In our company we constantly conduct different researches (list), selecting a subject, interesting to us, and as — representing a result to PDF public with results.
This article article just from discharge of such researches. Carrying out works on the analysis of security we give usually very similar (the general for all) advice which follows a little, some best practices which or just raise the overall level of security of system (for example — application of CSP), or really allow to prevent attack.
It is known that the security level of system is defined by reliability of its most loose knot. On the practician, the ambassador of carrying out the analysis of security, based on the list of the found vulnerabilities, one gap or the whole chain is selected and the most problem link is defined. At once it is possible to tell that often correctly customized system can level risks of the existing vulnerability. During research we found out what potential vectors of attacks can be available to malefactors. For example, whether it is easy to steal session data of the user with vulnerability of a mezhsaytovy skripting. Also it was interesting to us to look, how simply to implement a phishing attack at users of bank. Having passed on these points and having conditionally put down "ticks", the malefactor can build vectors of further attacks to bank and its users.
1 year, 9 months ago
Passed three days since the researcher of Parvez Anwar published information on multiple dll hijacking vulnerabilities in products of Microsoft Office, and any reaction is not observed. Neither CVE, nor messages on specialized resources, Windows Update does not swing fresh patches. Well, can, and it is necessary, maybe, it is not an uyavimost, but feature of a product? Meanwhile, operation of this feature is simple and available even to the child. And, if the vendor did not delete this "feature" so far why not to write about it small article.
It will be a question of Windows 7. Whether it works at other versions — I do not know at the moment, it is necessary to check. The operation principle of the described phenomenon (as well as many others, however) is based on the old kind COM/OLE/ActiveX technology.
This post is the answer to the recent publication on a resource Habrakhabr from the Russian representative office of Cisco.
The author – that "unripe" and "beginning" researcher from the Digital Security company mentioned in article of the representative of Cisco.
Strange, the representative office of so known company dares to use so low syllable in the official blog, and also gives comments, based on surface outputs, but not on technical details. Let's look what it was made by our research center and with what could not or specialists of Cisco did not want to understand.
1 year, 10 months ago
I decided to write article about automobile safety after news that a series of Chrysler cars was recalled because of vulnerability in the software. For various reasons it became dusty in a half-baked status since summer, and here at last I found time between trips it to add and to publish. No, did not guess, it will not be article about vulnerabilities in microcontrollers, about it is written as it is so many that will be enough for the whole book. I want to consider a problem on the other hand.
Of course, you heard about two hackers who intercepted control of the jeep, wrote everything about it. I wanted to dig more deeply and to assume that not this, but other similar problems can be not accidental, and the planned result of attack. That is, theoretically, attacking can implement intentionally vulnerability in products. Though so far it reminds the scenario of a new series of Mr. Robot more, but the scandal connected with other large carmaker, Volkswagen shows that similar attack can quite be turned also in reality (OK, if not now, then already in the near future).
Before start of the ZeroNights 2015 conference there are 2 weeks
Friends, here we also approached a home straight. To an our meeting there were only two weeks! The program of conference is completely created, the final schedule of two days is posted on our website, you can get acquainted with it here: 2015.zeronights.ru/assets/files/ZNagenda2015.pdf. And we briefly will describe those performances about which did not tell you yet before that you knew what to wait from the forthcoming event for. So, one after another.
Traditionally, in the fifth anniversary time, we hold conference on practical information security (will take place on November 25-26 in Moscow, 2015.zeronights.ru).
And also traditionally we will see off before it hakkvest, suggesting everyone to work out the tasks connected with reverse engineering'om, web hacking, pentest, the analysis of protocols, etc. things.
Probably, many in Russia have already missed the good, hardkorny hacker atmosphere and reports. To reports to which it is not simply interesting to listen, but also it is useful both for protection, and for attack. But do not long: On November 25-26 in Moscow for the fifth time the ZeroNights conference will take place ;) The part of the program is already known, and we are glad to provide you it. So welcome under kat.
1 year, 12 months ago
My name is Dmitry Chastukhin, and I already long time am engaged in information security of different software solutions for Enterprise. Generally it, of course, various products of the SAP company (it is possible to read my previous posts on this subject here, here or here).
Today we will glance under SAP Afaria "cowl" – MDM solutions from the famous German software giant. Settle more conveniently and lean back on chair back (please, be accurater if you sit on chair).
2 years ago
I would like to tell results of the small research connected with the TACACS+ protocol and from the pentestersky point of view today. To use the protocol on direct it was not necessary to me so I can not mention some subtleties.
What is TACACS+
Terminal Access Controller Access-Control System Plus (TACACS+) — the special protocol from Cisco for AAA (authentication, authorization, and accounting). That is it is the protocol for centralized control by access – most often access to Cisco, but it is possible to fasten something else.
So, one-two servers with TACACS+ service on the 49th port of the TCP protocol usually rise, and on all devices configure its use. Thus, when the user wants to be authenticated on switch, router or other device, the device sends its authentication data on TACACS+ the server where they are checked, and the decision on address enable about what it is reported in response packets is made
It is convenient, centralized. It is possible to configure different privileges for different users on different devices. There is logging of access and actions on server side. It is possible to fasten atop other centralization of access, the AD or LDAP'a type. There is open source of implementation of the server (Cisco has once officially laid out code).