Real Cloud Security

(Please note this post was originally published in the Spanish version of Security Art Work last 2nd Oct 2012)... Leer Más

Covert channels

(Please note this post was originally published in the Spanish version of Security Art Work last 26th Oct 2010)

Covert channels is an evasion technique that allows an attacker to send information using the communication protocols headers. In this post we will cover-up of channels in the TCP/IP protocols and provide a tool, CovertShell, designed as a proof of concept. The sources are at the end of this post.

The TCP/IP protocol has headers that usually are initialized by the client to maintain or number a communication. The technique covert channels uses these fields to assign them values ​​so the target machine does not interpret these fields as part of the communication, but to obtain data.

An interesting example was developed by Craig H. Rowland in his paper back in 1996: Covert Channels in the TCP/IP Protocol Suite, where he created a small client/server “CovertTCP” of no more than 500 lines that allowed file transfer between client and server, using for it only the fields SEQ, ACK (TCP protocol) and ID field (IP protocol). This information was on the protocol overhead and not in the payload.

[Read more…]

Auditing TCP stack with Scapy

Recently I have been playing with the library Scapy for Python. It allows to create any type of network packet with a few simple commands, even for non existing protocols making use of RAW packets.

Suppose we want to evaluate the behavior of the TCP stack when any combination of TCP flags is received. In order to do it, we need to send TCP packets to a given port using any combination of them.

Keep in mind that sending a packet with the SYN and ACK flags is the same as sending it with the flags ACK and SYN. Therefore it is necessary to generate any combination considering that the order does not affect the result and avoiding to send more packets than those strictly necessary.

[Read more…]

Introduction to SSH tunnels

(Please note this post was originally published in the Spanish version of Security Art Work last 19th Jul 2012)

All of us have at some time found that the service we wanted to access is on a computer unreachable from our network or other similar problems. If we have SSH access we can easily solve problems like this using SSH tunnels.

We propose a first scenario, in which we have a database server protected by a firewall that prevents us directly interact with the database but that can be accessed by SSH (assuming MySQL, which uses port 3306).

[Read more…]

The “hidden” information in your photos (they may be saying things you don’t know)

(Please note this post was originally published in the Spanish version of Security Art Work last 20th Jul 2011)... Leer Más

Securing your Android in open Wi-Fi networks

A couple months ago, our partner Jose Vila talked about the power of SSH tunnels. He showed how we can avoid firewalls and bypass those tricky filters using tunnelled traffic.

Today, I’m going to show you a different approach.

Nowadays, it is a dangerous thing to connect your smartphone unprotected to a free Wi-Fi. It is quite common that somebody is sniffing the traffic or you suffer an ARP poison attack. Then how can I be secure on a wifi network? Once again, with SSH tunnels. And how to build SSH tunnels with my Android? With SSH Tunnel.

[Read more…]

Customizing “Cuckoo Sandbox”

(Please note this post was originally published in the Spanish version of Security Art Work last 19th Nov 2012)... Leer Más

Rock-paper-scissors

(Please note this post was originally published in the Spanish version of Security Art Work last 20th Nov 2012)

A couple of weeks ago I saw ARGO, a film directed by and starring Ben Affleck. I have to admit that I didn’t put much hope in it (Daredevil did much evil to Ben Affleck… well, that one and many others), but it turned out to be more than good (it gets a 7.4 in filmaffinity).

Without getting into spoilers, ARGO it is based on a true story that takes place in Iran in 1979 in the middle of social riots. In order to say as little as possible, there is an attack on the United States Embassy, which decides to destroy all the existing information (indeed they first talk about burning the documentation but they finally use shredders). The Embassy is assaulted but a group of people from the Embassy flees and takes refuge “somewhere” in Iran. Since they haven’t burnt all the documentation, the attackers retrieve the documents shredded trying to recover information that allows them to identify the fugitives. And that’s all I can say.

What I mean is that sometimes we don’t give the paper documentation the necessary importance; we could say it is indeed often undervalued; not everything are passwords and encryption. In the same way, when we shred documentation, we often think that any shredder is good for this task.

[Read more…]

The iPads of the Spanish members of parliament

A few weeks ago we saw in the Spanish media a story that couldn’t go unnoticed [1] [2] [3] [4] (Spanish press). The news said that 20 Spanish members of parliament had lost the iPad that at the beginning of the current term of office —less than a year ago— they had received for their work. Leaving aside the controversy about the need of this tool and the responsibility that these members should have with a corporate device, let’s get into what concerns to us: security.... Leer Más

II Security Conference “Navaja Negra”

Next November 30th and December 1st, the second Conference on Information Security “Navaja Negra” will take place in Albacete, with a series of speeches focusing on Information Security such as:... Leer Más