Bold Statements
Well, it’s a canary (these cute yellow songbirds some people have as a pet), and its main feature is that it dies before you will.
What the hack [pun intended]? And by the way… what has this to do with IT Security? Well… let me first quote Wikipedia on the birds:
Continue reading “Miner’s Canary Revival in IT Security”
Continue readingHi,
I wrote a small python script that extracts the content from Alcatel .tim firmware files. It took some time staring at hex values, as well as a fair amount of guess work to figure out the file format.
Continue reading “An unpacker for Alcatel TiMOS images”
There has been, again, some development within the loki domain. Today I’m going to write about the latest module added to the suite, a module for decoding and cracking Cisco’s TACACS+.
Continue reading “TACACS+ module for loki”
Continue readingThis is a guest post from Fernando Gont.
On March 16th, 2015, at the Troopers IPv6 Security Summit, we finally released the SI6 Networks’ IPv6 Toolkit v2.0 (Guille). The aforementioned release is now available at the SI6 IPv6 Toolkit homepage. It is the result of over a year of work, and includes improvements in the following areas:
Continue readingLately we had to analyze QR-Codes in a pentest. Those held some random data which was used as a token for login and we wanted to know if that data was really random.
Continue reading “Getting 20k Inline-QR-Codes out of Burp”
Continue readingThis is a guest post from Antonios Atlasis.
Last week I had the pleasure to give you my impressions regarding my experience about hacking for b33r at Ghent, that is, my participation at BruCON 2014 hacking conference. As I said among else, the reason that I was there was to present Chiron, my IPv6 penetration testing/security assessment framework, which was supported by the Brucon 5×5 program. The first version of Chiron had been presented at Troopers 14, during the IPv6 Security Summit.
Continue reading “Chiron – An All-In-One IPv6 Penetration Testing Framework”
Continue readingAs we continue our research in the 3GPP protocol world, there is a new tool for you to play with. It is called s1ap_enum and thats also what it does 😉
The tool itself is written in erlang, as i found no other free ASN.1 parser that is able to parse those fancy 3GPP protocol specs. It connects to an MME on sctp/36412 and tries to initiate a S1AP session by sending an S1SetupRequest PDU. To establish a S1AP session with an MME the right MCC and MNC are needed in the PLMNIdentity. The tool tries to guess the right MCC/MNC combinations. It comes with a preset of known MCC/MNC pairs from mcc-mnc.com, but can try all other combinations as well.
Continue reading “New Tool: s1ap_enum”
Continue readingAs we historically have a strong connection to network technologies (not surprising, given the “NW” in “ERNW” stands for “Networks”), I developed a small script to create RFC-style ASCII representations of protocol schemes. The following listing shows an example created for a fictitious protocol:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------------------------------------------------------+ | type | id | +---------------------------------------------------------------+ | flags | reserved | +---------------------------------------------------------------+ | payload | +---------------------------------------------------------------+
The command line to create this output is
./ascii_header.py 16-type 16-id 8-flags 24-reserved 32-payload
and of course the script also provides a help message which explains the parameters in detail.
Download: https://www.ernw.de/download/ascii_protocol_scheme_generator.zip
Enjoy and feel free to leave feedback and comments,
Benedikt 🙂
Continue readingThis is a guest post from Antonios Atlasis.
===
Having just finished the second “Advanced Attack Techniques against IPv6 Networks” workshop (some of the course material can be found here), organised and hosted by ERNW and their partner HM Training Solutions, I would like to take this opportunity to release publicly one of my scripting tools, an IPv6 scanner. This tool is based on Scapy (so you have to install Scapy and its prerequisites before using it). It should not be considered as a replacement or a competitor of nmap against IPv6 or of the scanners incorporated into the great IPv6 toolkits already released by Marc Heuse and Fernando Gont, but, instead, as a tool released mainly for educational purposes. Specifically, this scanner, apart from supporting some of the most well known port scanning techniques, from ping scanning to SYN, RESET, ACK, XMAS, etc., etc., TCP or UDP scanning, it also combines, by using the suitable switches, some IDS/IPS evasion techniques. As I have found out up to now, at least two of them, if used “properly”, can be effective against a very popular IDS/IPS software used by many “Fortune 100” companies out there. This means that you can launch actually any type of the supported network-scanning techniques while flying under the radar of this specific IDS software (and perhaps some other too, who knows…). But first of all, as always please check the corresponding README file.
Continue reading “IPv6 Scanner”
Continue readingIts been a long time, since i released the last version of pytacle, but now the time has come. Here is alpha2 with some new features:
– Support of RTLSDR sticks
– Possibility to scan for cells around you
– Changed the code to generate real KCs (but as nobody noticed the wrong KCs i guess you were good with the others 😉
Im also planning to address hopping channels in the future, but ive not made it far enough in my DSP lecture, yet 😉
Find the new version here.
Also see this post for requirements.
cheers
/daniel
Continue reading