Cognitive and Scientific Brainology

Security - consulting,assessment,research,solutions,penetration tests.
Face - detect,track,recognize,extract features,learn emotions,character animation.





Archives for: September 2012

AthCon3 2012 Day2, Track1, 18:00-18:50 "Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"

09/19/12 | by zveriu | Categories: Conference, AthCon, Write-up

Download here.

Code:

athcon.org
Athens, 3-4 May, 2012
Day2, Track1, 18:00-18:50
"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements",
Michele Orru
 
"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"
 
BeEF
 
Demo Using the BeEF restuful api
1. beef programatically accessing metasploit
2. injects beef into some victim browser
3. inject an applet, then use the javascript to java communication to ge tthe hava version based on the hdk
4. then in meterpreter sysinfo to get the system info
5. then inject the "execute calc.exe" in the victim's machien thru the injjected java applet
 
New additions
    ajax calls posioning (xml request object is overriding)
    the module can have the target+_blank not to lose the victim
    getting the Persistence (history) from the civtim vrowsaer
 
New feature (in a testing branch - to be added soon)
    websocket support
    currently beef uses XHR, but for speed needs websocket
 
XHR in beef
pro - works everywhere (ie, chrome)
cons - (TODO)
 
if beef.browser.hasWebSocket(), don't use XHR pollin, open a websocket channel
support: firefox, chrome, safari, also mozwebsocket
https://github.com/radoen/beef-radoen - the experimental phase
 
Possibilities with WS
    real time VNC like hooked browser control
    faster tunneling proxy (fuzzin thru the hooked browser 4-5 times faster)
    general faster communication
 
 
Demo - BeEF with WS
    launch 1000 XHR-polling vs WS-based request
 
XssRays
    originally as pure JS-based XSS scanner, then integarted in beef
 
xssrays operation
    a page with links/forms which do get/post request intra or cross domain
    it adds the hidden iframe for each of the requests
    if the iframe is loading, then the resource was XSS-vulnerable
    it also works CROSS-DOMAINS (respecting the SOP!)
Leave a commentPermalink

Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation

09/05/12 | by zveriu | Categories: Conference

Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation

Downloads

Timelines

  • Jun-2011 - Jul-2011 - Initial interest and research started
  • Jul-2011 - Feb-2012 - Some low-pace experiments, study of specifications, experiments, additional hardware acquisition
  • Feb-2012 - Mar-2012 - Revived interest
  • Mar-2012 - May-2012 - Development and preparation for BlackHat 2012 application
  • May-2012 - Application for BlackHat 2012 application
  • 07-Jul-2012 - Whitepaper and slides limited access available to BlackHat 2012 organizers only
  • 23-Jul-2012 - Whitepaper and slides public access available to all

Demo Ghost is in the Air(Traffic) - BlackHat 2012 - Airplane replay, fake airplane spoofing/impersonation

Read more! »

Leave a commentPermalink

HIRE! - My Resume


Contact

Upcoming talks


PHDays
Hack In Paris
BlackHat USA

Ads

Cognitive and Scientific Brainology

A deep dive into brain's curiosities

September 2012
Sun Mon Tue Wed Thu Fri Sat
 << < Current> >>
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Friends

Categories

Archives

Misc

XML Feeds

What is RSS?

powered by b2evolution free blog software