ICS Security Analysis — New Pentest Tools

Industrial system (ICS/SCADA) security is a modern trend in information security. However, there is always a shortage of specialized tools for pentest or audit of ICS security. This article covers the latest publications, utilities, and presentations of Positive Technologies experts — all this will help you to ensure industrial system security..Theory To Start With Understanding of real threats is the core for any information security … Continue reading ICS Security Analysis — New Pentest Tools

Attacking MongoDB

I\’m not going to describe the way a database is installed: developers make everything possible to ease this process even without using manuals. Let\’s focus on features that seem really interesting. The first thing is a REST interface. It is a web interface, which runs by default on port 28017 and allows an administrator to control their databases remotely via a browser. Working with this … Continue reading Attacking MongoDB

Google Chrome for Android — UXSS and Credential Disclosure

Here we go.In July 2011, Roee Hay and Yair Amit from the IBM Research Group found the UXSS vulnerability in the default Android browser. This bug allows a malicious application to insert JavaScript code in the context of an arbitrary domain and stole Cookies or to do some evil things. Anyway, this bug was fixed in Android 2.3.5. On June 21, 2012, Google Chrome for … Continue reading Google Chrome for Android — UXSS and Credential Disclosure

Your Flashlight Can Send SMS — One More Reason to Update up to iOS 6

Today I\’m not going to tell you how the security system of iOS 5 is organized. We will not gather bits of information using undocumented features either. We\’ll just send an SMS from an application behind the user\’s back.There is too little information describing low-level operations on iOS. These bits do not allow viewing the picture as a whole. A lot of header files have … Continue reading Your Flashlight Can Send SMS — One More Reason to Update up to iOS 6

Intel SMEP overview and partial bypass on Windows 8

Author: Artem Shishkin English whitepaper (PDF): here Russian whitepaper (PDF): here 1.    Introduction         With a new generation of Intel processors based on the Ivy Bridge architecture a new security feature has been introduced. It is called SMEP which stands for “Supervisor Mode Execution Prevention”. Basically it prevents execution of a code located on a user-mode page at a CPL = 0. … Continue reading Intel SMEP overview and partial bypass on Windows 8

Not So Random Numbers. Take Two

George Argyros and Aggelos Kiayias have published recently an awesome research concerning attacks on pseudo random generator in PHP. However, it lacked practical tools implementing this attack. That is why we conducted our own research which led to the creation of a program to perform the bruteforce of PHPSESSID. How can we get mt_rand seed via PHPSESSID? PHPSESSID is generated this way: md5( client IP … Continue reading Not So Random Numbers. Take Two

Recreational XenAPI, or The New Adventures of Citrix XenServer

Today, I would like to speak about certain aspects of using Citrix XenServer 5.6. The problem I had to deal with seemed to be rather solvable: command execution in dom0 without using SSH. While searching methods to fix the issue, I found some funny features of HTTP API of the operating system: ways to get /etc/passwd, remote execution of rsync and XenSource thin CLI protocol. … Continue reading Recreational XenAPI, or The New Adventures of Citrix XenServer

Android: Overview of Hacking Applications

Hello, everyone! Along with the article on MiTM attacks from iPhone, I got an idea of almost similar one about Android. We already know what iPhone is capable of. Is Android any worse? We have considered about 25 hacking applications. And now I\’d like to present you the results of this small research. Some applications didn\’t start at all. Others froze the phone dead. But … Continue reading Android: Overview of Hacking Applications

iPhone: MiTM attack out of a pocket

A laptop seems to be a typical device for Wi-Fi attacks. There are multiple reasons for it: applicability of specific Wi-Fi modules, availability of necessary software and sufficient computing power. So usually we imagine an attacker holding a laptop while sitting in a car with an antenna sticking out of the window. However, development of mobile platforms is moving forward, and a lot of operations … Continue reading iPhone: MiTM attack out of a pocket

Finish up with SAP. From a user\’s password to a top manager\’s salary

Introduction Sometimes, obtaining access to SAP, a security analysis specialist has no idea what to do next and how to demonstrate possible consequences of the detected vulnerabilities. This article covers methods of obtaining access to the production system and data of the SAP HCM module.One, two, three, out goes he We\’ve obtained access to the company\’s internal network. How can we find SAP applications? The … Continue reading Finish up with SAP. From a user\’s password to a top manager\’s salary