A few weeks ago the anti-spam provider Spamhaus was hit by one of the biggest denial of service attacks ever seen, producing over 300 gbit in traffic.
The technique used to generate most of the traffic was DNS Amplification, a technique which doesn't require thousands of infected hosts, but exploits misconfigured DNS servers and a serious design flaw in DNS. We will discuss how this works, what it abuses and how Spamhaus was capable of mitigating the attack.
As mentioned in one of my previous posts, I'm busy with the SLAE32 course by SecurityTube. In module 1-9 Control Instructions we saw how the jump instructions work and how you can use them to make conditional and unconditional jumps. When disassembling the code and stepping through it with gdb, we notice that our jnz (jump not zero) instruction was replaced with jne (jump not equal). In this post I will explain what happened. We will also be looking at an alternative for jumps, namely loops.
So I'm doing the SLAE32 course by SecurityTube, it's quite interesting and in my honest opinion a very good bang for your buck. I normally don't make publicity, but I must say, for a 150 dollar course you get quite a lot in return. It even comes with the SecurityTube Gnu Debugger Expert to make sure you understand how the gdb works (since it's used a lot throughout the course). One of the assignments in the course was to discover how division and multiplication works. I was really interested in division as it poses some caveats to watch our for.
In this post we will be discussing the DNS protocol and how to tunnel traffic over DNS. DNS is a protocol which is considered relatively harmless as a result a lot of access points and firewalls allow DNS traffic without blinking once, this makes it ideal to use when you need to tunnel traffic. We will specifically be exploring a tool specifically made tunneling over DNS called 'iodine'.
The goal of this post is to demonstrate a simple Python script I wrote which uses Scapy to detect BSSIDs and SSIDs and use this in conjunction with Wireshark to resolve the SSID. It's relatively easy to detect hidden SSIDs and there are other tools that allow you to this as well like inSSIDer. However I wanted to try out Scapy and do a bit of DIY.
We are now logging in with level3 on blowfish.smashthestack.org. When we enter we see that we are in a restricted environment and have to try and break out. There aren't a lot of commands we can use, so I tabbed to see which were available and which might help us break out the shell.
So we are now at the second level of smashthestack.org Blowfish challenges. This second challenge learns us that we need to find a backdoor on the system. This automatically made me think of SUID bits, so I decided I would search for the holy grail (well the second flag actually) by finding all binaries using SUID bits.
This post will explain how the level 1 of Blowfish Smashtestack.org challenge is solved. So Do not read any further if you wan't to solve it yourself.
A few weeks ago, Kyle Rozendo asked a question on Security.stackexchange about Cracking PCI terminal using a trojan based on the card. It caught my attention, so I started digging a little deeper into this matter.
I've started with my bachelor's test and decided to have a look at Splunk. We are building our own cloud using openstack and I'm in charge of monitoring and securing all of our machines and instances. The problem these days is that a lot of apps come with their own webinterface. It's ok to have 3 or 4 or even maybe 5 interfaces, but imagine you have 20 or even 30 different webapplications, all with their own interface. This is where Splunk comes in.