malware 썸네일형 리스트형 Why Google is Hurrying the Web to Kill SHA-1 Most of the secure web is using an insecure algorithm, and Google's just declared it to be a slow-motion emergency.Something like 90% of websites that use SSL encryption — — use an algorithm called SHA-1 to protect themselves from being impersonated. This guarantees that when you go to , you're visiting the real Facebook and not giving your password to an attacker.Unfortunately, SHA-1 is dangero.. 더보기 Identifying Firewalls from the Outside-In. Or, "There's Gold in them thar UDP ports!" In a penetration test, often the key to bypassing a security control is as simple as knowing identifying the platform it's implemented on. In other words, it's a lot easier to get past something if you know what it is. For instance, quite often you'll be probing a set of perimeter addresses, and if there are no vulnerable hosts NAT-ed out for you, you might start feeling like you're at a dead en.. 더보기 Demasking Google Users With a Timing Attack I believe strongly in the responsible disclosure of security issues, having participated in Google’s responsible disclosure program in the past and helping to run a similar disclosure program at Mavenlink.The issues discussed in this post were responsibly disclosed to Google Security. Google triaged the issues, talked to the involved teams, and declined the opportunity to fix. They gave me writt.. 더보기 Analysis of Chinese MITM on Google The Chinese are running a MITM attack on SSL encrypted traffic between Chinese universities and Google. We've performed technical analysis of the attack, on request from GreatFire.org, and can confirm that it is a real SSL MITM against www.google.com and that it is being performed from within China.We were contacted by GreatFire.org yesterday (September 3) with a request to analyze two packet ca.. 더보기 How Asprox Malware Became an APT in 4 Phases Analysis SummaryAsprox has four distinct development phases, most recently taking on APT-style obfuscation techniques.Asprox diversified its TTPS, utilizing new languages and attachment filenames relevant to the viewer’s location.Asprox briefly shared C&C servers with massive botnet Conficker.Asprox is the malware used in a long campaign of phishing and drive-by downloads that has recently taken.. 더보기 One More Day of Trolling in POS Memory Further to the recent story on Memory Trolling for PCI data, I was able to spend one more day fishing in memory, I dug a bit deeper and come up with more fun Credit Card / Memory goodness with our friend the Point of Sale application.First of all, just searching for credit card numbers returns a lot of duplicates, as indicated in yesterday's story. In the station and POS application I was workin.. 더보기 A Study in Bots: Backoff Point of Sales (POS) malware has become something of a hot topic over the past 12 months, the most notable being the Target breach that disclosed up to 110 Million records. And it doesn't stop there. On August 22nd, 2014, DHS reported that over 1,000 businesses were compromised by a previously unknown malware known as "Backoff".What is BackoffBackoff is POS malware developed for Windows, as this.. 더보기 Trolling Memory for Credit Cards in POS / PCI Environments In a recent penetration test, I was able to parlay a network oversight into access to a point of sale terminal. Given the discussions these days, the next step for me was an obvious one - memory analysis.My first step was to drive to the store I had compromised and purchase an item.I'm not a memory analysis guru, but the memory capture and analysis was surprisingly easy. First, dump memory: dump.. 더보기 In Adobe’s August 2014 Flash Player security update, we see: These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545). I reported the latter four of these. I’d like to thank Adobe for fixing them so quickly -- about 30 days between report and broad availability of a patch. That’s well within Project Zero’s 90-day deadline on bu.. 더보기 RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc. Turns out Guillaume K. Ross also had related discoveries. Check his presentation here: http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/pg10-ios-url-schemes-omg-guillaume-k-ross Follow him: @gepeto42IntroNormal people spend their nights watching movies, reading articles, socializing or (yes, I know it's odd) sleeping.I spend my nights reading RFCs and pentesting various applications/.. 더보기 이전 1 ··· 46 47 48 49 50 51 52 ··· 57 다음