A few months ago I took an interest in the layer 2/3 protocols (and their implementations) for mobile networks. I quickly arrived at SIM card hacking and like a young schoolboy thought, “man if only I could MitM the hardware communication I could spoof other’s SIM cards and use free Internet!” Nope. Well, not nope, but it’s not that easy.
My first accepted workshop paper, accepted to USENIX WOOT 2011, was called "SkyNET: A 3G-enabled mobile attack drone and stealth botmaster". Catchy name, right? Check out the project page if you'd like a review. After the paper was published, presented, and let lie for a month, the project caught the attention of MIT Technology Review. Shortly after the story was published tons of other websites started duplicating and running their own. The relation between UAVs and "Skynet" did the trick in attracting media attention. Unfortunately there's very little AI incorporated thus far into the project. Nevertheless, it's been a blast reading the various comments on the project.
I want to make this as concise as possible, but I haven't written in a while, so stick with me.
Rock the Flag, network, (RTFn) is a project started by myself, and my friends Mike and Nick, designed to help students play Capture The Flag (CTF) competitions. RTFn's goal is improved CyberSecurity education through CTF competitions. We hope to improve CTF experiences with extracted-and-visualized team reports per-event. The software implements robust logging, with the help of the users, to identify trends. These trends help users identify their team strengths and weaknesses, while profiling each competition they play. At the base of RTFn is an Etherpad (real-time document collaboration on steroids) installation with three major changes.
Finding vulnerabilities is fun, but following through with assessing exploitability is my favorite. This is a review of something I found very entertaining. An example of using a small stored XSS vulnerability on a simple web application to do complicated results manipulation.Read More
I ran into an interesting situation the other day which I expected would have more documentation online.
Situation: You have a multi-homed router and you would like to route traffic based on client IP addresses, or the source address. In my case I wanted a /24 (Net 1) to be directed (forwarded) through interface A, and another /24 (Net 2) to be forwarded through interface B. In my case I also NATed traffic forwarded to interface A.
This is called source address routing or policy-based routing.
Last week I decided to steal an Internet kiosk from outside the Student Service Center of my university. It's not terribly exciting, but here's the story; it all begins a long long time ago...
There are tons of articles on the subject of spamming with trackbacks, and a few helpful plugins to help improve Wordpress trackbacks. But I couldn't find a nice proof-of-concept spam exploit of the trackback protocol so here we go!
...Continued from Part 1.
I was able to extract the shellcode from the attacks in June and July. I opened the X86 code in IDA Pro and was baffled, I knew it would take time and research to figure out what the attacker was trying to accomplish. Though I could easily see that part of the code was trying to bootstrap a malicious binary. Since then I've read a paper titled "Understanding Windows Shellcode" (by skape firstname.lastname@example.org) which explained what our friend Pat Casey was doing, almost line by line.
I'm going to call this: The Legend of Pat Casey. Keep reading to find out why, but I'm pretty sure there are no villains involved named Pat, nor Casey. The story begins in late June into early July when I became interested in malware analysis and subsequently, reverse engineering.