Fiddler is a proxy that can intercept all the HTTP(S) traffic that’s flowing between your client and the server you’re connected to. (more…)
#/archive for the category ‘Other’
MiniUPnPd Analysis and Exploitation
UPnP Summary
Universal Plug and Play (UPnP) is a network protocol that allows seamless discovery of network devices in order to communicate with each other. The UPnP daemons are enabled by default on various devices like routers, printers, smart TVs etc. UPnP daemon is listening on UDP port 1900 and can expose the SOAP interface to the client. The problem is that there are various vulnerabilities present in UPnP daemon executables as well as the libraries they use which the attacker can use to exploit the target.
Teensy and Slovenian Keyboard Layout
Recently we have had a project and we had to simulate attacks with social engineering. One of the attacks was also visiting a company as an IT administrator, gaining access to the premises and inserting a Teensy USB HID into desktop computer running Windows 7 or Windows 8.
Malware Surveillance in Slovenia: Science-Fiction or Reality
In the last couple of years malware has reached a widespread use not only in a widespread world, but also in Slovenia. This is not something that isn’t happening in our country, but is a reality. Let’s take a look at the first picture [1], which presents the countries targeted by the NetTraveler malware. We can see that most of the world is affected and Slovenia is also present on the map.
Results of Digital Challenge HEK 2013
This year we participated at the conference HEK 2013. We prepared interesting tasks from the field of computer science, information science, cryptography and stenography, programming, and also mathematics. This time there was 39 competitors, so it was difficult to win the competition, because of the fierce opponents. There were total of 29 tasks with total sum points of 6150. The best among the competitors reached 4450 points, and solved 24 tasks. There were also social engineering task, where the competitors had to obtain certain information from beautiful Doroteja, which was required in order to obtain the password for one of the tasks. The competition was open one day before the conference, but was generally held during the conference, the 11th and 12 April. The top three also received practical reward.
I would like to congratulate all of the competitors for solving any digital challenge.
The scores of the top ten users are presented in the table below:
| Place | Player | Solved tasks | Points |
|---|---|---|---|
| 1 | snake | 24 | 4450 |
| 2 | kernc | 20 | 3900 |
| 3 | grego87 | 20 | 3700 |
| 4 | deny5 | 19 | 3150 |
| 5 | administrator | 18 | 2850 |
| 6 | plesauc | 16 | 2650 |
| 7 | mojca | 16 | 2650 |
| 8 | marjetica | 14 | 2200 |
| 9 | tomaz | 14 | 2200 |
| 10 | matox | 15 | 2200 |
Stratfor.si
End of December 2011 group Anonymous attacked Stratfor (Strategic Forecasting Inc.) web page. Results were around 200 GB of important data. Among other data there have been customer information and also CC numbers. This data breach disclosed also some of Slovenian users.
Looking from Slovenia this wouldn’t be anything special, but if we take closer look, follow some data that have been posted on Pastebin, then this looks little bit interesting. If we take a look at the list of Slovenian customers, we see that this list is quite interesting. We find people from government, ministry of defense, media houses, private companies, private unknown companies and even Catholic Church.
(more…)
Results of Digital Challenge Infosek 2011
This year we also participated at the conference Infosek 2011 for the first time. We prepared interesting tasks from the field of computer science, information science, cryptography and stenography, programming, and also mathematics. This time there were relatively few competitors – only 11, which does not mean that competition was not a success. There were total of 32 tasks with total sum points of 5100. The best among the competitors reached 3500 points, and solved 24 tasks. There were also social engineering tasks, where the competitors had to obtain certain information from beautiful Nives, to solve certain tasks. There was also a social engineering task, where the competitors had to penetrate the director of Viris company, Milan Gabor. The competition was held during the conference, the 24th and 25 November, and was prolonged over the weekend till 27th November. The top three also received practical reward.
I would like to congratulate all of the competitors for solving any digital challenge.
The final results of the competition are:
| Place | Player | Solved Tasks | Num point |
|---|---|---|---|
| 1 | punky | 24 | 3500 |
| 2 | Netis | 24 | 3100 |
| 3 | kernc | 18 | 2800 |
| 4 | razi | 11 | 1100 |
| 5 | arto | 6 | 900 |
| 6 | citrus | 7 | 700 |
| 7 | beta | 6 | 600 |
| 8 | cubeman | 5 | 500 |
| 9 | test1 | 5 | 500 |
| 10 | m1 | 2 | 200 |
| 11 | janbk | 2 | 200 |
Ethical hacking
In the last decade the Internet spread like no-one anticipated. A lot of information was moved to the Internet. Almost everything is being digitalized: information is being stored in various databases, services are being performed over the Internet, we’re even paying bills from our computer, etc. But in all this craze, we can ask ourselves one question: what about security?