Jump to content

overwraith

Dedicated Members
  • Posts

    742
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by overwraith

  1. I have come up with another USB vector attack. This involves a flash drive which has had it's firmware tampered with in such a way that it allows the user to copy files to it, but after a number of plug in's the flash drive becomes unresponsive. I am not sure if this would require special firmware, or multiple sd cards to accomplish this. Another alternative is the same idea except with a remote wifi shut-off switch. The idea is that somebody stops by with promotional flash drives, which work, then they shut off all of a sudden and end up in the user's trash bin. Such a device would require a push button in order for the hacker to re-access the contents. Wifi cards are relatively small, I have one I use for my raspberry pi's which is small outline. Approximately the size of my thumb nail. If practical please consider making this to add to the arsenal. If one goes the SD route, one could be the data SD, and the other could contain some sort of file which contains the number of times the drive has been plugged, or other such info. If one goes the wifi route one could turn it off via a rouge AP.
  2. The reason for this tool is to simulate someone exfiltrating data off a corporate network. The dial-able pot switch makes the signal lesser to a degree that you get a personal area network around your wifi nic. The wifi nic i have in mind is actually usb based, and only about the size of my thumbnail. People war-driving around the building to test security wouldn't even be able to see your network/ssid unless they were feet from you. I am surprised no-body has thought this up before. Your phone becomes the endpoint which communicates with the wifi NIC. Furthermore I may have seen one of these in the wild. No-one really said anything, or suspected. I put two and two together months later after I had left the job. If anybody see's any wierd SSID's that are only in the general locale of a single desk, you now know they exist and how to report them.
  3. Another aspect of this could be if somebody was not supposed to be looking in your desk drawer as per company policy, and you happened to acquire a fake grenade (Training Grenade Blue, no explosives already spent fuse). You stick the fake trainer in the desk drawer, and some point later in the day the bomb squad gets called and you know exactly who is snooping. Probably give the bomb squad and police a courtesy call first along with your address etc.
  4. A while back I discovered that elicitation could be used in order to protect the company from intrusions from unscrupulous employees. I do believe that one of Mitnick's books or someone else's describes how a savvy net admin discovered a chat box on his computer and used elicitation to make the hacker believe he was one too. On doing this the hacker revealed how he had broken into the company using some sort of VPN vulnerability. One method in a pharmaceutical company is to have a Vikodin trap. Essentially people are informed as to the whereabouts of unsecured vikodin, for example using an encrypted document that has a few developers, and therefore only a few possible recipients, loose talk around the office, and or water-cooler talk, or any other means of targeting specific people. The manner in which you reveal the information is the manner in which the employees will find out. Obviously the trap is monitored by unobtrusive security, like a camera etc. Anybody caught stealing the cardboard box of vitamins is summarily let go from the company due to the fact that it is cheaper to let them go than to navigate tort law. Vikodin could be replaced with anything of value at your workplace, but you should in fact be leaving out fakes or just cardboard packages rather than the expensive items. This would not be considered entrapment if sufficiently bland, for instance you do not actually dominate the person in order to make them fall into the trap, or otherwise trick them. It has to be their own decision as opposed to trickery. You want to demonstrate a clear and willful act that can't be refuted.
  5. RSA is the only asymmetric algorithim available to the .NET C# API. It is useful for moving data from one computer to another without malicious Mallory intercepting or changing the transmission. The RSA part is actually ideal for transmitting keys to the destination computer. Use the key transmission and apply it to a separate symmetric transmission for large files for increased performance. Big files or transmissions get symmetricly encrypted. Doing a lot of C# development and research lately. I could probably make $50 per company by tooling around my city, and trading the printouts for money, but I am not currently interested. My contribution to the security of the business environment. The algorithm works by swapping public keys between computers, then sending the information along to the destination computer. The network code is not included, but you could see how this could be broken up into controllers or client server programs. using System; using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; using System.Text; using System.Threading.Tasks; namespace RSA_Login { class Program { static void Main(string[] args) { RSALogin client = new RSALogin(); RSALogin server = new RSALogin(); client.PublicKey = server.GetPublicKey(); server.PublicKey = client.GetPublicKey(); byte[] cipherText = server.Encrypt("Hello"); String password = client.Decrypt(cipherText); }//end method }//end class /// <summary> /// RSALogin object used to preform Asymmetric trade of data. /// </summary> public class RSALogin { RSACryptoServiceProvider alg = new RSACryptoServiceProvider(); HashAlgorithm hashAlg = HashAlgorithm.Create("SHA1"); public RSAParameters PublicKey { get; set; } public RSALogin() { } /// <summary> /// Get other computer's public key. Used to trade keys. /// </summary> /// <returns></returns> public RSAParameters GetPublicKey() { alg = new RSACryptoServiceProvider(); RSAParameters publicParams = alg.ExportParameters(false); return publicParams; } /// <summary> /// Encrypt data to send to client. /// </summary> /// <param name="plaintext"></param> /// <returns></returns> public byte[] Encrypt(String plaintext) { byte[] plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plaintext); byte[] signature = alg.SignData(plainTextBytes, hashAlg); alg.ImportParameters(PublicKey); byte[] cipherText = alg.Encrypt(plainTextBytes, true); return cipherText; }//end method /// <summary> /// Decrypt the cipher text from the server. /// </summary> /// <param name="cipherText"></param> /// <returns></returns> public String Decrypt(byte[] cipherText) { byte[] plainTextBytes = alg.Decrypt(cipherText, true); byte[] signature = alg.SignData(plainTextBytes, hashAlg); bool sigValid = alg.VerifyData(plainTextBytes, hashAlg, signature); if (!sigValid) throw new CryptographicException("Signature is not valid. "); String plainText = new System.Text.UTF8Encoding().GetString(plainTextBytes); return plainText; }//end method }//end method }//end namespace
  6. I just had a cool new idea for a pen testing tool. If hak 5 thinks it is a good idea they can build it. Would recommend creation of new WIFI NIC with a pot-switch to modulate the power going to the antenna on the circuit board. Is an exfiltration tool, utilized for creating a personal area network around one's desk, phone can connect. Would require vid/pid changing utility. If thought to be a good idea can build. Try to make it small like those thumbnail sized ones, or at least fairly trimmed down. obviously the pot switch changes the dimensions. I only condone white hat pen testing only. Thanks everybody. Possibly also add push button for turning it on or off. Make the switch toggle the radio output to zero, not restart.
  7. Right, I misread the question. Perhaps next time emphasize "moving to another drive" in the title more than phone. The phone has to have mass storage you can send the data to. If it mounts like a removable drive you can send data to it. You just have to figure out how the path fits into the payload.
  8. Are you sure, do you remember what OS it was? Android, IPhone/IOS, Windows Phone? On most phone OSes it is pretty difficult to get keystrokes to do anything.
  9. If I could I would implement some sort of VLAN'ing on my network, it probably would have fixed a few things. Allowing everybody to see everybody else's traffic isn't necessarily a good thing if one host is compromised. Depends on your interoperability needs. Actually home routers and such are fairly well set up out of the box these days. NAT and Firewalls are pretty good at keeping threats out. What most worries me about my home net is more physical security related, however my situation is probably a bit more unique than yours. I would like to get some padlocks, and change out the door locks because dummies keep leaving the combo locks combinations unscrambled. My dad keeps turning on all his switches, and routers, and virtual servers, etc, I open up my network sharing center and literally do a double take, wtf did my computer just get plugged into? Not a sec risk, but I should probably go through and port scan/map all his stuff, and check the logs on our router more often because there isn't that much verification going on. It would be nice to make a script/web UI on my home net which could aggregate all the security observations concerning the net. This sounds a little bit academic, but perhaps you should analyze your threat environment to determine what the biggest threats actually are. Most times homes aren't the targets of hacking, unless some bot herder wants your info and CPU cycles, and you have a weakness for spammy sites. Businesses are probably the most targeted, that's where the credit card numbers are.
  10. I guess the problem is the book I picked up liked to express the "stealthiness" of algorithms in terms of calculus equations. You know, summations and all that jazz. Steganography in digital media by Fridrich. Even as somebody who has taken calculus, I have no desire to return death's ground. You would think that "Oh, programming is just the implementation of math..." no, not all programming is. Much of it is more of a vocabulary, documentation, and best practices thing. Sure I am betting I will be exposed to more and more math, but there's only so much you can expect from entry coders. There are also some forms of math which are better explained than others.
  11. Sounds good in theory digip, but I have seen projects which were literally the culmination of literally years of coding. When faced with an ocean of code it is almost impossible to locate every possible place for grey ware to reside. I am guessing that the only way to cover one's self is to put in the version control system who, and where you got code from, especially in description fields. It seems to me that it is the entire organization's responsibility to put together some kind of a code verification process, but I am betting that the majority of companies don't have sufficient safeguards. Even if there is a verification process, who's to say there's not a loophole somewhere? How do you know the guy you are persecuting isn't just some dupe? If some entry level coder is faced with grayware/malware, they could at worst be blamed for what predecessors did. IDK. Just got out of a job where the security was atrocious, and I was really uncertain about such things. People actually harassed me at work. Just glad I am out of that situation. I don't think anyone tried to "set me up" in this way, but I was wondering for a while whether they would try. Veiled threats have a tendency to make one re-assess what mankind is capable of.
  12. So how would one detect if there were shenanigans going on in a VB/C# project? I am basically an entry level developer, and unfortunately I have met people who have axes to grind. How would I detect something like this if I "inherited" a project with malware in it? How would one begin building a paper trail if one has little experience with such things.
  13. Ctrl + P, I'm going to read this one. Thanks for the share. Just curious, doesn't minification of JS and now that I think of it combined with obfuscation do the same thing? Basically minification is a process whereby all whitespace is removed from JS code. So occassionally you'll see some libraries in JS used on certain pages, like Angular or JQuery which has actually been minified so it is essentially unlegible. I am assuming that the lack of whitespace would also create problems for AV parsers due to the fact that JS is interpreted, not compiled, but I'm not sure. I wish there was a "Practical" stego book for sale somewhere. I got a stego book a while back, and the amount of calculus in it made it almost impenetrable. The stego book I have is kind of a long term goal at this point.
  14. That's a good one digip. The problem I see is that I am mostly a Windows guy. I would have to essentially make the VM a Windows box. I do confess, I have always had problems with live disks. Sure they are absolutely great to get from a Linux distributer, but is it possible to make one's own without resorting to neuro surgery? Are there any layman's tutorials for creating custom live disks, or is it not possible without in depth knowledge?
  15. Those are all good points cooper. Luckily there wasn't anything on the laptop of importance. I was in the process of installing Visual Studio, but I don't think they can do anything with that. Probably... I do know how to download java docs, that's one of the first things my high school java teacher taught us years ago (when I was in high school, now I am a college grad). You're right about the mis-configuration thing, however it could be really useful if it was configured correctly. It seems that something on the laptop was probably faulty in order to let them in. You would think Microsoft would have fixed whatever issue that was, but you know them. You need a server/client socket in order to remotely execute shell code like this correct? The laptop basically had nothing on it. It was a completely clean OS. I should have set the laptop up before hand on my own, and just not connected, however there are a lot of compilers out there that would routinely need updated/installed in order to be competitive in one of these code activities since everybody on every team has differing skill sets. Perhaps the question is how do I make a web bot that routinely gathers instillation software, and crafts some sort of automated build/install procedure for all the darn compilers out there.
  16. You're right about the 100 % thing. But you can make it darn hard can't you? I guess I would be wondering if there is actually any metasploit modules designed with the raspberry pi architecture in mind. Mind you I don't know shell code. Shell code and ASM is hard. I have some of the books and would like to learn, I just have to learn a few more things first. Getting better at JS and SQL is necessary for future employment. Everything else is just hobbies, so they necessarily take a back seat.
  17. Thanks for the reply Xcellerator. Those are some good ideas. Perhaps there's some tutorials online for something like this. I will have to look unless you know where some links are. Let's keep this thread going a while to see if there's any more good solutions. Does anybody know the bandwidth that a raspberry pi is capable of? If there's a solid linux OS for it, and some ability to make some sort of firewall, and it's reasonably secure that could be another option. The only real problem I see with Raspberry pi's is that they aren't specifically designed for security, they are more of a hobbyist thing, which makes 'em more susceptible to hackery.
  18. Hey all, I got a question. Let's say I was at a coder kata, trying to get my dev environment set up on a laptop, so I could actually participate in this coding exercise, and while I am doing this, I connect to the wifi that the event hosts so graciously provide, and then within seconds... Bam! My AV dies, and seconds later my laptop blue screens. So naturally I am thinking to myself, wonderful, one of these dick-wads knows shell code. Am now rebuilding that laptop, completely blowing everything away. Now the question, how would I implement some sort of security/firewalling on a thouroughly untrusted network. Is there a wifi device which can support firewall rules, or something that can tolerate such an untrusted connection? Obviously the right answer is don't connect to someplace which isn't secure, but that doesn't really help me particpate in a public event like this. Aparently the solution to keep your electronics in your house under lock and key is not the most palletable solution here.
  19. That is a very good description. Ty Xcellerator. Are there any books out there that teach more about SDR?
  20. I couldn't resist making a jab at the guy that asked about "fixing" fried electronics. That's like asking to unfry an egg or something.
  21. You really should tell everybody which programming language you want it parsed in. As it stands it's really just kind of sinister.
  22. I should have asked the same thing about the yardstick one also. I am getting my radios confused. Thanks for the reply barry.
  23. That's also a legitmate solution. That's a good one, I'm printing that one out. TY Dice.
  24. Golly, current requirements? You'd think somebody would figure out how to build a light bulb which could shake off having a jigawatt thrown at it and still function correctly. Gosh darn engineers!
  25. I actually have not read the article yet... The way the borders are in europe though, I would tend to agree with your observation about it being an immigration/border sec issue. But certain political parties won't admit that to themselves.
×
×
  • Create New...