From August 16 to September 27, FireEye’s FLARE team ran the Flare-On challenge for the 6th straight year (see announcement, here). This CTF-style challenge is comprised of 12 reverse-engineering tasks for different architectures. Like the past years, it was a great event with so much new things learned.
TL;DR: I started a tad bit late, but managed to solve 11 out of those 12 challenges (after solving “vv_max”, I had 4 hours left to break the last challenge – a malicious Windows driver – which was way too little time 😉
Not long after I took the „ARM IoT Exploit Laboratory“ training by @therealsaumil, the following tweet popped up on my timeline:Continue reading “Write-up: DVAR ROP Challenge”
The annual Holiday Hack Challenge by SANS and the Counterhack team takes place during Christmas time and is always entertaining and great for learning a new trick (or two). This year, the challenge was organized as an online conference, called KringleCon: https://holidayhackchallenge.com/2018/ with great talks and a well thought-out story.Continue reading “Writeup: KringleCon 2018”
First, this post will not cover the basics of recoding macros or use of the session handling rules in BurpSuite. There are a lot of basic stuff to be found in the internet . However, by default, Burp is unable to update or modify an http request HTTP header by using session handling rules and macros. This can cause in problems if you investigate REST APIs or applications which protects requests with one-time CSRF tokens. Further, the Portswigger community blog is not very useful to address this problem . Continue reading “BurpSuite – Update HTTP Header in Session Handling Rules”
Since years the IEEE 802.11 WiFi protocol has a well-known design flaw which allows attackers to disconnected clients from the WiFi access point they’re connected to.
All he has to do, is to send “dauthentication frames” to the WiFi access point. Because the IEEE 802.11 WiFi standard doesn’t require encryption for such frames, an attacker is able to perform the attack even though he isn’t connected with that access point. Continue reading “Wammer – WiFi jamming made easy”
Given you have restricted access to a computer and can only open certain programs. Usually this is caused by the Kiosk Mode that has a white list which contains only trusted programs. Libre/Open Office is a widely used/unlocked program on such Kiosk Modes. Some vendors unlock the whole Libre/Open Office folder: “C:\Program Files\LibreOffice 5\program” or “C:\Program Files (x86)\OpenOffice 4\program” including all other binary files. Python version 3.5.4 (Libre Office) / 2.7.13 (Open Office) is automatically included in the default installation of Libre/Open Office. Now a user can create a Libre/Open Office macro to run a python shell: Continue reading “Bypass Kiosk Mode with Libre/Open Office”
Last year in February, I found a vulnerability at google chrome and submitted it(Bug Report). So far nothing has happened and now the vulnerability has been published on twitter: https://twitter.com/zerosum0x0/status/958890437837692928 Continue reading “Chrome Information Leakage – Prediction Service & Preload”
Bitcoin is getting traction and attention by mainstream media. Price hits all time high at 3000$ and stays above the gold price. At the same time the Bitcoin community is meeting their biggest challenge so far. The question of: ‘How to scale Bitcoin?’ This was discussed for two days at the Future of Bitcoin conference in Arnheim / Netherlands, with developers, researchers and miners.
Ever came across the issue to redirect HTTP(S) traffic to Burp Suite originating from client software that is not supporting to configure a proxy? Continue reading “Hooking Burp Suite in Client Software Communication”