As part of my bachelor’s thesis published in 2020 in information technology, I investigated a largely unknown weakness in a Bluetooth Low Energy (BT-LE) pairing process and developed a concept to prove it in practice.
The basis for this is a document by Mr. Tomáš Rosa, who claims that a mathematical function for calculating confirmation parameters can be bypassed. According to some research, this issue in particular has not been addressed by anyone since the publication of Rosa’s document in 2013.
In the blog post, I present the results of my thesis in short form. In the end, the vulnerability was practically exploited and all tested devices of all BT-LE versions (v4.0-v5.1) are affected.
Continue reading “Bypass PassKey-Entry Authentication in BT-LE”
The machine Rope2 by r4j is probably (one of) the hardest boxes on HackTheBox.eu with only 104 system owns after 202 days. The theme of the box is more or less “research”, since it requires (gaining) knowledge in many different fields: Browser Exploitation, esoteric Heap Feng-Shui, and finally Linux Kernel Exploitation. For me, all 3 fields were pretty new and thus I had a lot to learn (over the course of almost exactly 3 months).
Continue reading “Write-up: Hack The Box – Rope Two”
Like the past few years, the HackingLab Team provided the white-hat hacking competition Hackvent in the form of a advent calendar. From December 1st to 24th , each day, a new challenge was released that has to be solved in-time for scoring full points. Like the past years, challenges were provided from various community members.
Continue reading “Write-up: Hackvent 2019”
The annual Holiday Hack Challenge by SANS and the Counterhack team takes place during Christmas time and is always entertaining and great for learning a new trick (or two). This year, the challenge was organized as an online conference, called KringleCon: https://holidayhackchallenge.com/2018/ with great talks and a well thought-out story.
Continue reading “Writeup: KringleCon 2018”
Since years the IEEE 802.11 WiFi protocol has a well-known design flaw which allows attackers to disconnected clients from the WiFi access point they’re connected to.
All he has to do, is to send “dauthentication frames” to the WiFi access point. Because the IEEE 802.11 WiFi standard doesn’t require encryption for such frames, an attacker is able to perform the attack even though he isn’t connected with that access point. Continue reading “Wammer – WiFi jamming made easy”
Given you have restricted access to a computer and can only open certain programs. Usually this is caused by the Kiosk Mode that has a white list which contains only trusted programs. Libre/Open Office is a widely used/unlocked program on such Kiosk Modes. Some vendors unlock the whole Libre/Open Office folder: “C:\Program Files\LibreOffice 5\program” or “C:\Program Files (x86)\OpenOffice 4\program” including all other binary files. Python version 3.5.4 (Libre Office) / 2.7.13 (Open Office) is automatically included in the default installation of Libre/Open Office. Now a user can create a Libre/Open Office macro to run a python shell: Continue reading “Bypass Kiosk Mode with Libre/Open Office”
Last year in February, I found a vulnerability at google chrome and submitted it(Bug Report). So far nothing has happened and now the vulnerability has been published on twitter: https://twitter.com/zerosum0x0/status/958890437837692928 Continue reading “Chrome Information Leakage – Prediction Service & Preload”