) attacks, interception and traffic manipulation.  The device has been famously used on Channel 4’s Derren Browns Apocalypse (http://en.wikipedia.org/wiki/Derren_Brown:_Apocalypse),…

Creating Your Own Certificate Authority | InteliSecure

Background Being a pentester I often have to tackle the issue of self-signed certificates on the internal network.  All our automated tools (Nessus, Nexpose, OpenVas) flag several SSL issues related to untrusted certificates, weak ciphers, weak hashing algorithms and self-signed certificates.  The usual advice is to disable weak ciphers, and to re-issue and re-sign the certificates.  The big question from customers is “But why should we purchase certificates for servers…

Pineapple Defences

Background With the previous post (Blue for the Pineapple); sharing instructions on how to create a cheaper and more affordable clone of the infamous Hak5 Pineapple.  Awareness has risen about the capabilities and exploitability of these WiFi honeypots.  This post will discuss possible defences against the pineapple: Setting Access Points to Use WPA2 or Enterprise Encryption SSL VPN Manual Connections

Ophcrack and Konboot

Floppies, CD-ROM’s and USB Drives Oh my! I’m going be doing a bit of an insight to physical  password attacks as in sat in front of your computer. I’m going to show you two tools, those tools are Ophcrack and Konboot the reason I have chosen these two is because firstly it’s incredibly easy to use these tools and also the two have different features of the common goal (compromising…

SHODAN Power…..

In this post I’ll demonstrate how search engine SHODAN can be used to identify and access unprotected network devices….and there are many such devices on the Internet.  Since SHODAN appeared onto the Internet scene, I’ve used it a fair bit for enumerating information from target address ranges.  I’ve also just finished watching a a great DEFCON 18 presentation titled SHODAN For Penetration Testing  by Michael Schearer  For those unaware, SHODAN…