Today's Quote

In the end, we will remember not the words of our enemies, but the silence of our friends. -- Martin Luther King, Jr.

Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Friday, 18 August 2017

Apple's Secure - Enclave decryption Key goes online


Secure Enclave Processor Handles all the cryptographic operations in the IOS device
SEP is first embedded in iPhone  5S, and SEP is completely isolated from the Device module's and manages the activities like Touch-ID, ICloud verification, and other security features 









The SEP generates UID which varies from device-to-device, once SEP is decrypted Gaining UID value from the device is simple 

Apple Key was released Here, Using the executable version of this Code  the SEP can be decrypted

According to Apple Spokesperson about SEP,

 The customer Data is safe and it's not an easy leap to say it would make getting at customer data possible 
Though it's difficult to decrypt SEP, it's still possible to develop exploits that can reset iCloud Activation or bypass touch ID payment process.



SEP decryption will help researchers find new bugs in the Touch-ID. Brace Yourselves.

Saturday, 12 August 2017

Couch Potato Can spy your live streams wikileaks

This exploitable Python binary was deployed in Feb 2014 to NSA computers. The exploit has helped the Gov to check videos you were streaming 


Supported formats are
 RTSP/H.264 video streams and can capture the screen  frames as JPG and store them in an output directory

Before the usage, the python file has to be configured with its -output folder for the media to save


 Example: rtsp://10.3.2.1:8854/IPCameraStream
• -vcodec copy o Directs the decoder to “copy” the video data from the stream. For use when collecting video files only.
• -acodec copy o Directs the decoder to “copy” the audio data from the stream. For use when collecting video files only.
• -an o Directs the decoder to ignore audio data from the stream. For use when collecting video files only.
 • -f [output file format] [output path] o The only currently supported options are avi and image2.
The output path should always be “-“ (as in a STDOUT pipe). 





Example argument strings: 
-i rtsp://10.3.2.52:8554/Cam –f image2 – 
-i rtsp://10.3.2.52:8554/Cam –t 300 –vcodec copy –an –f avi –
-i rtsp://10.3.2.52:8554/Cam –t 300 –vcodec copy –acodec copy –f avi 


This malware leaves no trace of spying you.

The reason of being stealthy is the application includes In-Memory Code Execution exploit where the program gets executed directly without being stored in your disk

Documentation release of the CouchPotato v1.0 -- User Guide.

Saturday, 5 August 2017

CIA can take over your home surveillance cameras, and disable webcam, mic - WikiLeaks

This exploit v1 and 2 is limited to Windows XP

It has the ability to
Disable MIC and WebCam activities
Delete all the recordings
and corrupt the camera drivers

This malware is classified into 3 different versions 

Dumbo V1.0

Released Date 25 June 2012


Creates an Executable  module.
Executable should store in a USB stick to persistently log the Data


     
Dumbo V2.0
Release Date: 10 June 2015

ISPY is included in V2 of this program. Which runs Parallelly with the Dumbo,  The user uses iSpy to look over the surveillance data

Tools runs aside 
   Runner.exe- Malware
   scanner.sys- System Environment Scanner

Dumbo V3.0

Release Date: 6 July 2015



Added features to update the details of the CCTV  and work in Windows 7 Environment


Remotely triggers all the updates to server's every Second




Output log


Tools runs aside in V3 

GUI.exe (Main executable)


wscupd.exe and wermgr.exe 
 Creates BSOD

scanner.sys
System Scanner

Developer:  Physical Access Group 

PAG is a special branch within the CCI (Center for Cyber Intelligence), its task is to gain and exploit physical access to target computers in CIA field operations


Source WikiLeaks

Monday, 31 July 2017

Game of Thrones Upcoming episodes may be leaked - HBO Data breach

Just after few hours of Airing episode 3 in HBO a Hacker emailed ew.com with  URL to Download Game Of Thrones upcoming episodes as POC




A conversation from the hacker said:



“Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.”





After the incident Company, Spokeperson  replied  




“We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”


The Leaks also has the upcoming episodes of Series "Room 104" and "Baller", And this would be the first time Game Of Thrones will be pirated over Torrent sites before the official release in case the leak is legit

Russia Bans VPN and proxy service

UnCensoring your favourite torrent site was fun to unblock but fear it's not anymore for Russians from November



President of Russia Vladimir Putin, Passes a law today against all unblocking routines.

 This helps the people divert their viewpoints from unlawful websites.


Leonid Levin, the Head of the Information Policy of Russia, said  This law wasn't passed  to route the people views but block the access to  sites that are unfavourable to people in Russia 



   

By seeking to perfect Russia’s mechanisms of digital censorship and surveillance, these bills trample on the freedoms guaranteed by the Constitution and the European Convention on Human Rights


Hope this network routing don't create Privacy issue (Intercepting all the traffic of Russia channels and ISP) for the people in Russia and Soviet union


Saturday, 29 July 2017

CIA exploit for MacOS - "Imperial"


This malware includes three different tools



  • Achilles
                  - Cryptor and Binder + reverse connection malware for Mac
  • SeaPea    

                - RootKit MAC OS
  • Aeries 
                - Targets  Linux kernels


SeaPea:
Rootkit for MacOS
SeaPea has 3Ver

             Normal:

            The rootkit is injected to a normal process and not stealthy.


             Elite-mode:
  
            Which mode is pretty stealth and process is hidden      

             Super-Elite:

            An elite process can also be executed as super elite when the NSA wants to remain covered from your sight and MacOS logs ultimately.
  Drawback of SeaPea was few

In a single user system, SeaPea will fail to run as hidden process

Versions affected:
Mac OSX 10.6 and 10.7

USER MANUAL





Aeries :

Aeries binaries were used to  attack the following Linux kernels :

  •  Debian Linux 7
  •  Red Hat Enterprise Linux 6 (i386)
  •  Solaris 11 
  •  FreeBSD 8
  •  CentOS 5.3 (32-bit edition)
  •  CentOS 5.7 (32-bit edition)

Aeries based on C code and needs Python library to start executing commands
It has Task_handler binary of Python to create a payload, and once They are executed, The  user may be a victim to CIA operative agent
NSA can encrypt the data in your  Linux Disk with this payloads
All the reverse communication from Aeries malware to NSA lab were highly encrypted with AES256 encryption





Achilles :

Injects the Backdoor to legit DMG (Disk Image)


DMG is a format similar to ISO in windows  most of the pirated applications for Mac are distributed over torrent via DMG 

How the DMG is infected:

The malicious binary is stored as DMG and binded with a Legit DMG's  creating a backdoor malware Crypted to a legit application. which helped NSA to be in stealth mode

When the user executes the DMG and run the application



      The frst time a user runs the Application all executables will run after the real application has launched


This persistent malware is stored as hidden .app file to log the user details  

Sunday, 23 July 2017

Is Tor network vulnerable to De-Anonymization?

This week built unfavourable circumstance for DarkMarket users in TOR
2 Top dark-markets are hijacked by Fed and Euro Police within a short period of time

1) Alphabay Market

 Alphabay store is the most prominent site for Drug dealers, Hitman, weapon exchange communities for Bitcoins

The Alphabay was found in December 2014 by Alexandre Cazes 26  was jailed a few months passed in a Thailand prison remained dead and site was sized(20-07-2017) within a day after his death by
EuroPolice Netherland Police and FBI


Alphabay

This seizure helped FBI to collect Hundred thousands Dollar worth Bitcoins from the transactions done in the week after hijack on July 20.  The index page of Alpha market was replaced with a title

                                                    "The Hidden site has been seized"

 Even FBI has infected the markets web page to collect the IP address of buyers and sellers


2) Hansa Market
   The alternate store for  Alphabay was hijacked on the same day by the people of the same Assortment  



Hansa market
The message in the Hansa market was different from Alphabay It asserted  most of the user details are stored by NL Politie  in their official dark web






The site has posted a list of top vendors who are still active in selling stuff  who are identified by fed and sellers who are arrested and included this keynote for the buyers    and included




few FAQ:




Have you de-anonymized TOR?
No. But if we would have, we wouldn't tell you ;).

Do this Means TOR is no safer for illegal markets anymore? What if the "NO" is a tale?

Few rumours say Dream-Market is currently backdoored   but /r/Dream_market Community disagree with the Backdoor


Just after this attacks  TOR Associates launched Bug Bounty program to find bugs  on their network so it may tighten its defence from Federals for future

 
© ORBACLES