Cognitive and Scientific Brainology

ADS-B research was worth it - ICAO to create Cyber Security Task Force (CSTF)!

ADS-B research was worth it!

ICAO to create Cyber Security Task Force (CSTF) - Our research is mentioned as key points!

Thanks to Aimee Turner for notifying us.

Errata: In the above PDF, it is wrongly mentioned “Dr. Andrei Costin” - wish I . It’s still a long way, until than it should read “PhD candidate”

AthCon3 2012 Day2, Track1, 18:00-18:50 "Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"

Download here.

Code:

	`athcon.org`
	`Athens, 3-4 May, 2012`
	`Day2, Track1, 18:00-18:50`
	`"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements",`
	`Michele Orru`

	`"Advances in BeEF: RESTful API, WebSockets, XssRays enhancements"`

	`BeEF`

	`Demo Using the BeEF restuful api`
	`1. beef programatically accessing metasploit`
	`2. injects beef into some victim browser`
	`3. inject an applet, then use the javascript to java communication to ge tthe hava version based on the hdk`
	`4. then in meterpreter sysinfo to get the system info`
	`5. then inject the "execute calc.exe" in the victim's machien thru the injjected java applet`

	`New additions`
	`ajax calls posioning (xml request object is overriding)`
	`the module can have the target+_blank not to lose the victim`
	`getting the Persistence (history) from the civtim vrowsaer`

	`New feature (in a testing branch - to be added soon)`
	`websocket support`
	`currently beef uses XHR, but for speed needs websocket`

	`XHR in beef`
	`pro - works everywhere (ie, chrome)`
	`cons - (TODO)`

	`if beef.browser.hasWebSocket(), don't use XHR pollin, open a websocket channel`
	`support: firefox, chrome, safari, also mozwebsocket`
	`https://github.com/radoen/beef-radoen - the experimental phase`

	`Possibilities with WS`
	`real time VNC like hooked browser control`
	`faster tunneling proxy (fuzzin thru the hooked browser 4-5 times faster)`
	`general faster communication`


	`Demo - BeEF with WS`
	`launch 1000 XHR-polling vs WS-based request`

	`XssRays`
	`originally as pure JS-based XSS scanner, then integarted in beef`

	`xssrays operation`
	`a page with links/forms which do get/post request intra or cross domain`
	`it adds the hidden iframe for each of the requests`
	`if the iframe is loading, then the resource was XSS-vulnerable`
	`it also works CROSS-DOMAINS (respecting the SOP!)`

Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation

Downloads

Timelines

Jun-2011 - Jul-2011 - Initial interest and research started
Jul-2011 - Feb-2012 - Some low-pace experiments, study of specifications, experiments, additional hardware acquisition
Feb-2012 - Mar-2012 - Revived interest
Mar-2012 - May-2012 - Development and preparation for BlackHat 2012 application
May-2012 - Application for BlackHat 2012 application
07-Jul-2012 - Whitepaper and slides limited access available to BlackHat 2012 organizers only
23-Jul-2012 - Whitepaper and slides public access available to all

Demo Ghost is in the Air(Traffic) - BlackHat 2012 - Airplane replay, fake airplane spoofing/impersonation

[...] Read more!

[ACSA-2012-16] - Microsoft Office CGM Images Memory Corruption CVE-2012-2524 Remote Code Execution Vulnerability

HIP2012 - Overview

Hack in Paris 2012 and Nuid du Hack 2012 are over - these were quite some nice days !

I would like to first thank the organizers, Sysdream and all the crews, for these two great events.

Hack In Paris is a all-in-all fun event, with great audience and smooth organization!

Nuid de Hack, on the over hand is a crazy gathering of enormous number of people under one roof (literally) and where you have the opportunity to meet from fiercful hard core hackers to pretty creative and constructive robot/cnc-mill makers who will share their great ideas and experience as part of the multitude of workshops taking place during the entire night!

[...] Read more!