HackingTheUniverse

You are browsing the archives of Penetration.

Netragard’s Hacker Interface Device (HID) – [snosoft.com] We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, or email [...]

Stuxnet appears to be one of the most sophisticated cyber attacks ever detected. The size and scope of the effort required to launch the attack leads analysts to suspect it came from a national security cyber team with tremendous resources. And the target may have been the SCADA control systems inside the Bushehr nuclear plant [...]

An attack that can bypass Anti-Virus defenses has been detailed in a research paper by matousec.com. Matousec developed an engine called KHOBE (Kernel HOok Bypassing Engine) that uses an “argument switch” strategy, or SSDT hooking, to convince the AV scanner that everything is okay. KHOBE – 8.0 earthquake for Windows desktop security software – [matousec.com] [...]

Here’s a roundup of recent metasploit techniques: Nessus Scanning through a Metasploit Meterpreter Session – [pauldotcom.com] Scenario: You are doing a penetration test. The client’s internet face is locked down pretty well. No services are exposed externally and only HTTP/HTTPS are allowed OUT of the corporate firewall. You email in a carefully crafted email with [...]

A trojan horse backdoor called “Zeus” is being used by a botnet named “Kneber” by researchers. This botnet has been operational for over a year and has compromised many organizations and collected a vast amount of data that was intended to be confidential. Hackers Mount New Strike – [wsj.com] Hackers in Europe and China successfully [...]

A new paper that discussed Advanced Persistent Threat (APT) has been released by Mandiant and has sparked new interest in the topic. excerpt from the original post on APT APT or Advanced Persistent Threat describes cyber attacks mounted by organizational teams that have deep resources, advanced penetration skills, specific target profiles and are remarkably persisent [...]

German magazine Der Spiegel describes how a computer hack by the Israeli foreign intelligence agency, the Mossad, enabled Israel to identify and eventually destroy a Syrian nuclear installation. How Israel Destroyed Syria’s Al Kibar Nuclear Reactor – [spiegel.de] In late 2006, Israeli military intelligence decided to ask the British for their opinion. But almost at [...]

This thoroughly researched paper by Dave Dittrich at the University of Washington, reflects on how malware and cyber criminals have evolved their techniques and activites over recent years. Hybrid combinations of penetration methods make it more difficult to defend against the malware and good use of social engineering increases the success percentage. Nugache in fact [...]

For many years, the top worry of defensive security specialists has been focused on closing/patching holes/vulnerabilities in the operating systems at the perimeter of the information system. This excellent report published by SANS suggests that the attackers are re-focusing their efforts on client side software and web applications that remain more vulnerable. Client applications that [...]

DOD, SANS, CSIS, several universities and other partner organizations are collaborating to find students with cyber abilities and train them to become future cyber warriors. Pentagon Seeks High School Hackers – [forbes.com] The so-called Cyber Challenge, which will be officially announced later this month, will create three new national competitions for high school and college [...]