Profile cover photo
Profile photo
Dragos Ruiu
Stop, Think, Pwn.
Stop, Think, Pwn.
About
Communities and Collections
View all
Posts

Post has attachment
tl;dr - you still have to pretty much treat wifi as an open book for clever attackers.

Most, if not all, WiFi access points rekey group keys very often, leading to weak keys from poor random number generators, leading to enabling sniffing and injection. Some are much worse than others.

The solution is to decrease group rekey intervals if possible on your router/AP to very long periods.

echo "wpa_group_rekey = 86400" >/etchostapd.cof #(up from default 600s)

https://goo.gl/UjbTiX

Also, most commercial access points are still vulnerable and unpatched for this group key reinstallation problem. (Hint: if the vendor didn't release an update in the last few months for it, most didn't, and you installed it and updated everything then ok, otherwise ruh-roh shaggy.) I especially love the Android 6.0 problems with all zero keys, almost every legacy android device orphaned by manufacturers for updates out there is still open. https://goo.gl/u72fux

(You are still better off nuking multicast and peer to peer broadcast traffic on your over the air nets, and disabling that altogether, regardless of how many "service discovery" protocols you'll break!)

My conclusion: you are more secure with an embedded computer and hostapd for your wifi.
Add a comment...

Post has attachment
If you have/use any of these Western Digital MyCloud drives, recommend disconnecting them immediately and transitioning the data on them to another product as soon as possible. Hardwired network backdoor (u: mydlinkBRionyg p: abc12345cba) no vendor response for six months.

http://goo.gl/9hyREs
Add a comment...

Post has attachment
Add a comment...

Post has attachment
A compendium of Windows one liners to download and execute arbitrary remote code. http://goo.gl/bWth1V
Add a comment...

Post has attachment
‪<yoda>

underestimate the power of this code signing certificate cloning attack by @mattifestation and CA chain installation, you should not

</yoda>
http://goo.gl/7HEPoH
Add a comment...

remote ldpreload rce cgi vuln in popular embedded small web server GoAhead (Motorola, D-link, HP...) http://goo.gl/6JC9JD
Add a comment...

Post has attachment
‪Kismet development has been proceeding impressively.
Now decodes DJI DroneID on WiFi as well as a new capture architecture
http://goo.gl/zkVPYf
Add a comment...

Post has attachment
tl;dr All HP laptops have a trivially enablable keylogger built in via “debugging code” in the SynTp.sys Synaptics touchpad driver. Setting one registry setting starts saving all keycodea in WPP “performance profiling” traces.
http://goo.gl/gFx7G6

Updates are available at HP http://goo.gl/CnEcCX or Windows Update. Do update.

Oh also apply the Windows emergency hotfix for a remote code execution on Defender, that was released yeaterday that is also being actively exploited. Also do update, ASAP.
http://goo.gl/VKe67H

HP keylogger
HP keylogger
zwclose.github.io
Add a comment...

Post has attachment
All ur mem r belongs 2 us:

Thunderbolt / native pcie dma attacks.

The little kid in me loves that the Spartan-6 Xilinx FPGA Eval Kit tag line on the box festooned with a wistful engineer looking at arrow shaped diagrams shooting towards racks of electornics and arrays of antennas is “THE PROGRAMMABLE FOUNDATION FOR TARGETED DESIGN PLATFORMS“ and whichever marketing person fumbling for a pseudo-militariatic jargon phrase to use as a suitably nebulous and non-specific slogan probably had no clue how close to the mark he/she/they was/were going to hit with this particular bit of marketing mumbo-jumbo. Heh....

https://github.com/Cr4sh/s6_pcie_microblaze

or use the SP605 with an FTDI UMFT601X-B and use ufrisk/pcileech

Breaks past the 4G boundary. Slowly but surely.
Add a comment...

Post has attachment
‪How to use an inexpensive RTL-SDR DVB-USB tuner dongle on Windows to do Tempest snooping on nearby screens and monitor RF emissions. http://goo.gl/dGzPZy
Add a comment...
Wait while more posts are being loaded