What is SIGTRAN? SS7? SCTP?

Introduction SIGTRAN is the name, derived from signaling transport, of the former Internet Engineering Task Force (IETF) working group that produced specifications for a family of protocols that provide reliable Datagram service and user layer adaptations for Signaling System 7 (SS7) and ISDN communications. The SIGTRAN protocols are an extension of the SS7 protocol family. It supports the same application and call management paradigms as SS7 but uses an Internet Protocol (IP) transport called Stream Control Transmission Protocol (SCTP). Indeed,…

ATM In-Security in 2013 | ATM Security Flaws & Vulnerabilities

Introduction With the recent SecTor security conference in Toronto Canada, once again ATM security flaws have risen to the top of the agenda.  ATM flaws have become wide-stream knowledge since Barnaby Jack showed off his ‘Jackpotting‘ attack.  ATM flaws have once again become a hot-topic since the late Barnaby’s demise two weeks prior to this years Blackhat conference (USA 2013) where he was going to present about Pacemaker flaws.  Barnaby…

Bluetooth Sniffing | Bluetooth Vulnerabilities | InteliSecure

After the previous post Ubertooth – Open Source Bluetooth Sniffing, many have asked the question why? People can remember some of the original Bluetooth holes back between 2004-2008 but vulnerabilities are simply not common these days. Small list of vulnerabilities on Phones: Stealing Address Books from Nokia Phones. Remote Dialing 090* numbers. Blasting audio down headsets/car stereos. Depending on the Bluetooth implementation sometimes security and/or encryption is not applied.  As…

Domain Password Audits | InteliSecure

Background With Anti-Virus technology continuing to block auditing/hacking tools like pwdump/fgdump, the ability to audit passwords on a domain is starting to increase in difficultly.  In a series of recent audits it has been challenging to extract the domain hashes, and upon using familiar common tools like pwdump the Windows Security Accounts Manager (SAM); surprisingly only reveals two accounts, where we would expect a long list of domain hashes. Example Output: Administrator:500:3CED43EE2B6F79553F211111D2509C89:2A39F8C2138329F953111D035C1E99AB::: Guest:501:C5C111117DB4E3E7C1E86A266265BCA9:F6B11111D3531AA18821F8B087AE2610::: These…

Ophcrack and Konboot

Floppies, CD-ROM’s and USB Drives Oh my! I’m going be doing a bit of an insight to physical  password attacks as in sat in front of your computer. I’m going to show you two tools, those tools are Ophcrack and Konboot the reason I have chosen these two is because firstly it’s incredibly easy to use these tools and also the two have different features of the common goal (compromising…

HOWTO: Using MBSA remotely

When it comes to performing a security assessment of Windows servers (SQL, ISA, IIS etc), the Microsoft Baseline Security Analyzer (MBSA) tool provides a good idea of the key security settings implemented on the Windows server being audited.   MBSA v2.1 One drawback though is MBSA v2.1 needs admin privileges on the remote Window server and offers no way of specifying alternate admin credentials in its GUI…what if you’re MBSA client…