Profile

Cover photo
Dragos Ruiu
Works at dragostech.com inc.
Attended University of Alberta
Lived in Saskatchewan
1,267,141 views
AboutPostsPhotosYouTube+1's

Stream

Dragos Ruiu

Shared publicly  - 
 
Happy Canada Day. (Or what's left of it and our rights after our current governing party get done with it.)
In other news the newest 801.11n WiFi standard has some seriously broken bits in the standard. They introduced a new packet coalescing and aggregation protocol that leaves the chipsets vulnerable to Packet-in-Packet injection. I.e. You can abuse the protocol to include spoofed low level MAC packets in HTTP frames from any web server and other similar fun. An attacker can leverage this technique to deauthenticate clients, inject malicious beacon frames, perform host and port scans, bypass firewall rules, and conduct Address Resolution Protocol (ARP) spoofing. So, not so good, especially since this is a chipset level issue and the chipsets are just behaving as the ill-conceived standard specifies for Aggregated-MAC Protocol Data Units (A-MPDU) handling. Being hardware/firmware, it's not easily changed.
Paper and PoC at link below.
14
7
Alexandre Keledjian's profile photoCaptain_ Hook (CaptainHook)'s profile photoJohn Chronister's profile photoMatthew J. Harmon's profile photo
 
Was your image for this post laced with aggr-inject frames? :-)
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Seems to me that lot of fun could be had with a little pattern of small "donuts" that makes a document unprintable and uncopyable. But I've always had a weird sense of "fun." http://goo.gl/FjWi37
How often have you looked at the cash in your wallet? Look closer: it’s riddled with hidden patterns designed to deter counterfeiters. Chris Baraniuk investigates.
15
4
Bert Knabe's profile photoMathias Hablützel's profile photoAutumn Ginkgo Leaves™'s profile photoJürgen Christoffel's profile photo
3 comments
 
I'm in the US, I need to find me some cash to check this out. Hey anyone willing to make a copy for me? :D
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
This web page contains an overview of, and Q&A about, our recent results published in a technical paper (PDF, 2.1MB), archived as IACR ePrint 2015/170. It will be presented at the Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2015 in September 2015.
27
15
Markus Breitenbach's profile photoMario Gastegger's profile photoEnrico Piccini's profile photoBruno Santos's profile photo
2 comments
 
M

Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Nice Windows Kernel Exploitation tutorial http://goo.gl/N3iaje
Windows Kernel Exploitation Humla Mumbai was conducted to introduce participants to Windows Kernel Exploitation.
20
7
Bogdan Catalin Donici's profile photoTerry Sanderson's profile photoMikko Rantalainen's profile photoAlexander Oberhuber's profile photo
 
Would be interesting to see someone have a look at ReactOS's kernel and subsystems for bugs like these.
It is an NT like OS, so...
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
HD firmware hacking (part3): reversing the boot loader http://goo.gl/fmaFjc
Before we get started with part 3, I have a few updates regarding part 1 & 2. I've found that the reset pad on the JTAG header is not actually a system reset (SRST) but a TAP reset (TRST), which isn't very useful for debuggin...
18
4
Luís Filipe Gonzaga's profile photoBogdan Catalin Donici's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Fox-IT publishes open source tools to detect duplicate sequence numbers of QUANTUM INSERT style NSA attacks http://goo.gl/sGy2k2
Summary and recommendations QUANTUMINSERT (QI) is actually a relatively old technique. In order to exploit it, you will need a monitoring capabilities to leak information of observed TCP sessions a...
18
11
Bogdan Catalin Donici's profile photoJoaquin Menchaca's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
Brit boffins' test of 14 prominent privacy tunnels finds leaks galore thanks to IPv6 mess
21
15
Antti Vainiola's profile photoAlexandre Keledjian's profile photoCaptain_ Hook (CaptainHook)'s profile photoMario Vilas's profile photo
6 comments
 
+Howard C. Shaw III I think the problem is that some providers are running traffic across both IPv4 and IPv6 simultaneously. When that happens, you're vulnerable.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
5 axis CNC less than 5k http://goo.gl/NBc31q 
The PocketNC CNC Mill comes in at under $5,000 and delivers 5 axis of movement.
11
2
Brett Coburn's profile photoTheodore Stauffer's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Keychain cracked on OSX and IOS. Ruh-Roh. https://goo.gl/MpJU07
31
12
Paul Atwal's profile photoKevin Partridge's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Sleep mode end run on EFI protections on all pre mid2014 MacBooks leaves EFI vulnerable to unremovable bios rootkits.
I wouldn't bet that EFI is untouchable from user land on later model MacBooks either, though not necessarily with this bug. Apple might someday learn more eyes on security is better than their silent march of obscurity and planned obsolescence.
Wish there was some nonEFI dependent way to verify EFI - the architecture is broken.

14
2
Bert Knabe's profile photoMatias Brutti's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Good enumeration of Windows persistence methods. http://goo.gl/kMnbho 
TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;) Are you into blue teaming? Have to find those pesky backdoors? This post is not that long, read it ;) In the previous post I listed...
23
8
Vincent Longo's profile photoElias Pinto's profile photoAli-Reza Anghaie's profile photoBogdan Catalin Donici's profile photo
2 comments
 
Haven´t touch that OS for so long. Now you brought all the bad memories back.
Thx a lot +Dragos Ruiu.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Root backdoor in OSX. http://goo.gl/rsHSQz
TL;DR The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploite...
49
47
Татьяна Мацедонская's profile photoGeorge Furbish's profile photoMichael Olsen's profile photoJoaquin Menchaca's profile photo
4 comments
 
What do you want to bet that all they did to "fix" it was invent a deeper and more obscure back door?

OS X has been an excellent example of very bad security design from day one.  Of course it's really not any worse than most any other desktop system, including all Linux systems.
Add a comment...
Story
Tagline
Stop, Think, Pwn.
Introduction
Systems Rationalizer
Bragging rights
Can hover inverted. ;-)
Education
  • University of Alberta
Basic Information
Gender
Male
Other names
dr
Work
Occupation
engineer
Employment
  • dragostech.com inc.
    engineer, 1997 - present
  • HP
  • Myrias
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Saskatchewan
Links
Contributor to
Dragos Ruiu's +1's are the things they like, agree with, or want to recommend.
Waze Social GPS Maps & Traffic
market.android.com

Waze is a fun, community based mapping, traffic & navigation app. With millions of drivers from across the globe joining forces to outsmart

Threema
market.android.com

Threema ist eine Kurznachrichten-App mit einem besonderen Fokus auf Sicherheit. Echte Ende-zu-Ende-Verschlüsselung garantiert, dass niemand

CPU-Z
market.android.com

Android version of the popular CPU identification tool for PC/Windows., CPU-Z is a free application that reports information about your devi

Demand answers and real consequences for robocall election fraud
www.leadnow.ca

Elections Canada just traced misleading phone calls made during the 2011 federal election to a company that worked for the Conservative Part

KB14320-How to maximize battery life and free memory on the BlackBerry s...
btsc.webapps.blackberry.com

Maximizing Battery Power. Application Management. Multitasking - Close any running BlackBerry® smartphone applications that are not being ac

Play VOB,MKV,MTS,FLV RM,RMVB on Windows RT (Surface 8 RT included) » AMV...
blog.amvsoft.com

Overview Micrsoft has made an important step to support the playback of MPEG-4 on Windows 8 RT and Windows 8 Pro. Windows RT has excellent s

Locus Pro
market.android.com

MULTI-FUNCTION TOURIST NAVIGATION Irreplaceable application for hiking, geocaching and your everyday life. Locus offers many useful features

A free and open world depends on a free and open web. | Google
www.google.com

A free and open world depends on a free and open Internet. Governments alone, working behind closed doors, should not direct its future. The

There's a New Way to Own a Piece of Facebook Before Its IPO
mashable.com

If you're looking to invest in Facebook before its IPO but not privy to the secondary markets where shares of the company have been trad

Maverick
market.android.com

Off-road GPS navigator with offline maps support, compass and track recording. Use offline maps and GPS even without an internet connection.

Vancouver Riot: Psychology (Not Hooligans) Is Responsibile for the Chaos...
bleacherreport.com

As I sat at home watching the Vancouver riots unfold in front of me, I was amazed at how ill-informed the newscasters and on-site reporters