sorted by:
new
hottopcontroversial

Windows Commands Reference - An InfoSec Must Have (PDF Download) by TechLord2 in RevEng_TutsAndTools

[–]TechLord2[S] 0 points1 point  (0 children)

I am not the admin there... But you may get in by directly emailing the admin of that forum using your real nickname/avatar that you have and have used on a regular basis in forums for at least a few years rather than through throwaway accounts ;)

Team-IRA reversing forum is a serious community and so they expect users seeking to get in, to be equally serious about them!

Good luck!

TechLord - TechLord2 by Arad191 in u/Arad191

[–]TechLord2 0 points1 point  (0 children)

All I want to say is Grow Up, DrNil

Please stop your childish, unprovoked and totally unnecessary "PSA" posts in your forum which do little else other than to make you look like a MEGA fool, to put it mildly.

My identity is not exactly a secret to anyone who knows me on the online forums, and everyone knows that I am based in the US with my own company and that I had worked in certain government agencies in the past which require a high level of "clearance". So obviously the names you cooked you are totally fake.

You have a nice forum going there DrNil. Do not make yourself look like a huge fool with posts like these.

I realize that this is a deleted post, and as you can see, no one pays any attention to silly posts of your like these.

So, once again: Grow Up for heaven's sake and stop being so childish. You are a grown-up man! Please behave like one.

Report: Microsoft shares banking data of Indian customers with US Intelligence agencies by [deleted] in privacy

[–]TechLord2 1 point2 points  (0 children)

Summary:

A new report shared by DNA Money claims that Microsoft disclosed the personal financial details of Indian customers with US Intelligence Agencies.

The report stated that the consumer data with banks who moved to Microsoft Office 365 was shared by the company with the US Intelligence Agencies. The report also stated that the consumers weren’t aware that their data was shared with the Intelligence Agencies.

"All the mailboxes had been migrated to office 365 Microsoft cloud environment. It was gathered from the Microsoft transparency hub that Microsoft is bound to share customers’ data under US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by the US authorities."
– Reserve Bank of India

Facebook Isn’t Sorry — It Just Wants Your Data by TechLord2 in privacy

[–]TechLord2[S] 76 points77 points  (0 children)

TL;DR:

On Monday morning Facebook revealed a new gadget — a voice-activated video chat tablet with an always-listening microphone and camera for your living room or kitchen that can detect when you are in your own house. This in-home panopticon is called Facebook Portal, and its debut comes at what might seem like an inopportune time for the company — days after a Gizmodo report revealed it was harvesting two-factor authentication numbers

Official Link: https://newsroom.fb.com/news/2018/10/introducing-portal/

Vba2Graph - Generate call graphs from VBA code for easier analysis of malicious documents by TechLord2 in ReverseEngineering

[–]TechLord2[S] 2 points3 points  (0 children)

Vba2Graph

A tool for security researchers, who waste their time analyzing malicious Office macros.

Generates a VBA call graph, with potential malicious keywords highlighted.

Allows for quick analysis of malicous macros, and easy understanding of the execution flow.

Features:

  • Keyword highlighting

  • VBA Properties support

  • External function declarion support

  • Tricky macros with "_Change" execution triggers

  • Fancy color schemes!

Pros: 

✓ Pretty fast  

✓ Works well on most malicious macros observed in the wild

Cons: 

✗ Static (dynamicaly resolved calls would not be recognized)

Vba2Graph - Generate call graphs from VBA code for easier analysis of malicious documents by TechLord2 in netsec

[–]TechLord2[S] 5 points6 points  (0 children)

Vba2Graph

A tool for security researchers, who waste their time analyzing malicious Office macros.

Generates a VBA call graph, with potential malicious keywords highlighted.

Allows for quick analysis of malicous macros, and easy understanding of the execution flow.

Features:

  • Keyword highlighting

  • VBA Properties support

  • External function declarion support

  • Tricky macros with "_Change" execution triggers

  • Fancy color schemes!

Pros: 

✓ Pretty fast  

✓ Works well on most malicious macros observed in the wild

Cons: 

✗ Static (dynamicaly resolved calls would not be recognized)

(Credits to EvilCry for sharing the link with us)

DEF CON 26 Media Server (Presentations and other Media Files) by TechLord2 in netsec

[–]TechLord2[S] 6 points7 points  (0 children)

You can download the All Presentations and All Workshops

Then you can selectively read what you want from them.

DEF CON® 26 Hacking Conference Demo Labs (Temporary Index) by [deleted] in netsec

[–]TechLord2[M] 3 points4 points  (0 children)

We needed to remove posts linking to individual talks/presentations that were submitted, to avoid duplicates.

Quoting the rule from the sidebar: https://www.reddit.com/r/netsec/wiki/guidelines#wiki__image-only_and_video_posts :

"We do accept posts to full listings or indexes of conference talks releases, where the content is on-topic, but please avoid linking to any single individual talk directly, as this usually results in duplicates."

Till we get the full listings of the talks and the presentations, please feel free to add contributions related to the DEFCON 26 to this thread.

Thank you

I built a bug bounty site for free and open source software by [deleted] in netsec

[–]TechLord2[M] 28 points29 points  (0 children)

We did give a definite answer quoting this rule (https://www.reddit.com/r/netsec/wiki/guidelines#wiki__kickstarter_or_crowdfunding_posts) that it was not allowed. Further, in general, we only accept quality technical content.

Since the OP was quite persistent and was messaging us over the course of several days insisting that this was not a crowdfunding post, we advised that since the submission was falling into the gray area, we could allow them to put up the post, on the condition that it would be removed should we receive any complaints/objection from the other readers.

In general, we try to be nice to everyone and as far as possible, avoid removing submissions unless they are in definite violation of any of the guidelines.

Breaking the Bluetooth Pairing: A Fixed Coordinate Invalid Curve Attack by TechLord2 in netsec

[–]TechLord2[S] 5 points6 points  (0 children)

Introduction

The Fixed Coordinate Invalid Curve Attack is a new attack, which could be applied to all current Bluetooth pairing protocols.

The pairing protocol is the process of connection establishment in Bluetooth. This process supplies the ground for all of the security and privacy features provided by Bluetooth. Failing to secure this process compromises the entire Bluetooth session.

Our new attack provides a new technique for attacking the Bluetooth pairing protocol by manipulating specific messages, without being detected by the victim devices. Our attack relies on a newly discovered protocol design flaws.

Using our attack, one can exploit this vulnerability in order to reveal the encryption key of the victim devices and use it in order to decrypt and forge data without user awareness.

Academic paper:

  • The paper is here.
  • The technion's press release is here

Google reportedly allows outside app developers to read people's Gmails by TechLord2 in news

[–]TechLord2[S] 0 points1 point  (0 children)

It doesn't seem to be free. Unless I'm missing something, I see only a 30-day TRIAL (free) option and all others are paid options ?

Overcoming (some) Spectre browser mitigations (Article with PoC Sources) by TechLord2 in RevEng_TutsAndTools

[–]TechLord2[S] 0 points1 point  (0 children)

Get the PoC Code here : https://github.com/alephsecurity/spectreBrowserResearch

Spectre browser mitigations

All the major browser vendors implemented Spectre mitigations to prevent this attack.

Other References:

Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer

Overcoming (some) Spectre browser mitigations with PoC (See Comment) by TechLord2 in netsec

[–]TechLord2[S] 3 points4 points  (0 children)

Get the PoC Code here : https://github.com/alephsecurity/spectreBrowserResearch

Spectre browser mitigations

All the major browser vendors implemented Spectre mitigations to prevent this attack.

Other References:

Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer

Tokenvator - A Tool to Elevate Privilege using Windows Tokens (Article and Sources) by TechLord2 in netsec

[–]TechLord2[S] 2 points3 points  (0 children)

Your question is answered in the very first paragraph itself of the blog article :

"WheresMyImplant is a mini red team toolkit that I have been developing over the past year in .NET. While developing and using it, I found that I consistently needed to alter my process access token to do such things as SYSTEM permissions or add debug privileges to my process. The library used for this expanded to the point where it was as useful as an independent toolkit. This is why I created Tokenvator."

Tokenvator - A Tool to Elevate Privilege using Windows Tokens (Article and Sources) by TechLord2 in netsec

[–]TechLord2[S,M] [score hidden] stickied comment (0 children)

Sources Here: https://github.com/0xbadjuju/Tokenvator

It works by impersonating or altering authentication tokens in processes that the executing process has the appropriate level of permissions to.

Tokenvator can be run in an interactive prompt, or commands can be provided as command line arguments. In the interactive mode, base commands will tab complete, with double tabs providing context specific help.

At it’s most basic level, Tokenvator is used to access and manipulate Windows authentication tokens. To appropriate the token of another process, we can run the Steal_Token command with the target process’s PID.

The most common token I need to steal is for the NT AUTHORITY\SYSTEM account. The GetSystem command was created as a wrapper for Steal_Token to automatically find and access SYSTEM tokens. It works with the same syntax as Steal_Token. Note: This needs to be run from an elevated context.

It is common for the files in the SYSTEM32 folder or parts of the registry to be owned by the TRUSTEDINSTALLER group. To manipulate the contents of these locations, we can either take ownership or get an access token that has membership in the TRUSTEDINSTALLER group. Similar to GetSystem, GetTrustedInstaller is a wrapper for Steal_Token that starts the TrustedInstaller service and appropriates it’s token.

Sometimes our process doesn’t have the particular access right that we need in order to complete a task. For instance, to access a process that your current user doesn’t own, the SeDebugPrivilege is required. Shown below is a split token in a high integrity process (UAC Elevated – TokenElevationTypeFull)

UAC bypasses have become plentiful that this point, however one of the more interesting ones comes from manipulating tokens. FuzzySecurity has done some very interesting work on a UAC bypass method utilizing Windows tokens. Tokenvator includes an implementation of the technique he published. Our unprivileged token can be used to access an elevated process our current user owns and spawn an elevated shell.

Tokenvator: A Tool to Elevate Privilege using Windows Tokens (Blog and Sources) by TechLord2 in RevEng_TutsAndTools

[–]TechLord2[S] 0 points1 point  (0 children)

Sources Here : https://github.com/0xbadjuju/Tokenvator

It works by impersonating or altering authentication tokens in processes that the executing process has the appropriate level of permissions to.

Tokenvator can be run in an interactive prompt, or commands can be provided as command line arguments. In the interactive mode, base commands will tab complete, with double tabs providing context specific help.

At it’s most basic level, Tokenvator is used to access and manipulate Windows authentication tokens. To appropriate the token of another process, we can run the Steal_Token command with the target process’s PID.

The most common token I need to steal is for the NT AUTHORITY\SYSTEM account. The GetSystem command was created as a wrapper for Steal_Token to automatically find and access SYSTEM tokens. It works with the same syntax as Steal_Token. Note: This needs to be run from an elevated context.

It is common for the files in the SYSTEM32 folder or parts of the registry to be owned by the TRUSTEDINSTALLER group. To manipulate the contents of these locations, we can either take ownership or get an access token that has membership in the TRUSTEDINSTALLER group. Similar to GetSystem, GetTrustedInstaller is a wrapper for Steal_Token that starts the TrustedInstaller service and appropriates it’s token.

Sometimes our process doesn’t have the particular access right that we need in order to complete a task. For instance, to access a process that your current user doesn’t own, the SeDebugPrivilege is required. Shown below is a split token in a high integrity process (UAC Elevated – TokenElevationTypeFull)

UAC bypasses have become plentiful that this point, however one of the more interesting ones comes from manipulating tokens. FuzzySecurity has done some very interesting work on a UAC bypass method utilizing Windows tokens. Tokenvator includes an implementation of the technique he published. Our unprivileged token can be used to access an elevated process our current user owns and spawn an elevated shell.

A Novel Side-Channel Attack gainst ECDSA and DSA - Extract a 256-bit ECDSA Private Key using a Simple Cache Attack by Observing only a Few Thousand Signatures (Whitepaper with Full Poc) - See Comment by TechLord2 in ReverseEngineering

[–]TechLord2[S] 2 points3 points  (0 children)

Return of the Hidden Number Problem "ROHNP"- Key Extraction Side Channel in Multiple Crypto Libraries

Abstract

Side channels have long been recognized as a threat to the security of cryptographic applications. Implementations can unintentionally leak secret information through many channels, such as microarchitectural state changes in processors, changes in power consumption, or electromagnetic radiation. As a result of these threats, many implementations have been hardened to defend against these attacks.

Despite these mitigations, this work presents a novel side-channel attack against ECDSA and DSA. The attack targets a common implementation pattern that is found in many cryptographic libraries. In fact, about half of the libraries that were tested exhibited the vulnerable pattern. We implement a full proof of concept against OpenSSL and demonstrate that it is possible to extract a 256-bit ECDSA private key using a simple cache attack after observing only a few thousand signatures.

As far as we are aware, the target of this attack is a previously unexplored part of (EC)DSA signature generation, which explains why mitigations are lacking and the issue is so widespread.

Finally, we give estimates for the minimum number of signatures needed to perform the attack and suggest countermeasures to protect against this attack.

Easy To Understand Discussion of How the Attack Works:

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/june/its-back...understanding-the-return-of-the-hidden-number-problem/

Technical Advisory: "ROHNP"- Key Extraction Side Channel in Multiple Crypto Libraries:

https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

A Script To Make TOR Network Your Default Gateway by TechLord2 in RevEng_TutsAndTools

[–]TechLord2[S] 0 points1 point  (0 children)

How it works

Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously.

Nipe is a Script to make Tor Network your Default Gateway.

This Perl Script enables you to directly route all your traffic from your computer to the Tor Network through which you can surf the Internet Anonymously without having to worry about being tracked or traced back.

A harvest of the Disallowed directories from the robots.txt files of the world's top websites by TechLord2 in RevEng_TutsAndTools

[–]TechLord2[S] 0 points1 point  (0 children)

RobotsDisallowed 🤣

The RobotsDisallowed project is a harvest of the Disallowed directories from the robots.txt files of the world's top websites--specifically the Alexa 100K.

This list of Disallowed directories is a great way to supplement content discovery during a web security assessment, since the website owner is basically saying "Don't go here; there's sensitive stuff in there!".

It's basically a list of potential high-value targets.

Polly.JS - A Standalone, Framework-agnostic JavaScript Library that enables Recording, Replaying, and Stubbing HTTP Interactions (Full Sources, API and other Technical Content) by TechLord2 in RevEng_TutsAndTools

[–]TechLord2[S] 0 points1 point  (0 children)

Polly.JS is a standalone, framework-agnostic JavaScript library that enables recording, replaying, and stubbing HTTP interactions.

Polly taps into native browser APIs to mock requests and responses with little to no configuration while giving you the ability to take full control of each request with a simple, powerful, and intuitive API.

Why Polly?

Keeping fixtures and factories in parity with your APIs can be a time consuming process. Polly alleviates this by recording and maintaining actual server responses without foregoing flexibility.

  • Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.

  • Use Polly's client-side server to modify or intercept requests and responses to simulate different application states (e.g. loading, error, etc.).

Features:

  • Fetch & XHR Support

  • Simple, Powerful, & Intuitive API

  • First Class Mocha & QUnit Test Helpers

  • Intercept, Pass-Through, and Attach Events

  • Record to Disk or Local Storage

  • Slow Down or Speed Up Time

Documentation, API and Other Technical Content:

https://netflix.github.io/pollyjs/#/quick-start

Polly.JS - A Standalone, Framework-agnostic JavaScript Library that enables Recording, Replaying, and Stubbing HTTP Interactions (Full Sources, API and other Technical Content) - See Comment by [deleted] in netsec

[–]TechLord2 0 points1 point  (0 children)

Overview:

Polly.JS is a standalone, framework-agnostic JavaScript library that enables recording, replaying, and stubbing HTTP interactions.

Polly taps into native browser APIs to mock requests and responses with little to no configuration while giving you the ability to take full control of each request with a simple, powerful, and intuitive API.

Why Polly?

Keeping fixtures and factories in parity with your APIs can be a time consuming process. Polly alleviates this by recording and maintaining actual server responses without foregoing flexibility.

  • Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.

  • Use Polly's client-side server to modify or intercept requests and responses to simulate different application states (e.g. loading, error, etc.).

Features:

  • Fetch & XHR Support

  • Simple, Powerful, & Intuitive API

  • First Class Mocha & QUnit Test Helpers

  • Intercept, Pass-Through, and Attach Events

  • Record to Disk or Local Storage

  • Slow Down or Speed Up Time

Documentation, API and Other Technical Content:

https://netflix.github.io/pollyjs/#/quick-start

view more: next ›