#/archive for the category ‘Other’

Using Fiddler

Fiddler is a proxy that can intercept all the HTTP(S) traffic that’s flowing between your client and the server you’re connected to. (more…)

MiniUPnPd Analysis and Exploitation

UPnP Summary

Universal Plug and Play (UPnP) is a network protocol that allows seamless discovery of network devices in order to communicate with each other. The UPnP daemons are enabled by default on various devices like routers, printers, smart TVs etc. UPnP daemon is listening on UDP port 1900 and can expose the SOAP interface to the client. The problem is that there are various vulnerabilities present in UPnP daemon executables as well as the libraries they use which the attacker can use to exploit the target.

(more…)

Teensy and Slovenian Keyboard Layout

Recently we have had a project and we had to simulate attacks with social engineering. One of the attacks was also visiting a company as an IT administrator, gaining access to the premises and inserting a Teensy USB HID into desktop computer running Windows 7 or Windows 8.

(more…)

Malware Surveillance in Slovenia: Science-Fiction or Reality

In the last couple of years malware has reached a widespread use not only in a widespread world, but also in Slovenia. This is not something that isn’t happening in our country, but is a reality. Let’s take a look at the first picture [1], which presents the countries targeted by the NetTraveler malware. We can see that most of the world is affected and Slovenia is also present on the map.

(more…)

Results of Digital Challenge HEK 2013

This year we participated at the conference HEK 2013. We prepared interesting tasks from the field of computer science, information science, cryptography and stenography, programming, and also mathematics. This time there was 39 competitors, so it was difficult to win the competition, because of the fierce opponents. There were total of 29 tasks with total sum points of 6150. The best among the competitors reached 4450 points, and solved 24 tasks. There were also social engineering task, where the competitors had to obtain certain information from beautiful Doroteja, which was required in order to obtain the password for one of the tasks. The competition was open one day before the conference, but was generally held during the conference, the 11th and 12 April. The top three also received practical reward.

I would like to congratulate all of the competitors for solving any digital challenge.

The scores of the top ten users are presented in the table below:

Place Player Solved tasks Points
1 snake 24 4450
2 kernc 20 3900
3 grego87 20 3700
4 deny5 19 3150
5 administrator 18 2850
6 plesauc 16 2650
7 mojca 16 2650
8 marjetica 14 2200
9 tomaz 14 2200
10 matox 15 2200

Stratfor.si

End of December 2011 group Anonymous attacked Stratfor (Strategic Forecasting Inc.) web page. Results were around 200 GB of important data. Among other data there have been customer information and also CC numbers. This data breach disclosed also some of Slovenian users.

Looking from Slovenia this wouldn’t be anything special, but if we take closer look, follow some data that have been posted on Pastebin, then this looks little bit interesting. If we take a look at the list of Slovenian customers, we see that this list is quite interesting. We find people from government, ministry of defense, media houses, private companies, private unknown companies and even Catholic Church.
(more…)

Results of Digital Challenge Infosek 2011

This year we also participated at the conference Infosek 2011 for the first time. We prepared interesting tasks from the field of computer science, information science, cryptography and stenography, programming, and also mathematics. This time there were relatively few competitors – only 11, which does not mean that competition was not a success. There were total of 32 tasks with total sum points of 5100. The best among the competitors reached 3500 points, and solved 24 tasks. There were also social engineering tasks, where the competitors had to obtain certain information from beautiful Nives, to solve certain tasks. There was also a social engineering task, where the competitors had to penetrate the director of Viris company, Milan Gabor. The competition was held during the conference, the 24th and 25 November, and was prolonged over the weekend till 27th November. The top three also received practical reward.

I would like to congratulate all of the competitors for solving any digital challenge.

The final results of the competition are:

Place Player Solved Tasks Num point
1 punky 24 3500
2 Netis 24 3100
3 kernc 18 2800
4 razi 11 1100
5 arto 6 900
6 citrus 7 700
7 beta 6 600
8 cubeman 5 500
9 test1 5 500
10 m1 2 200
11 janbk 2 200

Ethical hacking

In the last decade the Internet spread like no-one anticipated. A lot of information was moved to the Internet. Almost everything is being digitalized: information is being stored in various databases, services are being performed over the Internet, we’re even paying bills from our computer, etc. But in all this craze, we can ask ourselves one question: what about security?

(more…)