I was pretty caught up with few office, personal stuffs that I could not find time to blog on my BlackHat ventures .
I was in Europe twice this year , in March for BlackHat Presenting on IVR Security: Internal Network Attack via Phone Lines. And in May for HITB presenting on "CXML VXML Auditing" . Both the events were fun and met lot of Hacker Ninjas, and that
Hi guys this is yash aka yinsain again with a duly awaited post.
THIS IS FOR EDUCATIONAL PURPOSES, I STAND NO INVOLVEMENT IN WHAT YOU DO WITH THE INFORMATION PROVIDED.
Nowdays most of the people around us are in favour of using an android device in the name of a smartphone well after all its a smart choice too.
First thing that people think of while using a smart phone is staying online and updated.
But how safe is it, people are scribbling down
In third part of this series, we discussed how to write sketches using Arduino and Teensyduino. In this part, let's have a look at Kautilya. Kautilya is a toolkit written by me which helps in easing usage of Teensy in a penetration test. It is named after the famous Indian strategist, economist and political scientist Chankaya (Kautilya is one of his alias). I will touch some less complex payload of Kautilya in this post.
Kautilya has a menu driven UI which could be used to generate
In the past few years, malware and Trojans have moved with a rapid pace when it comes to mobile portability. Many famous Trojans and malwares have been detected and analyzed in the past. Android being the latest and a popular mobile platform has become all time famous target of cyber crooks and malware authors. Android application package file or APK is the file format used to distribute and install application software and middle-ware into Android operating system.To make an APK file, a program
In previous post we saw very basic usage of Arduino Development Environment (ADE) and ran our Hello World using Teensy. Let's have a look at doing something more with Teensy and ADE.
You know that there are two bare minimum functions called setup and loop in a sketch. But there are many more functions which are very useful while programming complex sketches. Have a look at the below sketch, which opens up notepad and types "Hello World" in it.
The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture.Thanks to Punter & B0nd for their useful inputs.
In the first post we installed Arduino Development Environment (ADE). Now lets have a look at basics of Programming Teensy using ADE
Make sure that proper board is selected from the menu. Then choose the correct device type
In Arduino Development Environment (ADE), programming is done in a C type syntax. We have variables, methods, conditional operators and pointers etc. A program is called a sketch in ADE.
Nowadays, in almost all my penetration testing projects, HP dataprotector has been the most vulnerable software installed.
I thought of porting the same as a metasploit exploit module. Hence, I wrote exploit for Hp_dataprotector_cmdexec. I will try to describe my work step by step. The input for this was a working exploit-db code (HP Data Protector Remote Root Shell for Linux). The shell code when run normally will give a netcat shell.
So here I start up:
1. Took a standard
Updated 04-10-2012 at 04:21 PM by sohil_garg
There was a good article released by Joni on MS11-046 vulnerability based on a malware he analysed .
So I taught of spending my staurday night building an exploit for this .
Windows [not sure about Win 7] lets Mapping of 0x00000000 in user space, and this particular vulnerability windows fix [Ms011-46] was by adding a simple check for Null Pntr in the AFD.sys, which I find odd, so I assume Win 7 it would
hi guys this is my first post so please ignore any mistakes
so first what is SCADA ? its abbreviated as Supervisory Control and Data Acquisition so basically there are lots of hardwares in it and is used in power grids, Dams and many other industries. they use primitive softwares that are easy to exploit. remember Stuxnet that exploited Iran`s windows computer to exploit iran`s nuclear facility which was of Siemens. same way there are lots of companies who make SCADA and for ease of use
Updated 04-11-2012 at 12:22 AM by rjcrystal