Insinuator.net – Page 31 – Bold Statements

October 20, 2016 by Brian Butterly

A Quick Insight Into the Mirai Botnet

As you might have read, I recently had a closer look at how easy it actually is to become part of an IoT Botnet. To start a further discussion and share some of my findings I gave a quick overview at the recent Dayton Security Summit. The Mirai Botnet was supposed to be one of the case studies here. But the way things go if one starts diving into code…I eventually gave an overview of how the Mirai Bot actually works and what it does. As such: Here a quick summary of the Mirai Botnet bot.
Continue reading “A Quick Insight Into the Mirai Botnet”

Breaking

October 17, 2016 by Oliver Matula

Setting up a Research Environment for IP Cameras

Embedded devices often serve as an entry point for an attack on a private or corporate network. The infamous attack on HackingTeam, for example, followed exactly this path as was revealed here. Although the attack may have been for the greater good (refer also to this great keynote), such incidents demonstrate that it is important to properly secure your embedded devices. In a recent blog post, Niklaus presented how he analyzed the security posture of a MAX! Cube LAN Gateway. Moreover, Brian reported a few weeks ago on the security posture of IoT devices (and in particular on one of his cameras). With this post I would like to share my experiences with analyzing another embedded device: the IC-3116W IP camera by Edimax. Continue reading “Setting up a Research Environment for IP Cameras”

Breaking

October 17, 2016 by Timo Schmid

Linq Injection – From Attacking Filters to Code Execution

Some of you (especially the .Net guys) might have heard of the query language Linq (Language Integrated Query) used by Microsoft .Net applications and web sites. It’s used to access data from various sources like databases, files and internal lists. It can internally transform the accessed data in application objects and provides filter mechanisms similar to SQL. As it is used directly inside the application source code, it will be processed at compile time and not interpreted at runtime. While this provides a great type safety and almost no attack surface for injection attacks (except from possible handling problems in the different backends), it is extremely difficult to implement a dynamic filter system (e.g. for datatables which should allow users to select the column to filter on). That’s probably the reason why Scott Guthrie (Executive Vice President of the Cloud and Enterprise group in Microsoft, also one of the founders of the .Net project) presented the System.Linq.Dynamic package as part of the VS-2008 samples in 2008. This library allows to build Linq queries at runtime and therefore simplify dynamic filters. But as you may know, dynamic interpretation of languages based on user input is most of the time not the best option….

Continue reading “Linq Injection – From Attacking Filters to Code Execution”

Misc

October 14, 2016 by Michael Schaefer

Welcome to Insinuator.net 2.0

It’s almost exactly seven years since Enno published the very first blog post on Insinuator.net. Meanwhile, quite a few things changed. It’s not only the ERNW Universe which grew significantly, but also Insinuator’s place within this universe was slightly adjusted. What started as an almost independent IT-Security blog became more and more the major publication medium of ERNW.

Continue reading “Welcome to Insinuator.net 2.0”

Events

October 6, 2016 by Pascal Turbing

Black Hat 2016 Summary Part 2.1

A few months ago I had the opportunity to visit this year’s Black Hat in Las Vegas. Due to a few weeks of vacation following the conference here are my delayed 2 cents (part 1)

Abusing Bleeding Edge Web Standards For AppSec Glory – Bryant Zadegan & Ryan Lester (Slides)

Bryant and Ryan talked about new web standards which are already implemented in parts of the current browser jungle. Namely these standard were:

Continue reading “Black Hat 2016 Summary Part 2.1”

Breaking

October 5, 2016 by Prof. Dr.-Ing. Andreas Dewald

DameWare Vulnerability

In course of a recent research project, I had a look at SolarWinds DameWare, which is a commercial Remote Access Software product running on Windows Server. I identified a remote file download vulnerability in the download function for the client software that can be exploited remotely and unauthenticated and that allows to download arbitrary files from the server that is running the software.

Continue reading “DameWare Vulnerability”

Breaking

October 1, 2016 by Brian Butterly

How to Become Part of an IoT Botnet

I suppose there are many people out there who want to achieve a greater good, fight evil corp and “show those guys”. So why not set a statement and become part of a botnet? #Irony!!! Of course I suppose (hope) that none of you actually want to be part of something like an IoT botnet, but joining could in theory be dead easy. So quite a while back I bought a dead cheap WiFi camera for use at home. It was kind of just as insecure as I had expected, so it got it’s own VLAN and stuff and here is why….

Continue reading “How to Become Part of an IoT Botnet”

Building

September 26, 2016 by Timo Schmid

Diving into EMET

Last week, we decided to take a look onto the EMET library provided by Microsoft. This library is intended to introduce several security features to applications which are not explicitly compiled to use them.

It also adds an additional layer to protect against typical exploiting techniques by filtering library calls, preventing usage of dangerous functions/components and inserting mitigation technologies.

As EMET is already a target for many researchers, we currently only started to get an overview of it’s structure and how the different components are interacting with each other. Today we would like to share some of our results with you.

Continue reading “Diving into EMET”

Breaking, Events

September 20, 2016 by Hendrik Schmidt

Attacking BaseStations @Defcon24

Hello Guys,
back from my vacation I’d like to give you some impressions about Defcon 24 and our talk “Attacking BaseStations”. Defcon itself had a couple of great talks but was a very crowded location. Anyhow, we had a couple of great discussions with the people before and after our talk.

Continue reading “Attacking BaseStations @Defcon24”

Misc

September 20, 2016 by Matthias Luft

Introducing the Kernel Space Invaders

Today it is my pleasure to shortly introduce ERNW’s Capture the Flag team, the Kernel Space Invaders. As a long-time CTF enthusiast, I’m really amazed how many of us make the time to tackle IT security challenges also on the weekends or evenings. Even if we cannot participate in all CTFs out there (which would be challenging anyways given the large number of CTF events happening nowadays), we started to compile a repository of some of our write-ups — I hope some of you will enjoy!

Cheers,

KSI