Archive | May, 2011

Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach

Outsmart Malicious Hackers


You all probably remember the big kerfuffle that occurred after RSA got hacked, it was widely assumed that the SecurID system was compromised somehow and could not be relied on. We reported about it in the article – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken – where we questioned their silence about the whole thing.

The latest news linked to the above breach is that Lockheed Martin has been compromised and it could possibly be linked to the SecurID tokens. Now this is a BIG deal as they are a US Military contractor and probably have some pretty juicy secrets in their network.

Lockheed Martin Saturday night acknowledged that it its information systems network had been the target of a “significant and tenacious attack,” but said that its security team detected the intrusion “almost immediately and took aggressive actions to protect all systems and data.”

No data from customers, programs or employees was compromised, the top U.S. defense contractor said in a brief statement.

The company said that it has kept U.S. government agencies informed of its investigation as it “continues to work around the clock to restore employee access to the network.”

The attack was first reported last Thursday by Reuters, which cited a defense official and two unnamed sources familiar with the situation. The news agency reported that the cyberattack was affecting many employees at Lockheed Martin, which is based in Bethesda, Maryland, and makes fighter planes and other weapons systems.

Bruce Schneier mentioned it here – Lockheed Martin Hack Linked to RSA’s SecurID Breach

And a lot of people have been sayings it’s just speculation, yah the hack is real – but does it have anything to do with SecurID really? We have no idea.

There’s some interesting thoughts on it here – Weekly Intelligence Summary:2011-05-27


On Saturday, an official with the U.S. Department of Homeland Security confirmed the attack to the news agency. However, Lockheed Martin continued to decline comment.

The intrusion reported involves the use of RSA SecurID tokens, used by Lockheed Martin employees to access the company network remotely. Security analysts have urged that companies using the tokens review authentication procedures.

Lockheed Martin did not divulge how its systems were attacked. The company faces “constant threats from adversaries around the world” and regularly acts to heighten security of its systems, it said in the statement.

Homeland Security have confirmed the compromise but as of now, Lockheed Martin has no made statement regarding what has happened or what data has been accessed.

There some thoughts from SANS ISC Diary here on how to stay secure even if you do use SecurID – Lockheed Martin and RSA Tokens.

It’ll be interesting to see what other news comes out about this and if any actual details are revealed. We shall be keeping an eye on it.

Source: Network World

Posted in: Cryptography, Exploits/Vulnerabilities, Legal Issues

Topic: Cryptography, Exploits/Vulnerabilities, Legal Issues


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling

Keep on Guard!


SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer).

An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis like sniffing, interception and low level information theft. No server support is needed!

The internet protocols have been developed to allow two elements to communicate, not some third-parts to intercept their communication. This will happen, but the communication system has been not developed with this objective. SniffJoke uses the network protocol in a permitted way, exploiting the implicit difference of network stack present in an operating system respect the sniffers dissector.

How Does It Work?

It works only under Linux (at the moment), creates a fake default gateway in your OS (the client or a default gateway) using a TUN interface check every traffic passing thru it, tracks every session and
applyies two concepts: the scramble and the hack.

The scramble is the technology to bring:

  1. A sniffer to accept as true a packet who will be discarded by the server, or
  2. A sniffer to drop a packet who will be accepted by the server.

The scramble technology brings in desynchronisation between the sniffer flow and the real flow.

The bogus packet accepted by the sniffer is generated by the “plugin” is a C++ simple class, which in a pseudo statefull tracking will forge the packet to be injected inside the flow. is pretty easy to develop
anew one, and if someone wants to make research on sniffers attack (or fuzzing the flow searching for bugs) need to make the hand inside its.

The configuration permits to define blacklist/whitelist ip address to scramble, a degree of aggressivity for each port, which plugin will be used.

You can download SniffJoke here:

sniffjoke-0.4.1.tar.bz2

Or read more here.

Posted in: Forensics, Hacking Tools, Networking Hacking

Topic: Forensics, Hacking Tools, Networking Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Sony PlayStation Network (PSN) Reopens In Asia

Keep on Guard!


Finally! My friends over in this hemisphere can finally stop whining and get back on PSN! We’ve been covering this whole Sony Hack quite extensively over the past few weeks and this should be the final part of the network coming back online.

Asia is the last segment of the PlayStation Network to come back up, more than five weeks after it was taken offline after a massive hack attack.

I guess there won’t be much left to report after this, only the lawsuits that will inevitably pop-up as all the money-grabbers crawl out of the woodwork.

Sony’s PlayStation Network online gaming service will reopen for millions of gamers across Asia on Saturday, more than five weeks after it was taken offline following a cyber attack.

Sony pulled the plug on the PlayStation Network and the companion Qriocity audio and video streaming service on April 20, a day after detecting what it later called a “very sophisticated” intrusion.

When service resumes on Saturday in Japan, Taiwan, Singapore, Malaysia, Indonesia and Thailand, there will only be two more countries where service is still offline: South Korea and Hong Kong. Sony is still in discussions with authorities in those markets and can’t name a date for the resumption of services in the two countries.

“It’s going to take a little while longer,” said Satoshi Fukuoka, a spokesman for Sony Computer Entertainment in Tokyo.

Gamers in Asia were kept waiting while Sony briefed authorities in several countries on the hack and its response, but service returned for users in North America, Europe, the Middle East, Australia and New Zealand on May 14 and 15.

The incident began when an unknown hacker or hackers penetrated three firewalls to get inside Sony’s system and steal data on all 77 million registered accounts.

The countries involved are Japan, Taiwan, Singapore, Malaysia, Indonesia and Thailand. Which is odd because Australia and New Zealand were already brought back online almost 2 weeks ago.

I wonder what caused the delay for the Asian countries, especially Japan – the home of Sony. Even worse than that, South Korea and Hong Kong are still offline and there is no date given as to when they will come back up.


The stolen data included user names, e-mail addresses, login IDs and passwords. It was originally feared that millions of credit card numbers had also been leaked, but a subsequent computer forensics investigation failed to find any evidence that the credit card database had been accessed by the attacker, said Sony.

PlayStation users are required to download a firmware update for the console before they can reconnect to the network. Then, as a security measure, users must change their password upon login.

Sony has initially resumed a subset of the full PlayStation Network and Qriocity services. Back online are: online gaming, playback of already rented video, “Music Unlimited” online audio streaming, access to third-party services like Netflix and Hulu, PlayStation Home and friends features such as chat.

Full service is expected to resume in all markets, except South Korea and Hong Kong, by the end of May.

The attack and Sony’s response to it will cost the company around ¥14 billion (US$170 million) this financial year, it said Monday. That includes the cost of calling in several computer security companies, a rebuild of its security system, identity theft monitoring for users in some countries and the offering of several free games to users.

And as of now all of the previous features of PSN are not back online yet, they are promising to bring back full service shortly however.

It’s quite a costly mistake on the part of Sony with the initial costs running into US$170 million – the cost of Sony giving away freebies and mitigation to avoid such a thing happening again.

Source: Network World

Posted in: Exploits/Vulnerabilities, Legal Issues

Topic: Exploits/Vulnerabilities, Legal Issues


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


SIPVicious SIP Scanner – VoIP Hacking Security Auditing Tool

Outsmart Malicious Hackers


SIPVicious SIP Scanner is a suite of tools that can be used to audit SIP based VoIP systems. Why the name? Because the tools are not exactly the nicest thing on earth next to a SIP device.

SIPVicious SIP Scanner - VoIP Hacking Security Auditing Tool


Features for SIP Hacking with SIPVicious

It currently consists of five tools:

  • svmap – This is a sip scanner. When launched against ranges of IP address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports.
  • svwar – Identifies working extension lines on a PBX. A working extension is one that can be registered. Also tells you if the extension line requires authentication or not.
  • svcrack – A password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. Current cracking modes are either numeric ranges or words from dictionary files.
  • svreport – Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.
  • svcrash – Responds to svwar and svcrack SIP messages with a message that causes old versions to crash.

Requirements for SIPVicious

Python is the main requirement, it should work on any system that supports Python 2.6 or greater.

It was tested on the following systems:

  • Linux
  • Mac OS X
  • Windows
  • FreeBSD 6.2
  • Jailbroken iPhone with python installed

There is also:

ohrwurm – RTP Fuzzing Tool (SIP Phones)
SIPcrack – SIP Login Dumper & Hash/Password Cracker
Sipflanker – Locate SIP (VoIP) Device Web Interfaces
SIP Proxy – VoIP Security Testing Tool
Mr.SIP – SIP Attack And Audit Tool

You can download SIPVicious here:

sipvicious-v0.2.8.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Hotmail Exploit Has Been Silently Stealing E-mail

Outsmart Malicious Hackers


We haven’t reported a whole lot about Hotmail over the years, probably because since Gmail took over – Hotmail has mostly taken a backseat.

The most recent report we had was about SSL and how Hotmail Always-On Encryption Breaks Microsoft’s Own Apps.

The latest news is there has been a nasty bug in Hotmail for a while that has been actively exploited allowing malicious senders to snoop on e-mail and even add forwarding rules to the victim account.

Microsoft has patched a bug in its Hotmail email service that attackers were exploiting to silently steal confidential correspondences and user contacts from unsuspecting victims.

The vulnerability was actively being exploited using emails that contained malicious scripts, Trend Micro researcher Karl Dominguez said Monday. Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window. The commands embedded in the emails uploaded users’ correspondences and user contacts to servers under the control of attackers without requiring the victim to click on links or otherwise take any action.

The scripts also also had the capability of enabling email forwarding on the targeted Hotmail account, allowing attackers to view emails sent to the victim in the future.

Trend Micro researchers learned of the in-the-wild attacks after a colleague in Taiwan received one of the booby-trapped emails. The email purported to be a security warning concerning the victim’s Facebook account.

This attack has been going on in the wild for at least 2-3 weeks – that’s the confirmed time frame anyway. It may have been going on for much longer than that, no one really knows.

Microsoft isn’t telling us anything, nothing at all? I’d personally like to know how many users/accounts were effected? Have they notified these users? What exactly are they doing to mitigate the loss of personal data and so on.

I wonder if this will get legal like the whole Sony case that’s blowing up right now, I’d guess not as Hotmail users tend to a less Internet savvy kind of crowd. I mean seriously how many of you guys/gals use Hotmail as your primary account? I’d guess probably none.

Most of you probably have a Hotmail account but use it as a secondary/tertiary account for signing up to forums etc and spam.


Trend first disclosed the bug on May 13. Monday’s blog post said Microsoft has since plugged the hole, which resided in CSS, or cascading style sheet functionality, but didn’t say when.

“The attack takes advantage of a script or CSS filtering mechanism bug in Hotmail,” Dominguez wrote. “Microsoft has already taken action and updated Hotmail to fix the said bug.”

The vulnerable code helped inject a character into a Hotmail filtering mechanism that changed the way it behaved. The result was a platform that ran arbitrary commands in a user’s Hotmail login session.

It’s unclear how many Hotmail users may have been affected by the exploits and whether Microsoft has adequately warned users they may have been compromised. Microsoft spokesman Bryan Nairn wouldn’t say how many subscribers were targeted or when the patch was put in place

Microsoft claims they have fixed the bug but that’s really all they are saying, they aren’t saying when the knew about the problem or when it was patched – just that right now it is fixed.

You can read the May 13th blog post by Trend Micro here:

Targeted Attack Exposes Risk of Checking Personal Email at Work

And their later, more detailed post here:

Trend Micro Researchers Identify Vulnerability in Hotmail

Source: The Register

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking

Topic: Exploits/Vulnerabilities, Privacy, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool

Keep on Guard!


Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware.

This is a stepping release since for the first time the Dynamic Analysis has been included for file creations (will be improved for other network/registry indicators sooner) along with process dumping feature.

Features

  • String based analysis for registry, API calls, IRC Commands, DLL’s called and VM Aware.
  • Display detailed headers of PE with all its section details, import and export symbols etc.
  • On Distro, can perform an ascii dump of the PE along with other options (check –help argument).
  • For Windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
  • ASCII dump on windows machine
  • Code Analysis (disassembling)
  • Online malware checking (http://www.virustotal.com)
  • Check for Packer from the Database.
  • Tracer functionality
  • Signature Creation: Allows to create signature of malware
  • CRC and Timestamp verification.
  • Entropy based scan to identify malicious sections.
  • Dump a process memory
  • Dynamic Analysis (Still in beginning stage) for file creations.

You can download Malware Analyser v3.0 here:

malware_analyser 3.0.zip

Or read more here.

Posted in: Countermeasures, Forensics, Malware, Secure Coding

Topic: Countermeasures, Forensics, Malware, Secure Coding


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.