Clik here to view.
NSA, digital walls and a few good men.
It has long been known that the NSA and some similar organizations have suirvellance systems deployed to ensure the safety and protection of us all from evil. However, the NSA always preferred to keep...
View ArticleClik here to view.
Vulscan 1.0
Recently, Marc Ruef @mruef (Computec.ch) has released a new enhanced version of Vulscan, a Nmap script that he already presented in 2010, with basic Vulnerability Scanner capabilities. Vulscan on the...
View ArticleClik here to view.
Uncle Sam
Snowden, PRISM, NSA… words, or buzzwords, that we’re used to listen in the media, specially during the last months. You know: when talking about technology, spying -of course, using “cyber” prefix- and...
View ArticleClik here to view.
Introduction to identification methods
Many things have changed in the Internet security in the last 10 years. Others have remained, however, with no change at all, like user identification by means of alphanumerical passwords. Nowadays,...
View ArticleClik here to view.
YARA 101
What is YARA? When speaking about malware detection, there are mainly three ways of determining if a file is malicious: signatures, heuristics and string signatures. The most widespread in the...
View ArticleClik here to view.
#badBIOS
Two days ago, I had an e-mail in my inbox with this link. It seemed to be something serious, especially coming from Dragos Ruiu (@dragosr), the creator of the pwn2own contest, as he doesn’t need this...
View ArticleClik here to view.
Plaintext passwords with Procdump and Mimikatz Alpha
In this post I would like to talk about a technique that I read this summer and had not been able to practice until recently in a penetration test. The technique involves obtaining passwords in clear...
View ArticleClik here to view.
Snort’s Reputation Preprocessor
Snort’s reputation preprocessor is not something new; in fact, it appeared in August 2011 in version 2.9.1. Up to that moment, the only way to manage blacklists was to create a rule with the list of IP...
View ArticleClik here to view.
Reversing challenge
Today’s post is a challenge for reverse engineering lovers. To play, download this binary. It’s a Windows 32-bit PE executable containing a serial number validation algorithm: Serial numbers are 16...
View ArticleClik here to view.
Metadata: spanking clean
In the wake of all the uproar that there are these days around the metadata in Spain, I have been reviewing various tools of PDF metadata deletion. In principle, the tools analyzed work on GNU/Linux...
View ArticleClik here to view.
Web reputation checking in incident handling
Sometimes when we have an incident, it involves too many domains to check them by hand. In order to deal with them and discriminate as a first instance, I’ve developed a small script that checks the...
View ArticleClik here to view.
Targeted Attack Analysis – Mirage
Between the 25th and the 27th of November, some public institutions in Europe were affected by a wave of targeted attacks (TAs). These attacks, which were made through e-mail, were very interesting:...
View ArticleClik here to view.
New challenge: mail captured.
After some time without any challenge, we come back with a new case where we should put in practice some techniques that could be used to get hidden information from apparently “normal” files . In this...
View ArticleClik here to view.
Solution to the challenge
A few days ago, we had a new challenge where we should find out what techniques or tips were being used lastly to install malware. To get this information, we only had a compressed file that had been...
View ArticleClik here to view.
Increasement of RFI attacks using Google
(Please note this post was originally published past 10th January in the Spanish version of SAW but we find it relevant —and couldn’t find time to translate until now— ;) Lately, we are detecting a...
View ArticleClik here to view.
Read htaccess file through Blind SQL injection
This time I would like to talk about a challenge I solved lastly and I found quite interesting. In that case, we should access to the private zone (protected with htaccess) of a website that we found...
View ArticleClik here to view.
Avoiding Dionaea service identification
(Please note this post has been translated, so some strings may appear in Spanish, mainly services names) In previous posts we have already talked about Dionaea (Spanish), a low-interaction honeypot...
View ArticleClik here to view.
Hunting traditional vulnerabilities on ICS systems
Several months ago (october 2013, if I recall correctly), I found some vulnerabilities on an HMI from OMRON. I wrote a post in Spanish describing the almost endless process we went thru from the...
View ArticleClik here to view.
MUSES: Our best corporate security wishes
In line with a recent Security Art Work post, it is quite easy to come to the conclusion that corporate security makes no sense without user awareness and policy fostering. Corporate security policies,...
View ArticleClik here to view.
The attack of the mutant coffee machines
The other day, a friend told me that he was at work, having a coffee; one of those from the machine that are now standard in most companies, you know, a Nespresso. When he pushed the button something...
View Article