Hunting traditional vulnerabilities on ICS systems

Several months ago (october 2013, if I recall correctly), I found some vulnerabilities on an HMI from OMRON. I wrote a post in Spanish describing the almost endless process we went thru from the discovering of the vulnerability to its publication (you can check the automatic Google translation here, though I assume no responsability).

Ten months later, we got the green light from OMRON (with great work by ICS-CERT and other CERTs), probably mostly pressed by our decission to publish the vulnerability at mid-end July. Lucky we’re the good guys. Now the vulnerability has been released: Advisory (ICSA-14-203-01), Omron NS Series HMI Vulnerabilities, so let’s go with the (few) details.

[Read more…]

Metadata: spanking clean

In the wake of all the uproar that there are these days around the metadata in Spain, I have been reviewing various tools of PDF metadata deletion. In principle, the tools analyzed work on GNU/Linux systems, but that does not mean that some may not work on other systems.

I started from a PDF created by myself. As you can see in the following image, it contains metadata (screenshot in Spanish, but I guess you get the idea):


[Read more…]

SSD drive forensics

(Please note this post was originally published in the Spanish version of Security Art Work last 5th Nov 2012)

Some weeks ago I was playing with django, when I accidentally deleted an application that I had already finished. It was not complex; it had few lines of code and I think I would have been able to recover it in less than a day, but I saw in this error the chance to learn how to make a recovery of data on a SSD drive.

The configuration of this computer’s drive is as follows: GPT partitioning with multiple partitions formatted with ext4 (without LVM). My previous experience in this type of situations has always been to use the most known tools in GNU/Linux environments: sleuthkit, autopsy, testdisk y photorec (these last two usually come in the same package), dd, grep

[Read more…]