Datenterrorist
Surveillance Self-Defense Guide
"The Internet remains one of the most powerful means ever created to give voice to repressed people around the world. Unfortunately, new technologies have also given authoritarian regimes new means to identify and retaliate against those who speak out despite censorship and surveillance. Below are six basic ideas for those attempting to speak without falling victim to authoritarian surveillance and censorship, and four ideas for the rest of us who want to help support them."
Quelle: EFF
Quelle: EFF
Hacking Web 2.0
Very interessting paper from pdp (GNUCITIZEN) about exploiting and abusing Web 2.0 technologies.
Click
Click
Exploiting Flash apps
A really good lecture about exploiting flash and action script 2 applications.
Click
Click
Buffer truncation abuse
Howto hack a password reset mechanism based on ASP.Net and MS SQL server abusing buffer truncation and white space trimming.
Click
Click
Reverse engineering
Papers:
Introduction to Reverse Engineering Software
Reverse Engineering Linux ELF Binaries on the x86 Platform
RUXCON 2004 - ELF: A fairytale for viruses
ELF Standards
Phrack - Backdooring Binary Objects
Tools:
GNU Debugger
Objdump
Fenris
Boomerang
JAD
Flasm
REC - Reverse Engineering Compiler
ELFsh
BIEW
PrivateICE
LinICE
Links:
Reverse-Engineering.net
Codebreakers Journal
Honeynet Project - The Reverse Challenge
Introduction to Reverse Engineering Software
Reverse Engineering Linux ELF Binaries on the x86 Platform
RUXCON 2004 - ELF: A fairytale for viruses
ELF Standards
Phrack - Backdooring Binary Objects
Tools:
GNU Debugger
Objdump
Fenris
Boomerang
JAD
Flasm
REC - Reverse Engineering Compiler
ELFsh
BIEW
PrivateICE
LinICE
Links:
Reverse-Engineering.net
Codebreakers Journal
Honeynet Project - The Reverse Challenge
Exploiting Open Functionality in SMS-Capable Cellular Networks
“Cellular networks can be broken into two chief components – the radio, or “air interface” and the wired backbone. We are chiefly interested in how traffic injected from the Internet can be used to congest the air interface as it is the more constrained of the two.
We divide the air interface into two general components – Control Channels and Traffic Channels. It helps to think of control channels as a very small portion of radio frequency that allow cellular towers to send information pertaining to call setup, SMS delivery and network conditions (such as the availability of traffic channels) to mobile phones. Traffic channels are instead used to carry actual voice conversations after they have been established via the control channels.
Because text messages and mobile-phone call setups rely on the same limited resource, namely control channels, it is possible to attack this system. If enough text messages are sent so that no more control channels are available, calls will begin blocking (i.e. will not be connected).
We demonstrate the ability to deny voice service to large metropolitan areas with little more than a cable modem.”
Quelle: smsanalysis.org
We divide the air interface into two general components – Control Channels and Traffic Channels. It helps to think of control channels as a very small portion of radio frequency that allow cellular towers to send information pertaining to call setup, SMS delivery and network conditions (such as the availability of traffic channels) to mobile phones. Traffic channels are instead used to carry actual voice conversations after they have been established via the control channels.
Because text messages and mobile-phone call setups rely on the same limited resource, namely control channels, it is possible to attack this system. If enough text messages are sent so that no more control channels are available, calls will begin blocking (i.e. will not be connected).
We demonstrate the ability to deny voice service to large metropolitan areas with little more than a cable modem.”
Quelle: smsanalysis.org
Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
“This paper describes the process of identifying and exploiting 802.11 wireless device driver vulnerabilities on Windows. This process is described in terms of two steps: pre-exploitation and exploitation.
The pre-exploitation step provides a basic introduction to the 802.11 protocol along with a description of the tools and libraries the authors used to create a basic 802.11 protocol fuzzer.
The exploitation step describes the common elements of an 802.11 wireless device driver exploit. These elements include things like the underlying payload architecture that is used when executing arbitrary code in kernel-mode on Windows, how this payload architecture has been integrated into the 3.0 version of the Metasploit Framework, and the interface that the Metasploit Framework exposes to make developing 802.11 wireless device driver exploits easy.
Finally, three separate real world wireless device driver vulnerabilities are used as case studies to illustrate the application of this process. It is hoped that the description and illustration of this process can be used to show that kernel-mode vulnerabilities can be just as dangerous and just as easy to exploit as user-mode vulnerabilities. In so doing, awareness of the need for more robust kernel-mode exploit prevention technology can be raised.”
The pre-exploitation step provides a basic introduction to the 802.11 protocol along with a description of the tools and libraries the authors used to create a basic 802.11 protocol fuzzer.
The exploitation step describes the common elements of an 802.11 wireless device driver exploit. These elements include things like the underlying payload architecture that is used when executing arbitrary code in kernel-mode on Windows, how this payload architecture has been integrated into the 3.0 version of the Metasploit Framework, and the interface that the Metasploit Framework exposes to make developing 802.11 wireless device driver exploits easy.
Finally, three separate real world wireless device driver vulnerabilities are used as case studies to illustrate the application of this process. It is hoped that the description and illustration of this process can be used to show that kernel-mode vulnerabilities can be just as dangerous and just as easy to exploit as user-mode vulnerabilities. In so doing, awareness of the need for more robust kernel-mode exploit prevention technology can be raised.”
Database rootkits
How to hide user accounts and code in complex sql databases like Oracle.
07.07.07 14:08:00 - balle - No comments - RTFM
07.07.07 14:08:00 - balle - No comments - RTFM
HTTP request smuggling
“HTTP Request Smuggling (“HRS”) is a new hacking technique that targets HTTP devices. Indeed, whenever HTTP requests originating from a client pass through more than one entity that parses them, there is a good chance that these entities are vulnerable to HRS.
HRS sends multiple, specially crafted HTTP requests that cause the two attacked devices to see differen sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it.”
Click
HRS sends multiple, specially crafted HTTP requests that cause the two attacked devices to see differen sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it.”
Click
Nokia AT commands
AT Command Set For Nokia GSM And W C D M A Products
Click
Click
Linux Kernel in a Nutshell
"Written by a leading developer and maintainer of the Linux kernel, Linux Kernel in a Nutshell is a comprehensive overview of kernel configuration and building, a critical task for Linux users and administrators."
Click
Click
Sicherheit im Internet als OpenBook
"Sicherheit im Internet richtet sich vor allem an Computernutzer, die sich zuvor erst
wenig mit der Sicherheitsproblematik des Internets beschäftigt haben. Da das Buch
aber nicht nur an der Oberfläche kratzt, sondern sich um ein tieferes Verständnis der Thematik bemüht und eine Fülle an Informationen und praktischen Tipps bietet, ist es auch für fortgeschrittene Leser geeignet.
Zielsetzung ist es vor allem, Sie als Leser mit einem fundierten Hintergrundwissen und den nötigen, meist kostenlosen Werkzeugen auszurüsten, um Ihnen eine sichere Nutzung des Internets zu ermöglichen. Dabei werden Sie in diesem Buch nur selten pauschale Empfehlungen finden, sondern bekommen das Rüstzeug an die Hand, um Gefahren einschätzen und auf sie reagieren zu können."
Click
Vielen Dank an O'Reilly! :)
wenig mit der Sicherheitsproblematik des Internets beschäftigt haben. Da das Buch
aber nicht nur an der Oberfläche kratzt, sondern sich um ein tieferes Verständnis der Thematik bemüht und eine Fülle an Informationen und praktischen Tipps bietet, ist es auch für fortgeschrittene Leser geeignet.
Zielsetzung ist es vor allem, Sie als Leser mit einem fundierten Hintergrundwissen und den nötigen, meist kostenlosen Werkzeugen auszurüsten, um Ihnen eine sichere Nutzung des Internets zu ermöglichen. Dabei werden Sie in diesem Buch nur selten pauschale Empfehlungen finden, sondern bekommen das Rüstzeug an die Hand, um Gefahren einschätzen und auf sie reagieren zu können."
Click
Vielen Dank an O'Reilly! :)
Flash VS Anonymity
Das folgende Paper beschreibt einen praktischen Angriff auf einen TOR Webclient und zeigt wie es durch ein Flash Plugin möglich ist an Exit Nodes die wahre IP eines Clients zu ermitteln.
Click
Also wer anonym sein will, sollte Flash deaktiveren.
Click
Also wer anonym sein will, sollte Flash deaktiveren.
Softwarepatente - Das Buch zum "Film"
"Der Gründer der preisgekrönten NoSoftwarePatents-Kampagne, Florian Müller, erzählt die Erfolgsgeschichte vom Widerstand gegen die Softwarepatent-Richtlinie der EU."
Click
Click
Was man von Open Source lernen kann
Ein sehr interessanter Artikel über Projektmanagement in Open Source Projekten und was man daraus lernen kann.
Click
Click
