Addressing the IT Skills Gap Part 1: Understanding the Current State

By Jeremy Wittkop, InteliSecure CTO People, process, and technology. Where do we turn when it is the people side of the equation we most need to address? An increasing number of organizations are asking this question as the shortage of cybersecurity talent continues to become more dire. There are more threats evolving every day and it seems there are legions of cyberattackers ranging from divisions of cyber militaries on the…

Security Tips for 2014

Based on the number of different types of attack over the previous year (2013).  Pentura thought they would release a small list of possible actions and supporting programs/tools that can be used to secure your assets in 2014. Back-up your data. (OSX – Time Machine, Windows – Acronis Backup Software, Linux – many solutions) Don’t use public WiFi AccessPoints without a VPN (e.g. Cloak, OpenVPN to a home server) Configure…

Bluetooth Sniffing – Why bother?

After the previous post Ubertooth – Open Source Bluetooth Sniffing, many have asked the question why? People can remember some of the original Bluetooth holes back between 2004-2008 but vulnerabilities are simply not common these days. Small list of vulnerabilities on Phones: Stealing Address Books from Nokia Phones. Remote Dialing 090* numbers. Blasting audio down headsets/car stereos. Depending on the Bluetooth implementation sometimes security and/or encryption is not applied.  As…

Ubertooth – Open-Source Bluetooth Sniffing

Background A few years ago, some security minded people and academics started looking into BlueTooth (BT) sniffing.  Commercial solutions were expensive, and the community really needed something cheap/affordable. The names: Dominic Spill & Andrea Bittau, I think were the pioneers that discovered that some cheap $30(USD) BT dongles could be re-flashed to a firmware that supported BT sniffing, and they created the Open-Source program csrsniff (http://darkircop.org/bt/bt.tgz), that allowed you to…

Creating Your Own Certificate Authority

Background Being a pentester I often have to tackle the issue of self-signed certificates on the internal network.  All our automated tools (Nessus, Nexpose, OpenVas) flag several SSL issues related to untrusted certificates, weak ciphers, weak hashing algorithms and self-signed certificates.  The usual advice is to disable weak ciphers, and to re-issue and re-sign the certificates.  The big question from customers is “But why should we purchase certificates for servers…

Access Control Part 3: Using the Big Guns!

Introduction Or rather miniature guns, that pack a powerful punch… Our previous posting on Access Control Part 2: Mifare Attacks, we demonstrated a weakness in some Mifare implementations. Our previous attack relied on the use of a single default key, and using the nested attack to eventually recover all keys for the card.  Additionally, we used a rather cheap and affordable ACR-122U reader that costs approximately $40(USD), and the attack process…

Access Control – Part 1: Magstripes Revisited

Background You would think in this day and age that everyone would be using RFID for access control on their buildings / environment. You’ll be surprised that magstripes are still quite commonly in use. But unlike hotels (at least the reputable chains I’ve stayed at, I’ve always held onto the keycard and then analysed the keycard back at the office) which appear to encrypt their data, the access control mechanism…

Oracle LFI Advisory (CVE-2013-1525)

Product Information Product: Oracle Retail Application : Retail Integration Bus Manager Affected Version: 13.0, 13.1, 13.2 CVE: CVE-2013-1525 Patch Information: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Discovered by: Andy Davies Reported by: Andy Davies Background Oracle provides retailers with a complete, open and integrated suite of business applications, server and storage solutions engineered to work together to optimise every aspect of their business. Top retailers worldwide use Oracle Retail solutions to drive performance, deliver critical insights and fuel growth…

SHODAN Power…..

In this post I’ll demonstrate how search engine SHODAN can be used to identify and access unprotected network devices….and there are many such devices on the Internet.  Since SHODAN appeared onto the Internet scene, I’ve used it a fair bit for enumerating information from target address ranges.  I’ve also just finished watching a a great DEFCON 18 presentation titled SHODAN For Penetration Testing  by Michael Schearer  For those unaware, SHODAN…

FlasHack (III)

Welcome back to the FlasHack posts, today we are going to discuss the Flash Local Shared Objects or also knows as Flash cookies. These are files used by Adobe Flash to store information related to the movies and store some information that is going to be interesting during a pentesting or a forensic assessment. They are stored in different places in each operating system: Windows %APPDATA%MacromediaFlash Player#SharedObjects<random code><domain><path – maybe°><object…