Memories of an Incident Handler: “email Man in the Middle”

Some time ago I had the chance to manage a fraud security incident using a technique based on the classic Man in the Middle, but the rare thing is that the attack was not carried in the network or transport layers but in the application layer, more specifically by email. The case was as follows …... Leer Más

Industrial Control Technologies Cybersecurity. Time to wake up.

Sometimes one has to make an effort to balance opposing feelings. This is the case since I work in cybersecurity issues. I have devoted much of my career to work on public infrastructures design and construction, mainly water treatment plants. As an engineer I was in charge of industrial processes and associated control systems design: physical processes, electrical system wiring diagrams (power and control), network architectures and control components, etc. In short, the process and associated SCADA systems. I‘d like to think I did a good job.... Leer Más

Cybersecurity policy for digital homes

It sounds like something belonging to companies and executives, but no, not this time. This time we talk about the computer systems or technology that is growing in many of our homes. We are making some progress. Spain and European countries in general have a very high level of ICT penetration whilst many of latin countries, such as Colombia, Mexico, Chile or Perú among others, are advancing a lot.... Leer Más

Rcapd start meterpreter module

During the post-exploitation phase of an intrusion, after getting a shell on a computer, one of the steps to gain access to other computers or networking devices is thru traffic sniffing. Just listening to the traffic passing through the machine, even in a switched environment, can provide us with very useful information about the network topology or the potential vulnerabilities that can we exploit later: NetBIOS names, users / passwords in clear ARP, CDP, DHCP, HSRP, VRRP, etc..... Leer Más

Introduction to Mallory Proxy

Although I have tried most of the proxies that allow to modify web traffic “on the air” such as burp or WebScarab, I recently discovered a pretty interesting, not only because of its developers and the context in which it was presented, but also because of its features and architecture. Mallory Proxy is a proxy developed by the computer security experts Intrepidus that was presented at the Black Hat 2010.

Mallory is developed in Python and shows a server side and a client interface for configuration and user interaction.

For those who want to try Mallory, the application shows basically has two options. The first is to follow the installation instructions and download and install both proxy sources and dependencies. The second is to download a VMWare image whose operating system is Ubuntu and that comes with both software and dependencies.

[Read more…]

SSD drive forensics

(Please note this post was originally published in the Spanish version of Security Art Work last 5th Nov 2012)

Some weeks ago I was playing with django, when I accidentally deleted an application that I had already finished. It was not complex; it had few lines of code and I think I would have been able to recover it in less than a day, but I saw in this error the chance to learn how to make a recovery of data on a SSD drive.

The configuration of this computer’s drive is as follows: GPT partitioning with multiple partitions formatted with ext4 (without LVM). My previous experience in this type of situations has always been to use the most known tools in GNU/Linux environments: sleuthkit, autopsy, testdisk y photorec (these last two usually come in the same package), dd, grep

[Read more…]

Locating our smartphone

Since smartphones installed in our lives, either for personal or professional use, one of the greatest fears is losing it. We store a great amount of sensitive information in this devices that can be potentially accessed by a malicious person. This problem is even bigger when it comes to professional smartphones, which have not only personal but also access to the corporate environment and information.... Leer Más

Online reputation, a rising value

How much is our reputation worth? To respond to this issue we have to consider the relationship between reputation and success. And when I say “success” I mean achieving our objectives, both personal and professional. In certain groups, reputation is an essential element for its success or decline. We could include in that group people with public office as mayors, councilors, ministers, etc., but it also directly affects professionals from the private sector as actors, singers, designers and a long etcetera.

In this entry we’ll talk about the particularities of online reputation and see some examples that show its importance. Let’s start by defining what online reputation is. Although the concept has many corners worth to explore, the simplest definition comes courtesy of Wikipedia: The online reputation is a reflection of the prestige or esteem of a person or brand on the Internet.

It is known that to achieve and maintain a good reputation requires much effort, perseverance, dedication and time. On the other hand, “bad reputation” can be reached in the most unexpected moment as either hand of a scandal, a simple misunderstanding or an error. The same happens with “online reputation” but with the particularity that information technologies highlight the impact of our actions. If you are good, there are ways to publicizing, disseminate and make the most of our effort. However, our failures will also be more widespread, deeper and faster. Therefore, we could say that online reputation is more “fragile” than the reputation traditional concept. Needless to say that both concepts (reputation and online reputation) are closely linked.

To illustrate what we commented on the “fragility” of the online reputation, we will see some examples in which a unfortunate simple comment and/or misunderstanding has tarnished the reputation of some famous.

[Read more…]

Real Cloud Security

(Please note this post was originally published in the Spanish version of Security Art Work last 2nd Oct 2012)... Leer Más

Covert channels

(Please note this post was originally published in the Spanish version of Security Art Work last 26th Oct 2010)

Covert channels is an evasion technique that allows an attacker to send information using the communication protocols headers. In this post we will cover-up of channels in the TCP/IP protocols and provide a tool, CovertShell, designed as a proof of concept. The sources are at the end of this post.

The TCP/IP protocol has headers that usually are initialized by the client to maintain or number a communication. The technique covert channels uses these fields to assign them values ​​so the target machine does not interpret these fields as part of the communication, but to obtain data.

An interesting example was developed by Craig H. Rowland in his paper back in 1996: Covert Channels in the TCP/IP Protocol Suite, where he created a small client/server “CovertTCP” of no more than 500 lines that allowed file transfer between client and server, using for it only the fields SEQ, ACK (TCP protocol) and ID field (IP protocol). This information was on the protocol overhead and not in the payload.

[Read more…]