S3cur1ty_Guy Says: Thank's for stopping by

Recent Articles PoC's

While you're here: Learn how to protect your assets

Recomended Resources Public domain research

The Internet of Broken Protocols: Showcase #2

(complete list of showcases: https://vnhacker.blogspot.com/search/label/The%20Internet%20of%20Broken%20Protocols)Administrative note: showcase #1 is not easy, and so far I got only two emails. The following protocol is a bit easier. In case you wonder whether I made up these protocols, the answer is no. I actually found them on the Internet of Things :).Updated: solution posted ;-)--Alice…

The Internet of Broken Protocols: Showcase #1

(complete list of showcases: https://vnhacker.blogspot.com/search/label/The%20Internet%20of%20Broken%20Protocols)Updated: scroll down for solutions.Alice and Bob have a pre-shared secret PSS. They want to build a secure channel. Someone designed the following protocol for them. Your task is to analyze this protocol and find all weaknesses. You might email me at [email protected] if you want some…

The Internet of Broken Protocols: Showcase #1

(complete list of showcases: https://vnhacker.blogspot.com/search/label/The%20Internet%20of%20Broken%20Protocols)Updated: scroll down for solutions.Alice and Bob have a pre-shared secret PSS. They want to build a secure channel. Someone designed the following protocol for them. Your task is to analyze this protocol and find all weaknesses. You might email me at [email protected] if you want some…

Got Microsoft? Time to Patch Your Windows

Microsoft churned out a bunch of software updates today fix some serious security problems with Windows and other Microsoft products like Internet Explorer (IE), Edge and Office. If you use Microsoft, here are some details about what needs fixing. As usual, patches for IE and for Edge address the largest number of “critical” vulnerabilities.…

Crosscompile radare2 with dockcross

So you want to cross-compile radare to some exotic architecture? Use this docker and you’ll save some headache: Here’s and example on how changes required for i.e ARMv5 (no hard float) borrowed from mk/armel.mk: ARCH=arm CROSS_ROOT=/usr/bin CROSS_TRIPLET=${ARCH}-linux-gnueabi CC=${CROSS_ROOT}/${CROSS_TRIPLET}-gcc USERCC=${CROSS_ROOT}/${CROSS_TRIPLET}-gcc RANLIB=${CROSS_TRIPLET}-ranlib CC_AR=${CROSS_ROOT}/${CROSS_TRIPLET}-ar -r ${LIBAR} (...) After defining your new mk/arch.mk file…

Data Breach At Oracle’s MICROS Point-of-Sale Division

A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems. Asked this weekend for comment on rumors…

10 years old

10 years passed since the first release of radare, and 8 since radare2. It was pretty primitive at the time, and lot of things has happened since that. SPOILER: Radare2’s Congress Announcement The tool was mainly used and written by me (@pancake) from the very first days. I was missing…

The Reincarnation of a Bulletproof Hoster

In April 2016, security firm Trend Micro published a damning report about a Web hosting provider referred to only as a “cyber-attack facilitator in the Netherlands.” If the Trend analysis lacked any real punch that might have been because — shortly after the report was published — names were redacted so that…

RSoC 2016 progress

This year we’re hosting our own Radare Summer of Code, again! This is why we have selected 4 students: Aneesh Dogra (FAT PE binaries) Alexandru Razvan Caciulescu (ROP generator) Rakholia Jenish (Kernel level interfaces) Pankaj Kataria (SROP and COOP generators) FAT PE binaries At first, Aneesh Dogra adding the support…

RSoC 2016 progress

This year we’re hosting our own Radare Summer of Code, again! This is why we have selected 4 students: Aneesh Dogra (FAT PE binaries) Alexandru Razvan Caciulescu (ROP generator) Rakholia Jenish (Kernel level interfaces) Pankaj Kataria (SROP and COOP generators) FAT PE binaries At first, Aneesh Dogra adding the support…

Có một Biển Đông trên không gian mạng (tiếp theo và hết)

Chiến tranh mạng: Việt Nam đã làm gì để tự vệ?(phần 1: https://vnhacker.blogspot.com/2016/07/co-mot-bien-ong-tren-khong-gian-mang.html; toàn bài: https://drive.google.com/file/d/0B_L6MdkbAn4MODZnN1NuTC0zNGc/view?usp=sharing)Trung Quốc là cường quốc nhất nhì thế giới về tác chiến điện tử (electronic/cyber warfare). Đối với Việt Nam, chiến lược lâu dài của Trung Quốc là sử dụng tác chiến điện tử để…

Có một Biển Đông trên không gian mạng (tiếp theo và hết)

Chiến tranh mạng: Việt Nam đã làm gì để tự vệ?(phần 1: https://vnhacker.blogspot.com/2016/07/co-mot-bien-ong-tren-khong-gian-mang.html; toàn bài: https://drive.google.com/file/d/0B_L6MdkbAn4MODZnN1NuTC0zNGc/view?usp=sharing)Trung Quốc là cường quốc nhất nhì thế giới về tác chiến điện tử (electronic/cyber warfare). Đối với Việt Nam, chiến lược lâu dài của Trung Quốc là sử dụng tác chiến điện tử để…