Friday, October 27, 2017

Hello World! so let's make another register hacking, something very interresting (on pwn) Exploit Development with AFL, PEDA and PwnTools

We found that we could cause a segmentation fault in the target using some specific inputs. In this post (and in this video), we will cover the next step: confirming if the crash can lead to a vulnerability. To do so, we’ll use GDB, the GNU debugger, and PEDA to analyze the execution of the target while processing the inputs previously generated by AFL. By doing so, we will find a way to hijack the execution flow from the Vuln1 program in order to execute our own code

https://thecyberrecce.net/tag/technology/

Thursday, October 26, 2017

SECLIST

http://seclist.us/2015/12

DISRUPT IS A PENETRATION TOOL DEVISED PURELY DISRUPTION PURPOSES.

December 30, 2015

L3G10n

Networking, Penetration Test, Stress Testing

Disrupt is a penetration tool devised purely disruption purposes. Modules: * SMS Bomber: The SMS Bomber module allows users to send an overflow of threads…

Proxying Bluetooth devices for security analysis using btproxy

Installation

The code currently lives on Github and currently only works on Linux or OS X. It relies on BlueZ.

Install the dependencies:

sudo apt-get install bluez bluez-utils bluez-tools libbluetooth-dev python-dev

Install btproxy:

git clone https://github.com/conorpp/btproxy
cd btproxy
sudo python setup.py install

Running it on the Pebble Watch

To run it, you will need two Bluetooth devices to proxy (Bluetooth low energy doesn’t work yet).

I choose to use my Phone (Nexus 6) and Pebble Steel watch.

So I went ahead and made each device Bluetooth discoverable. For the Nexus 6 running Android L, this just means opening Bluetooth in the settings. For the Pebble watch, you just open Bluetooth in the settings as well.

Now that they are visible, the Proxy can run.

I use hcitool to scan for the devices so I know their Bluetooth MAC addresses.

$ hcitool scan

Scanning ...
        77:88:99:AA:BB:CC   Pebble 9FAA
        11:22:33:44:55:66   conorpp's Nexus 6

Now to run the Bluetooth proxy.

sudo btproxy 11:22:33:44:55:66 77:88:99:AA:BB:CC

https://conorpp.com/proxying-bluetooth-devices-for-security-analysis-using-btproxy

USBPcap - USB Packet capture for Windows (open-source USB Sniffer for Windows)

USBPcap is an open-source USB sniffer for Windows.

USB Packet capture for Windows Tour

Download USBPcap

http://kitploit.blogspot.pt/2014/12/usbpcap-usb-packet-capture-for-windows.html

I'm the bad...bad girl...for a constitucional right :) download this tribe

ETERNAL BLUES

Eternal Blues is a free EternalBlue vulnerability scanner. It helps finding the blind spots in your network, these endpoints that are still vulnerable to EternalBlue.

Just hit the SCAN button and you will immediately start to get which of your computers are vulnerable and which aren’t. That’s it.

If you wish, you can switch networks, or edit your own (yeah, you can also scan the world wide web if you wish). Please use it for good cause only. We have enough bad guys already…

DOWNLOAD HERE

http://omerez.com/eternalblues/

FFmpeg unpacks the video container as separate raw video data and audio data in a native layer. Then, the raw video data is transferred into MediaCodec’s APIs in the Java layer for hardware decoder

FFmpeg has supported Android since the 2.1 release, but the FFmpeg package did not have a build script for x86 on Android. Following are the steps for how to build FFmpeg for Android on x86:

On FFmpeg's web site, download the latest FFmpeg release: ffmpeg-2.2.4.tar.bz2 [2].
Copy the FFmpeg package to a Ubuntu* build machine and extract using this “tar” command:
```
wangsy@ubuntu:~/Desktop$  tar  xvf  ffmpeg-2.2.4.tar.bz2
```

Set up ANDROID_NDK_HOME environment with the "export" command:

export  ANDROID_NDK_HOME= $ ANDROID_NDK_HOME :/~/android-ndk-r9c

Copy the following configuration file to ~/ffmpeg-2.2.4 and add the "run" permissions:

wangsy@ubuntu:~/Desktop$  cp  config_build_x86.sh  ~/ffmpeg-2.2.4
wangsy@ubuntu:~/Desktop$  sudo chmod  a+x  ~/ffmpeg-2.2.4/config_build_x86.sh

Run the configuration script and build using the “make” and “make install” commands:

wangsy@ubuntu:~/Desktop/ffmpeg-2.2.4$  make 
wangsy@ubuntu:~/Desktop/ffmpeg-2.2.4$  make install

The generated Android for x86 libs are under ~/Desktop/ffmpeg-2.2.4/android/x86/lib$.

Developers can copy these generated libs for development. Because YASM [3] assembler compiler and Intel® Streaming SIMD Extensions (Intel® SSE) [4] are enabled in the config_build_x86.sh, the generated Android for x86 libs are optimized for high performance on Intel Atom-based Android platforms.

https://software.intel.com/en-us/android/articles/creating-a-hardware-decoder-integrating-ffmpeg-with-mediacodec-for-intel-atom-based-android

PDM audio software decoding on STM32 microcontrollers

This application note presents the algorithms and architecture of an optimized softwareimplementation for PDM signal decoding and audio signal reconstruction when connectingan ST MP45DT02 MEMS microphone with an STM32 microcontroller. It can directly take thePulse Density Modulated (PDM) data output from the microphone and convert it to 16-bitpulse-code modulation (PCM) format.This document also provides quick start information describing how to implement the PDMLibrary for single microphone acquisition via I2S based on the STM32F4 microcontroller andSTM32F4DISCOVERY board

This application note presents the algorithms and architecture of an optimized software implementation for PDM signal decoding and audio signal reconstruction when connecting an ST MP45DT02 MEMS microphone with an STM32 microcontroller. It can directly take the Pulse Density Modulated (PDM) data output from the microphone and convert it to 16-bit pulse-code modulation (PCM) format. This document also provides quick start information describing how to implement the PDM Library for single microphone acquisition via I2S based on the STM32F4 microcontroller and STM32F4DISCOVERY board.

PCM data decoding microcontroller on microphone.pdf by Elsa Cristina David on Scribd

decoding wave file with python

We will need to convert raw PCM or PCM recorded by microphones

Convert PCM Files and Make them Compatible with Windows Media Player, iTunes, MP3 Player, iPhone, iPod, Android Phones, Samsung, Blackberry, etc.

https://www.idealshare.net/pcm-converter-to-mp3-wav-wma-aac-flac.html

So, we are now at London, next to a MI6 laptop with the elliptic curve firewall...and starting today

Basic Virtual PCM Devices for Playback/Capture, ALSA

ALSA arranges sound cards and their components into a heirarchy of cards, devices and subdevices. It reflects the structure and capabilities of the hardware as seen by ALSA. A card can be denoted by a stringID or a zero-based index. Devices of each card are also enumerated from 0. Different devices can be opened and used independently of each other. Typically, specifying a card and device will suffice for handling audio streams. Finally, some devices may have a separate subdevice for each channel. Like devices, subdevices are identified by a zero-based index.

http://nairobi-embedded.org/alsa_pcm_plugins_capture.html

this is a suprise for the israelis!!!!

Although abbreviation PCM stands for Pulse Code Modulation, we are understanding it as general digital audio processing with volume samples generated in continuous time periods.

The analog signal is recorded via analog to digital converters (ADC). The digital value (de-facto a volume at a specific time) obtained from ADC can be further processed. The following picture shows a perfect sinus waveform:

Next image shows digitized representation:

As you may see, the quality of digital audio signal depends on the time (recording rate) and voltage resolution (usually in an linear integer representation with basic unit one bit).

The stored digital signal can be converted back to voltage (analog) representation via digital to analog converters (DAC).

https://www.alsa-project.org/alsa-doc/alsa-lib/pcm.html

BLACK MASK