ATM In-Security in 2013 | ATM Security Flaws & Vulnerabilities

Introduction With the recent SecTor security conference in Toronto Canada, once again ATM security flaws have risen to the top of the agenda.  ATM flaws have become wide-stream knowledge since Barnaby Jack showed off his ‘Jackpotting‘ attack.  ATM flaws have once again become a hot-topic since the late Barnaby’s demise two weeks prior to this years Blackhat conference (USA 2013) where he was going to present about Pacemaker flaws.  Barnaby…

Proxmark3 – Adding Ultralight Support

Introduction The Proxmark3 appeared to be missing Mifare Ultralight support.  The ability to identify Ultralight cards was present within the ‘hf 14a reader‘ command. However the facility to read and write cards was sadly missing. But no worries as the protocol and instruction set is essentially the same as Mifare Classic; the only difference is standard Ultralight cards do not need authentication, and encryption and the Block size is 4…

Proxmark3 Client Native on Android | InteliSecure

Proxmark3 Client Native on Android A member of the Proxmark3 community known as Asper has managed to cross-compile the proxmark3 client for the Android platform.  Depending on the model of your phone (it needs to be rooted), and so long as you have (or can install) the cdc-acm kernel module.  This eliminates the need for custom ROMs or even a chrooted environment (such as a chrooted Kali install). You can…

Bluetooth Sniffing | Bluetooth Vulnerabilities | InteliSecure

After the previous post Ubertooth – Open Source Bluetooth Sniffing, many have asked the question why? People can remember some of the original Bluetooth holes back between 2004-2008 but vulnerabilities are simply not common these days. Small list of vulnerabilities on Phones: Stealing Address Books from Nokia Phones. Remote Dialing 090* numbers. Blasting audio down headsets/car stereos. Depending on the Bluetooth implementation sometimes security and/or encryption is not applied.  As…

Ubertooth – Open-Source Bluetooth Sniffing

Background A few years ago, some security minded people and academics started looking into BlueTooth (BT) sniffing.  Commercial solutions were expensive, and the community really needed something cheap/affordable. The names: Dominic Spill & Andrea Bittau, I think were the pioneers that discovered that some cheap $30(USD) BT dongles could be re-flashed to a firmware that supported BT sniffing, and they created the Open-Source program csrsniff (http://darkircop.org/bt/bt.tgz), that allowed you to…

Creating Your Own Certificate Authority | InteliSecure

Background Being a pentester I often have to tackle the issue of self-signed certificates on the internal network.  All our automated tools (Nessus, Nexpose, OpenVas) flag several SSL issues related to untrusted certificates, weak ciphers, weak hashing algorithms and self-signed certificates.  The usual advice is to disable weak ciphers, and to re-issue and re-sign the certificates.  The big question from customers is “But why should we purchase certificates for servers…

Proxmark3 RFID Hacking / Research | Access Control Part 3

Introduction Or rather miniature guns, that pack a powerful punch… Our previous posting on Access Control Part 2: Mifare Attacks, we demonstrated a weakness in some Mifare implementations. Our previous attack relied on the use of a single default key, and using the nested attack to eventually recover all keys for the card.  Additionally, we used a rather cheap and affordable ACR-122U reader that costs approximately $40(USD), and the attack process…

Proxmark3 Client Compilation on OSX 10.7+

Recently, I tried to compile the proxmark3 client on OSX using the most recent codebase from the SVN (r756).  I was plagued by errors, regarding the use of QT and missing frameworks.  Consensus on the forums was to strip the QT libraries from the Makefile, and recompile. But the client object files hook a lot of graphical calls useful for researching tag modulation.  Stripping QT is just not an acceptable…

…Yellow for a slice of Pineapple Pi…

First we brought you “Blue for the Pineapple…” a cheap Access Point and hack to make the Pineapple Project more affordable for students/researchers or even pentesters as a cheap expendable throwaway pwn-box. The plan to port the Pineapple was always on the cards, especially after the successful port to the TPLink AP.  After several inquisitive comments and emails we bring you an update… …a slice of Pineapple Pi .

Hackbar tricks

After using for more than 4 years this Firefox extension I discovered a couple of tricks that can help you in your testings. These are not really Hackbar tricks or features but HTTP/HTML ones. The order of parameters doesn’t matter: If you are testing a web page with a lot of parameters you can reorder them in the way you want. Sounds obvious but not too many people realize it……