Auditing TCP stack with Scapy

Recently I have been playing with the library Scapy for Python. It allows to create any type of network packet with a few simple commands, even for non existing protocols making use of RAW packets.

Suppose we want to evaluate the behavior of the TCP stack when any combination of TCP flags is received. In order to do it, we need to send TCP packets to a given port using any combination of them.

Keep in mind that sending a packet with the SYN and ACK flags is the same as sending it with the flags ACK and SYN. Therefore it is necessary to generate any combination considering that the order does not affect the result and avoiding to send more packets than those strictly necessary.

[Read more…]

Introduction to SSH tunnels

(Please note this post was originally published in the Spanish version of Security Art Work last 19th Jul 2012)

All of us have at some time found that the service we wanted to access is on a computer unreachable from our network or other similar problems. If we have SSH access we can easily solve problems like this using SSH tunnels.

We propose a first scenario, in which we have a database server protected by a firewall that prevents us directly interact with the database but that can be accessed by SSH (assuming MySQL, which uses port 3306).

[Read more…]

The “hidden” information in your photos (they may be saying things you don’t know)

(Please note this post was originally published in the Spanish version of Security Art Work last 20th Jul 2011)... Leer Más

Securing your Android in open Wi-Fi networks

A couple months ago, our partner Jose Vila talked about the power of SSH tunnels. He showed how we can avoid firewalls and bypass those tricky filters using tunnelled traffic.

Today, I’m going to show you a different approach.

Nowadays, it is a dangerous thing to connect your smartphone unprotected to a free Wi-Fi. It is quite common that somebody is sniffing the traffic or you suffer an ARP poison attack. Then how can I be secure on a wifi network? Once again, with SSH tunnels. And how to build SSH tunnels with my Android? With SSH Tunnel.

[Read more…]

Customizing “Cuckoo Sandbox”

(Please note this post was originally published in the Spanish version of Security Art Work last 19th Nov 2012)... Leer Más

Rock-paper-scissors

(Please note this post was originally published in the Spanish version of Security Art Work last 20th Nov 2012)

A couple of weeks ago I saw ARGO, a film directed by and starring Ben Affleck. I have to admit that I didn’t put much hope in it (Daredevil did much evil to Ben Affleck… well, that one and many others), but it turned out to be more than good (it gets a 7.4 in filmaffinity).

Without getting into spoilers, ARGO it is based on a true story that takes place in Iran in 1979 in the middle of social riots. In order to say as little as possible, there is an attack on the United States Embassy, which decides to destroy all the existing information (indeed they first talk about burning the documentation but they finally use shredders). The Embassy is assaulted but a group of people from the Embassy flees and takes refuge “somewhere” in Iran. Since they haven’t burnt all the documentation, the attackers retrieve the documents shredded trying to recover information that allows them to identify the fugitives. And that’s all I can say.

What I mean is that sometimes we don’t give the paper documentation the necessary importance; we could say it is indeed often undervalued; not everything are passwords and encryption. In the same way, when we shred documentation, we often think that any shredder is good for this task.

[Read more…]

The iPads of the Spanish members of parliament

A few weeks ago we saw in the Spanish media a story that couldn’t go unnoticed [1] [2] [3] [4] (Spanish press). The news said that 20 Spanish members of parliament had lost the iPad that at the beginning of the current term of office —less than a year ago— they had received for their work. Leaving aside the controversy about the need of this tool and the responsibility that these members should have with a corporate device, let’s get into what concerns to us: security.... Leer Más

II Security Conference “Navaja Negra”

Next November 30th and December 1st, the second Conference on Information Security “Navaja Negra” will take place in Albacete, with a series of speeches focusing on Information Security such as:... Leer Más

External figures of Spanish Data Protection Act (LOPD)

(Editor note: This post is relative to the Spanish Data Protection Act or LOPD. Although LOPD is based on the 95/46/CE directive it may not be fully applicable to other countries inside the EU, so several sentences have been modified or eliminated.)... Leer Más

Safe Delete Meterpreter Module

It has recently been added to Metasploit (master branch) a module that can be interesting to delete files downloaded in a victim computer thru a meterpreter session.... Leer Más