Sunday, 29 June 2014

BSides Manchester 2014

It was really nice to be invited to present at BSides Manchester (@BSidesMCR) this year [1]. Very interesting talks and one of the most organised events I have ever been. On-time information on the website and clear instructions about the event . I really enjoyed both days and tried to attend as many talks as I could. 



On the second day, I was presenting about the security of Point of Sale (POS) devices. These devices have a number of “features” which can be used to allow someone to deviate from payment process in a number of different ways. More specifically, it is possible to complete a transaction without actually being charged, pay with someone else’s card without knowing the PIN or even get paid instead of paying. The presentation gave a good understanding on how these devices work and basically demonstrated a number of “magic tricks” on how one could actually live for free! I was overwhelmed from the number of people attended the talk and their enthusiasm on the subject. Thank you all for your kind words, tweets and re-tweets, much appreciated.

Wednesday, 21 May 2014

The Subterfuge Project called Artemis

Artemis [1] is an advanced malware simulation suite capable of emulating the Advanced Persistent Threat (APT). Artemis raises the bar allowing ethical hackers and penetration testers the luxury of an advanced set of features equivalent to many of the tools employed by criminal gangs today. By abstracting polymorphism to a server based platform at cevincere.com Artemis is able to stay one step ahead of anti-virus vendors, and ensure that penetration testers can give their clients the value that they deserve.

[1] https://code.google.com/p/subterfuge/

Wednesday, 30 April 2014

BSides London 2014 - POS Devices

I was given the opportunity to present at this year's BSides London [1]. The talk was a 15 minutes presentation about Point of Sale (POS) devices, during a no-camera, no-recording session due to the sensitive content. 

I have been researching the features of POS devices for more than a year and I wanted to share my findings before someone else does something similar. However, due to the fact it is not easy to fix the issues overnight, I decided to keep the presentation "behind closed doors". During the presentation I demonstrated how it is possible for anyone to become a "hacker" and abuse these little devices with simple key combinations. 

Wednesday, 9 April 2014

Critical OpenSSL vulnerability

OpenSSL released a security advisory yesterday (7/Apr/2014) regarding the TLS heartbeat read overrun (CVE-2014-0160). [1] This is a CRITICAL vulnerability affecting 1.0.1 and 1.0.2-beta releases of OpenSSL, including 1.0.1f and 1.0.2-beta1.

An attacker can read memory contents of the remote server . The server will not crash or otherwise exhibit suspicious behaviour. Successful exploitation leaks usernames, passwords, web application session cookies or other sensitive information. 

Currently, some of the vulnerable websites are: 
yahoo.com
okcupid.com
flickr.com

The quickest way to test your server is by using the following link:
http://filippo.io/Heartbleed/

Remediation:
Affected users should upgrade to OpenSSL 1.0.1g. The alternaltive at this point if you cannot upgrade to OpenSSL 1.0.0g is to recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS

For remediating against an Apache install you will also need to upgrade libssl (libssl1.0.0).

Note that Ubuntu 1.0.1-4ubuntu5.12 of OpenSSL resolves the issue.

Temporary Snort signatures:
a) alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Heartbleed attack with ssltest.py";flow:to_server,established; content:"|18 03 02 00 03 01 40 00|"; rawbytes; isdataat:!1,relative; reference:cve,2014-0160; sid: 6000000; rev:1;)

b) alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"Heartbleed attack";flow:to_server,established; content:"|18 03|"; rawbytes; depth:2; byte_test:1, &, 3, 0, relative; byte_test:2, >, 200, 3, relative, big; reference:cve,2014-0160; sid: 6000001; rev:2;)


[1] http://www.openssl.org/news/secadv_20140407.txt

Monday, 31 March 2014

So many Computer Forensics tools but no time

Do you want to get your hands in Computer Forensics but you don't really know where to start. Are you looking for a tool that does a specific job but you don't know which one to download and use. Forensic Control [1] have a list of free tools as a free resource for all. The tools are grouped in categories and a detailed description allows you to find what you are looking for. 

The main categories of the tools you can find are:

  • Disk tools and data capture
  • Email analysis
  • General tools
  • File and data analysis
  • Mac OS tools
  • Mobile devices
  • File viewers
  • Internet analysis
  • Registry analysis
  • Application analysis
  • Abandonware




[1] https://forensiccontrol.com/resources/free-software/