Cognitive and Scientific Brainology

Security - consulting,assessment,research,solutions,penetration tests.
Face - detect,track,recognize,extract features,learn emotions,character animation.

Categories: Hack, Cookies, Sessions, SQL Injection, XSS

ADS-B research was worth it - ICAO to create Cyber Security Task Force (CSTF)!

10/21/12 | by zveriu | Categories: Hack, Hack, Conference

ADS-B research was worth it!

ICAO to create Cyber Security Task Force (CSTF) - Our research is mentioned as key points!

Download/view here

Thanks to Aimee Turner for notifying us.

Errata: In the above PDF, it is wrongly mentioned “Dr. Andrei Costin” - wish I . It’s still a long way, until than it should read “PhD candidate”

Harvesting and Collecting Voice Conference Bridges, Passwords, Pins, Access, Codes

06/27/12 | by zveriu | Categories: Software, Hack, Security, Conference

Harvesting and Collecting Voice Conference Bridges, Passwords, Pins, Access, Codes

Sadly, BlackHat 2012 US and DefCon20 refused this short/fast/lightning talk.

Here are the slides for “Harvesting and Collecting Voice Conference Bridges, Passwords, Pins, Access, Codes”.

Here is the CFP submission:

Code:

----------------------------------
Detailed Outline
----------------------------------
 
In this talk, I will try to present:
- what are voice bridges (though, I bet everyone used voice conferencing at least once in their lifetime)
- various pieces and techniques of the voice bridges harvesting and processing puzzle
- what are the possible tools and how to make use of various tools at hand
- various ideas on how to (partially) automate all of this for a fast, semi-automated and distributed intelligence gathering
 
I will try to summarize with a few hints which can perhaps make life more secure
 
----------------------------------
Abstract
----------------------------------
 
Voice conferencing is a core platform making enterprises more efficient and driving them forward.
Voice conferencing is usually outsource to 3rd party providers and can be implemented/managed in-house.
 
No matter how it's being implemented, the security of the data exchanged over the conference lines represents a concern for the enterprises. This is why security PINs are being used.
 
However, the importance of these security details (like conference ID and conference PIN) is not very well understood and this is one can find these kind of details floating around - on the web, in details of shared/open calendars of Exchange/AD, etc.

Enjoy!

Securely yours,
Andrei

Intelligence gathering by harvesting voice conference details and tapping into calls

02/15/12 | by zveriu | Categories: Fun, Hack, Conference, CanSecWest

Surprisingly, I have submited on 21 Nov 2011 a lightning talk proposal for CanSecWest12 titled “Intelligence gathering by harvesting voice conference details and tapping into calls”.

[ACSA-2012-04] HP JetDirect Download Manager for Windows suspicious "backdoor" functionality

01/14/12 | by zveriu | Categories: Software, Hack, Security, ACSA

[ACSA-2012-04] HP JetDirect Download Manager for Windows suspicious “backdoor” functionality

Jumping ahead, Secunia confirmed that from their point of view the “HP JetDirect Download Manager” is not backdoored/infected. Nevertheless, I’m posting the details for the interested ones.

My suspicions lied within this functionality:

Code:

"Model found in backdoor file!"
"FirmwareFileManager::ReadFirmwareBackDoorFile"
"FirmwareFileManager::ReadBackDoorfile"

...on Google Hall of Fame...

01/09/12 | by zveriu | Categories: Hack, Security

Have open my New Year with myself closing Google Hall of Fame October-December 2011 (I guess it was the last entry of 2011, since I submitted during last days of December)

More details about why I ended up there will follow, hopefully at one of the next conference talks.

Stay tuned. Stay secure.

9 comments •

:: Next Page >>

HIRE! - My Resume

Contact

Upcoming talks

PHDays
Hack In Paris
BlackHat USA