View RSS Feed

Recent Blogs Posts

  1. Teensy USB HID for Penetration Testers - Part 3 - Programming sketches in Arduino

    by , 04-25-2012 at 10:51 PM
    In previous post we saw very basic usage of Arduino Development Environment (ADE) and ran our Hello World using Teensy. Let's have a look at doing something more with Teensy and ADE.

    You know that there are two bare minimum functions called setup and loop in a sketch. But there are many more functions which are very useful while programming complex sketches. Have a look at the below sketch, which opens up notepad and types "Hello World" in it.
    Code:
       void setup()
    ...
    Categories
    Uncategorized
  2. Network Architecture Review Checklist

    by , 04-22-2012 at 05:15 PM
    The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture.Thanks to Punter & B0nd for their useful inputs.
    ...
  3. Teensy USB HID for Penetration Testers - Part 2 - Basics of Arduino and Hello World

    by , 04-11-2012 at 09:17 AM
    In the first post we installed Arduino Development Environment (ADE). Now lets have a look at basics of Programming Teensy using ADE

    Make sure that proper board is selected from the menu. Then choose the correct device type

    Name:  arduino-1.0_2012-04-04_11-34-51.jpg
Views: 463
Size:  24.1 KB

    In Arduino Development Environment (ADE), programming is done in a C type syntax. We have variables, methods, conditional operators and pointers etc. A program is called a sketch in ADE.

    Now, ...
    Categories
    Uncategorized
  4. HP DataProtector - Porting exploit to metasploit.

    by , 04-10-2012 at 04:11 PM
    Nowadays, in almost all my penetration testing projects, HP dataprotector has been the most vulnerable software installed.
    I thought of porting the same as a metasploit exploit module. Hence, I wrote exploit for Hp_dataprotector_cmdexec. I will try to describe my work step by step. The input for this was a working exploit-db code (HP Data Protector Remote Root Shell for Linux). The shell code when run normally will give a netcat shell.
    So here I start up:
    1. Took a standard ...

    Updated 04-10-2012 at 04:21 PM by sohil_garg

    Categories
    Uncategorized
  5. MS11-046 exploit Code, Windows local Privilege Escalation .

    by , 04-08-2012 at 05:01 PM (Fb1h2s aka Rahul Sasi's Blog)
    There was a good article released by Joni on MS11-046 vulnerability based on a malware he analysed .
    http://www.exploit-db.com/wp-content...docs/18712.pdf
    So I taught of spending my staurday night building an exploit for this .

    Windows [not sure about Win 7] lets Mapping of 0x00000000 in user space, and this particular vulnerability windows fix [Ms011-46] was by adding a simple check for Null Pntr in the AFD.sys, which I find odd, so I assume Win 7 it would ...
    Categories
    Uncategorized
  6. Introduction to SCADA hacking

    by , 04-07-2012 at 09:39 AM
    hi guys this is my first post so please ignore any mistakes
    so first what is SCADA ? its abbreviated as Supervisory Control and Data Acquisition so basically there are lots of hardwares in it and is used in power grids, Dams and many other industries. they use primitive softwares that are easy to exploit. remember Stuxnet that exploited Iran`s windows computer to exploit iran`s nuclear facility which was of Siemens. same way there are lots of companies who make SCADA and for ease of use
    ...

    Updated 04-11-2012 at 12:22 AM by rjcrystal

    Categories
    Uncategorized
  7. Teensy USB HID for Penetration Testers - Part 1 - Introduction and Arduino Install

    by , 04-04-2012 at 01:14 AM
    Hi All,

    This is my first post to Garage, please bear with mistakes. I will write a series of posts which will also be posted on my blog.

    My first blog post after two back to back awesome conferences Black Hat Europe and Troopers. At Black Hat Europe I conducted a workshop called Teensy Programming for Everyone. The workshop was well recieved by most of the participants. But I found that many of them found it difficult to setup Arduino for usage with Teensy and other ...

    Updated 04-05-2012 at 01:33 AM by SamratAshok (For fixing broken links)

    Categories
    Uncategorized
  8. Internal Attacks vai IVR systems [ Security Vulnerabilities in IVR Applications]

    by , 03-27-2012 at 06:29 PM (Fb1h2s aka Rahul Sasi's Blog)
    Am putting down Demo videos along with few important slides form my BlackHat 2012 presentation .

    My presentation were in HTML 5 and am putting down Demo Presentations here. I will upload the HTML5 presentation some were or you could download them form

    https://media.blackhat.com/bh-eu-12/...urity-Tool.zip

    For Better understanding about these demos go through the html 5 slides


    Name:  black_hat_europe2012.jpg
Views: 1156
Size:  6.3 KB
    ...
    Categories
    Uncategorized
  9. Binary Analysis of Oracle Java CVE: 2012-0500 and Alternate Exploitation on Win|Linux

    by , 03-06-2012 at 03:28 AM (Fb1h2s aka Rahul Sasi's Blog)
    Main():

    Java Webstart recently had critical security update in it's Webstart module Oracle Java Critical Patch Update - February 2012, that affects Firefox and IE, we will have few quick analysis of the vulnerable binary and few alternate ways to exploit them.

    Little History and Introduction about the Bug:

    Current bug is discovered and reported to Oracle by Vulnerability Research Team of TELUS Security Labs.

    The vulnerability was similar ...
    Categories
    Uncategorized
  10. Memoirs of Nullcon Goa 2012 - Hacking on beach

    by , 02-25-2012 at 03:55 PM


    Firstly, the venue. Goa ! Oh, it was divine. Frankly, nullcon should be always in Goa. Perfect blend of electric atmosphere and aesthetic calmness of nature. Seriously, you have to be there to feel it.

    Me, Ap4Ch3, akm.coder and Snypter arrived 2 days ahead of conference. Had a great time exploring Goa. Already, most of the people from null were beginning to pour in.

    ------------------------------------------------------------ ...

    Updated 02-25-2012 at 04:05 PM by abhaythehero

    Categories
    Uncategorized
Page 1 of 5 123 ... LastLast