ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop

By Alexander Bolshev, Gleb Cherbov

ICSCorsair is an open hardware tool for auditing low-level ICS protocols. It can communicate with various systems using HART FSK and P8CSK, Foundation Fieldbus H1, Profibus, and Modbus protocols. You can control ICSCorsair via USB cable or remotely over WiFi, Bluetooth, or other wireless connection. Different software will be presented to work with ICSCorsair: Metasploit modules, apps for iOS, and Android, etc. In this talk, it will be shown how to trigger such vulnerabilities as XXE, DoS, XSS, and others in SCADA, PAS, ERP, and MES systems using only ICSCorsair and the opportunity to connect to low-level ICS protocol line.

» Read more

Penetration Testing for iPhone Applications- Part 2

By Satish B.

In the first part of this article, we discussed the iPhone application traffic analysis. In this part, we will take a look at the privacy issues and the application local data storage. Privacy issues Every iPhone has an associated unique device Identifier derived from a set of hardware attributes called UDID. UDID is burned into the device and one cannot remove or change it. However, it can be spoofed with the help of tools like UDID Faker. UDID of the latest iPhone is computed with the formula given below – UDID = SHA1(Serial Number + ECID + LOWERCASE (WiFi Address) + LOWERCASE(Bluetooth Address)) UDID is exposed to application developers through an API which would allow them to access the UDID of an iPhone without requiring the device owner’s permission. The code snippet shown below is used to collect the UDID of a device, later which can used to track the user’s behavior

» Read more

Ghost Push Trojan still a major threat two years later

By Derek Kortepeter

Early last year, a Trojan virus by the name of Ghost Push infected 900,000 Android devices. Researchers at Google and elsewhere discovered that the Trojan was able to evade security measures on Google Play and third party sites. After the defenses were bolstered at these app stores, Ghost Push coders developed different offshoots of the Trojan. Now it appears that the virus is affecting Android users in catastrophic numbers once again. In a report published by Cheetah Mobile Security, researchers have identified the most recent infection pathways affecting Android devices. Pornographic links, malicious ad links (in apps and browsers), and apps themselves appear to be the most prevalent infection vectors. In particular, Cheetah Mobile found that two Android applications, Wireless Optimizer and WiFi Master Pro, not only carried Ghost Push but used the Trojan to gain root access.

» Read more

pWeb Suite – A Set of Web Pentesting Tools

By Jay Turla
pWeb Suite (formerly known as pCrack Suite) is a set of Perl-based penetration testing tools primarily focused on web application security and vulnerability testing. This tool is brought to you by Douglas Berdeaux, a.k.a Trevelyn, who is the founder of Weaknet Laboratories and the lead developer of known open source security projects and tools like WEAKERTHAN Linux (a penetration testing distro aimed for wireless penetration testing and web application security), Warcarrier OS (Live DVD for WiFi, GPS, Bluetooth, and Radio hacking), WiFiCake-NG, WardriveSQL, GPS-Parser-ng, WPA Phishing Attack for EAP Phishing, SSWR (Scripted Security for Wireless Routers), Catchme-NG, Perlwd (Perl UNiX MD5 HASH Cracking application), and many more.

» Read more

QR Code: USSD attack

By Bhavesh Naik

The QR code or Quick Response code was originally designed for industrial applications, and has quickly gained popularity in the advertising industry. With the huge popularity and sales in smartphone and tablets every year, these QR codes are beloved by marketers. What a typical QR contains A QR code can contain an electronic version of the contact information. A QR code can contain event information. Scan the code on a poster and the app automatically adds its name and location to the agenda on your smartphone. A QR code can contain WIFI configuration data. In my previous article: http://resources.infosecinstitute.com/what-is-behind-that-qr-code/ , I mentioned how attackers depend on human curiosity and the innate obfuscation of the QR codes to craft an attack. Various protocols invoking service set commands on the mobile devices are misused by exploiting vulnerabilities on mobile platform. QR codes are used as an attack vector to harm mobile users.

» Read more

Crunch Password list generation in Kali Linux

In this tutorial we will be using the Crunch Password list generation tool in Kali Linux. Crunch is an easy to use tool for generating a custom made password list used for brute force password cracking. Crunch comes as a standard tool in Kali Linux. This tutorial shows you how easy it is to generate a password list containing all combinations of 4 letters, 5 letters and a password list containing 5 letters followed by a year. You can also use Crunch to generate password lists based on default router passwords as demonstrated in a few other tutorials. UPC Broadband routers use 8 capital letters as default password for Wifi and TP Link routers use the 8 digit default WPS PIN. Both can be easily generated with Crunch.

» Read more

Bypass MAC filtering on wireless networks

In this tutorial we will be looking at how to bypass MAC filtering on a wireless network. MAC filtering, or MAC white- or blacklisting, is often used as a security measure to prevent non whitelisted MAC addresses from connecting to the wireless network. MAC Address stands for media access control address and is a unique identifier assigned to your network interface. With MAC filtering you can specify MAC addresses which are allowed or not allowed to connect to the network. For many occasions this might be sufficient as a security measure which makes it a little harder to use the network when the password is known. As a security measure to protect company networks and data or to prevent networks from being hacked over WiFi, MAC filtering is pretty useless and easy to bypass which we’re about to show you in this hacking tutorial.

» Read more

It Just (Net)Works: The Truth About iOS 7’s Multipeer Connectivity Framework

By Alban Diquet

With the release of iOS 7, Apple has quietly introduced a nifty feature called Multipeer Connectivity. While the Multipeer Connectivity Framework brings the promise of peer-to-peer and mesh networking apps significantly closer to reality, little is known regarding how it actually works behind the scenes and what the risks are for applications leveraging this functionality. This talk will first present an analysis of what happens at the network level when two devices start communicating with each other over WiFi, including a description of the protocols and encryption algorithms used. From this analysis, we’ll derive a security model for Multipeer Connectivity and describe the threats and underlying assumptions that developers should be aware of when building applications.

» Read more

The Lack of WiFi security (Part 2)

By Don Parker

In the first part of this article series we looked at some of the tools that exist today which will allow you to discover wireless access points (WAP). Wireless networks have become very popular over the past few years for not only business, but also the home market. In all likelihood your neighbors are probably running a wireless router for their home computer network even though it is not using a wireless card. People are often talked into getting wireless routers, even though they don’t need them, by salespeople at electronics stores. These very same people are sadly the ones who are also running an unprotected WAP.

» Read more

Net Neutrality, Rest in Peace

By James Mosier

No one would argue that the Internet has become an instrumental part of society. With broadband access in a large percentage of homes, WiFi freely available in many places of business, and smart phones connected via mobile service providers, our access to the information portal has become nearly an always-on experience. We have all benefited greatly from shopping, settling an argument, listening to music or watching a video and get great joy in being the first to share a particular piece of content with our friends

» Read more

1 2 3 4 6