SIM card curiosity, and a little Hardware Hacking

A few months ago I took an interest in the layer 2/3 protocols (and their implementations) for mobile networks. I quickly arrived at SIM card hacking and like a young schoolboy thought, “man if only I could MitM the hardware communication I could spoof other’s SIM cards and use free Internet!” Nope. Well, not nope, but it’s not that easy.

Read More

Adventures in UAV Hacking

SkyNET demo flight SkyNET Drone

My first accepted workshop paper, accepted to USENIX WOOT 2011, was called "SkyNET: A 3G-enabled mobile attack drone and stealth botmaster". Catchy name, right? Check out the project page if you'd like a review. After the paper was published, presented, and let lie for a month, the project caught the attention of MIT Technology Review. Shortly after the story was published tons of other websites started duplicating and running their own. The relation between UAVs and "Skynet" did the trick in attracting media attention. Unfortunately there's very little AI incorporated thus far into the project. Nevertheless, it's been a blast reading the various comments on the project.

Read More

Rock The Flag network, CyberSecurity Education, and logging Capture The Flag Experiences

I want to make this as concise as possible, but I haven't written in a while, so stick with me.

Rock the Flag, network, (RTFn) is a project started by myself, and my friends Mike and Nick, designed to help students play Capture The Flag (CTF) competitions. RTFn's goal is improved CyberSecurity education through CTF competitions. We hope to improve CTF experiences with extracted-and-visualized team reports per-event.  The software implements robust logging, with the help of the users, to identify trends. These trends help users identify their team strengths and weaknesses, while profiling each competition they play. At the base of RTFn is an Etherpad (real-time document collaboration on steroids) installation with three major changes.

Read More

Route based on Source IP Address (Linux / BSD)

I ran into an interesting situation the other day which I expected would have more documentation online.

Situation: You have a multi-homed router and you would like to route traffic based on client IP addresses, or the source address. In my case I wanted a /24 (Net 1) to be directed (forwarded) through interface A, and another /24 (Net 2) to be forwarded through interface B. In my case I also NATed traffic forwarded to interface A.

This is called source address routing or policy-based routing.

Read More

Analyzing CVE-2010-0188 exploits: Context aware malware (Part 2)

...Continued from Part 1.

Advancing shellcode

I was able to extract the shellcode from the attacks in June and July. I opened the X86 code in IDA Pro and was baffled, I knew it would take time and research to figure out what the attacker was trying to accomplish. Though I could easily see that part of the code was trying to bootstrap a malicious binary. Since then I've read a paper titled "Understanding Windows Shellcode" (by skape mmiller@hick.org) which explained what our friend Pat Casey was doing, almost line by line.

Read More