Osmo-FL2k How-to: A $15 DTV transmitter, FM radio hijack and GPS Spoofing device.
https://ift.tt/2KmNy9Y
Submitted April 30, 2018 at 04:29PM by Orlin82
via reddit https://ift.tt/2Fssxqw
https://ift.tt/2KmNy9Y
Submitted April 30, 2018 at 04:29PM by Orlin82
via reddit https://ift.tt/2Fssxqw
How to extract malicious code from PDF file?
I've a PDF file that contains some malicious code; when opened the processor usage maxes out and the fans run at full rpm. The pdfid.py produces the following output:
Submitted April 30, 2018 at 04:35PM by zindarod
via reddit https://ift.tt/2HJoB6I
I've a PDF file that contains some malicious code; when opened the processor usage maxes out and the fans run at full rpm. The pdfid.py produces the following output:
PDF Header: %PDF-1.7 obj 8598 endobj 8598 stream 8001 endstream 8001 xref 0 trailer 0 startxref 2 /Page 594 /Encrypt 0 /ObjStm 981 /JS 1 /JavaScript 0 /AA 2 /OpenAction 1 /AcroForm 0 /JBIG2Decode 0 /RichMedia 0 /Launch 0 /EmbeddedFile 0 /XFA 0 /URI 0 /Colors > 2^24 0/JS indicate that there's one JavaScript code and /AA and /OpenAction indicate that there are code which will launch the JavaScript code.However using the pdf-parser.py tool, searching for keyword javanoscript produces no matches:
python ./pdf-parser.py --search javanoscript ./document.pdfBut searching for keyword OpenScript returns one match.
python ./pdf-parser.py --search openaction --raw ./document.pdfresult:
obj 33412 0 Type: /Catalog Referencing: 37640 0 R, 4364 0 R, 37641 0 R, 33413 0 R, 18188 0 R, 33259 0 R, 33264 0 R, 18275 0 R, 37642 0 R <</MarkInfo 37640 0 R/Metadata 4364 0 R/Names 37641 0 R/OpenAction 33413 0 R/Outlines 18188 0 R/PageLabels 33259 0 R/PageLayout/SinglePage/PageMode/UseNone/Pages 33264 0 R/StructTreeRoot 18275 0 R/Type/Catalog/ViewerPreferences 37642 0 R>> << /MarkInfo 37640 0 R /Metadata 4364 0 R /Names 37641 0 R /OpenAction 33413 0 R /Outlines 18188 0 R /PageLabels 33259 0 R /PageLayout /SinglePage /PageMode /UseNone /Pages 33264 0 R /StructTreeRoot 18275 0 R /Type /Catalog /ViewerPreferences 37642 0 R >>Executing:
python ./pdf-parser.py --reference 33412 --raw ../document.pdfresult:
obj 37639 0 Type: /XRef Referencing: 33410 0 R, 33412 0 R Contains stream << /DecodeParms << /Columns 5 /Predictor 12 >> /Filter /FlateDecode /ID [<0B1CC64D68284D90BD0A295FADB0972A><08CB936A1AF9EB42A906D26EC2F80EFA>] /Index [33411 15558] /Info 33410 0 R /Length 7901 /Prev 15523287 /Root 33412 0 R /Size 48969 /Type /XRef /W [1 3 1] >> obj 4368 0 Type: /XRef Referencing: 33410 0 R, 33412 0 R Contains stream << /DecodeParms << /Columns 5 /Predictor 12 >> /Filter /FlateDecode /ID [<0B1CC64D68284D90BD0A295FADB0972A><08CB936A1AF9EB42A906D26EC2F80EFA>] /Info 33410 0 R /Length 8135 /Root 33412 0 R /Size 33411 /Type /XRef /W [1 3 1] >>Finally running
python ./pdf-parser.py --object 4368 --raw --filter ./document.pdfproduces a binary output that I cannot decompress.Can someone please point out my mistake or tell me how to extract the JavaScript and OpenAction code for viewing?
Submitted April 30, 2018 at 04:35PM by zindarod
via reddit https://ift.tt/2HJoB6I
Didier Stevens
PDF Tools
Here is a set of free YouTube videos showing how to use my tools: Malicious PDF Analysis Workshop. pdf-parser.py This tool will parse a PDF document to identify the fundamental elements used in the…
Sysmon-Modular - A Repository of Sysmon Configuration Modules (Customisable)
https://ift.tt/2JKJShY
Submitted April 30, 2018 at 05:59PM by PeterG45
via reddit https://ift.tt/2JEVGRU
https://ift.tt/2JKJShY
Submitted April 30, 2018 at 05:59PM by PeterG45
via reddit https://ift.tt/2JEVGRU
GitHub
GitHub - olafhartong/sysmon-modular: A repository of sysmon configuration modules
A repository of sysmon configuration modules. Contribute to olafhartong/sysmon-modular development by creating an account on GitHub.
[BLOG] Reverse Engineering Linux binary on ARM64 / aarch64
https://ift.tt/2r8B6BW
Submitted April 30, 2018 at 06:20PM by neelaryan
via reddit https://ift.tt/2FtlTjW
https://ift.tt/2r8B6BW
Submitted April 30, 2018 at 06:20PM by neelaryan
via reddit https://ift.tt/2FtlTjW
ScriptDotSh
Ground Zero: Part 3 - Reverse Engineering Basics - Linux on ARM64 - ScriptDotSh
Prologue As you might already be aware that ARM powers a variety of low-powered devices around us, including but not limited to, phones, routers, IoT devices.etc. Therefore, it is only logical to dig into this architecture and understand how it differs from…
Security In 5: Epsiode 227 - Gmail Gets A Redesign And Adds Security Features You Should Know
https://ift.tt/2HG9ajR
Submitted April 30, 2018 at 06:42PM by BinaryBlog
via reddit https://ift.tt/2raEf4i
https://ift.tt/2HG9ajR
Submitted April 30, 2018 at 06:42PM by BinaryBlog
via reddit https://ift.tt/2raEf4i
Libsyn
Security In Five Podcast: Epsiode 227 - Gmail Gets A Redesign And Adds Security Features You Should Know
If you are a Google Gmail user you may have received the new redesign, if you haven't you will soon. Gmail's recent redesign adds more features to help manage and respond to emails but this episode talks about the new security features it also adds. Gmail…
It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.
https://ift.tt/2JwIa2Y
Submitted April 30, 2018 at 07:17PM by speckz
via reddit https://ift.tt/2w1cf8V
https://ift.tt/2JwIa2Y
Submitted April 30, 2018 at 07:17PM by speckz
via reddit https://ift.tt/2w1cf8V
The Intercept
It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.
I spent two years trying to get someone to tamper with my laptop, so I could then detect it. Somewhere along the way, I realized this might never happen.
Security Vulnerabilities in VingCard Electronic Locks
https://ift.tt/2rahi1L
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2jhvUIh
https://ift.tt/2rahi1L
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2jhvUIh
reddit
Security Vulnerabilities in VingCard Electronic Locks • r/security
1 points and 0 comments so far on reddit
Security Trade-Offs in the New EU Privacy Law
https://ift.tt/2I2xxFq
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2HJmAI4
https://ift.tt/2I2xxFq
Submitted April 30, 2018 at 08:17PM by volci
via reddit https://ift.tt/2HJmAI4
reddit
Security Trade-Offs in the New EU Privacy Law • r/security
1 points and 0 comments so far on reddit
Playbook to identify malware leveraging IoCs
We got our first playbook submission for our contest! You can participate by voting or creating your own! Go to secopshub to learn how to make a playbook.This playbook offers a quick way to identify malware leveraging cheap (in terms of compute) indicators of compromise (such as filehashes) and sends email notifications. It also has an additional flow to identify malware using a sandbox for those who need the extra check.Note: the entire playbook is 100% automatable. https://www.secopshub.com/t/show-off-your-security-expertise-join-our-community-driven-contest/263/3
Submitted April 30, 2018 at 08:01PM by SecOpsHub
via reddit https://ift.tt/2jjliJ6
We got our first playbook submission for our contest! You can participate by voting or creating your own! Go to secopshub to learn how to make a playbook.This playbook offers a quick way to identify malware leveraging cheap (in terms of compute) indicators of compromise (such as filehashes) and sends email notifications. It also has an additional flow to identify malware using a sandbox for those who need the extra check.Note: the entire playbook is 100% automatable. https://www.secopshub.com/t/show-off-your-security-expertise-join-our-community-driven-contest/263/3
Submitted April 30, 2018 at 08:01PM by SecOpsHub
via reddit https://ift.tt/2jjliJ6
SecOps Hub
Show off your security expertise--join our community-driven contest!
We want to learn from you, so we’re running a contest to gather the best incident response playbooks from the community. It’s an open-ended contest–you pick the use case, draw up the playbook, and submit it to the community for consideration. The 3 top-voted…
David Lacey's four-dimensional metaphysical GRC database. What is it and how's it revolutionising security.
https://ift.tt/2sb0nyZ
Submitted April 30, 2018 at 07:50PM by LiamBigDataDonoghue
via reddit https://ift.tt/2I1vEuX
https://ift.tt/2sb0nyZ
Submitted April 30, 2018 at 07:50PM by LiamBigDataDonoghue
via reddit https://ift.tt/2I1vEuX
Venturi Group
Information Security: The pitfalls and problems facing us in the 21st century
In this episode Andy Davis talks to David Lacey, Managing Director at David Lacey consulting. They discuss the disparate approaches to information security
[Slides] Back To The Future | Going Back In Time To Abuse Android's JIT // Infiltrate 2018
https://ift.tt/2I35sAd
Submitted April 30, 2018 at 07:44PM by rotlogix_
via reddit https://ift.tt/2I5Y5Ix
https://ift.tt/2I35sAd
Submitted April 30, 2018 at 07:44PM by rotlogix_
via reddit https://ift.tt/2I5Y5Ix
Speaker Deck
Back To The Future | Going Back In Time To Abuse Android's JIT
Enhancing Pwned Passwords Privacy by Exclusively Supporting Anonymity
https://ift.tt/2jkp8Se
Submitted April 30, 2018 at 08:23PM by volci
via reddit https://ift.tt/2Kra4OT
https://ift.tt/2jkp8Se
Submitted April 30, 2018 at 08:23PM by volci
via reddit https://ift.tt/2Kra4OT
Troy Hunt
Enhancing Pwned Passwords Privacy by Exclusively Supporting Anonymity
When I launched Pwned Passwords in August, I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. (Incidentally…
Burp Collaborator Server docker container with LetsEncrypt certificate
https://ift.tt/2rfEXNN
Submitted April 30, 2018 at 08:32PM by m0risson
via reddit https://ift.tt/2r8IWLG
https://ift.tt/2rfEXNN
Submitted April 30, 2018 at 08:32PM by m0risson
via reddit https://ift.tt/2r8IWLG
GitHub
integrity-sa/burpcollaborator-docker
This repository includes a set of noscripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible t...
Project Sonar: An Underrated Source of Internet-wide Data
https://ift.tt/2JHm7Gz
Submitted April 30, 2018 at 09:32PM by patrikhudak
via reddit https://ift.tt/2w2lDci
https://ift.tt/2JHm7Gz
Submitted April 30, 2018 at 09:32PM by patrikhudak
via reddit https://ift.tt/2w2lDci
No, Ray Ozzie hasn't solved crypto backdoors
https://ift.tt/2HZYFoA
Submitted April 30, 2018 at 08:58PM by volci
via reddit https://ift.tt/2HKbHFy
https://ift.tt/2HZYFoA
Submitted April 30, 2018 at 08:58PM by volci
via reddit https://ift.tt/2HKbHFy
Erratasec
No, Ray Ozzie hasn't solved crypto backdoors
According to this Wired article, Ray Ozzie may have a solution to the crypto backdoor problem. No, he hasn't. He's only solving the part we...
MMap vulnerabilities in the linux kernel
https://ift.tt/2FtCl3Q
Submitted April 29, 2018 at 11:05PM by aerodudrizzt
via reddit https://ift.tt/2HBalRv
https://ift.tt/2FtCl3Q
Submitted April 29, 2018 at 11:05PM by aerodudrizzt
via reddit https://ift.tt/2HBalRv
Check Point Research
MMap Vulnerabilities – Linux Kernel - Check Point Research
By: Eyal Itkin As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers. In this case, we took a look into drivers trying to roll…
PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions
https://ift.tt/2JzkX02
Submitted April 30, 2018 at 10:21PM by volci
via reddit https://ift.tt/2Fu8cRO
https://ift.tt/2JzkX02
Submitted April 30, 2018 at 10:21PM by volci
via reddit https://ift.tt/2Fu8cRO
BleepingComputer
PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions
A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.
[BLOG] Ethereum security: Detecting batchOverflow and other integer overflow/underflow issues
https://ift.tt/2jjihZ2
Submitted April 30, 2018 at 11:23PM by berndtzl
via reddit https://ift.tt/2Fs70hL
https://ift.tt/2jjihZ2
Submitted April 30, 2018 at 11:23PM by berndtzl
via reddit https://ift.tt/2Fs70hL
ConsenSys Media
Detecting batchOverflow (and Similar Flaws) in Ethereum Smart Contracts
This article explains how to analyze Ethereum smart contracts for integer overflow vulnerabilities. For a detailed writeup on smart…
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
Trendmicro
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation - TrendLabs Security Intelligence…
Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger.
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
https://ift.tt/2vVPIKI
Submitted April 30, 2018 at 11:38PM by EvanConover
via reddit https://ift.tt/2KsyIyS
Trendmicro
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation - TrendLabs Security Intelligence…
Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger.
The Digital Vigilantes Who Hack Back: American companies that fall victim to data breaches want to retaliate against the culprits. But can they do so without breaking the law?
https://ift.tt/2jiEpTH
Submitted May 01, 2018 at 01:15AM by SuccessfulOperation
via reddit https://ift.tt/2HCxROc
https://ift.tt/2jiEpTH
Submitted May 01, 2018 at 01:15AM by SuccessfulOperation
via reddit https://ift.tt/2HCxROc
The New Yorker
The Digital Vigilantes Who Hack Back
American companies that fall victim to data breaches want to retaliate against the culprits. But can they do so without breaking the law?