Saturday, 19 November 2016

Qualcomm and HackerOne Partner on Bounty Program


Mobile Chipset
Qualcomm kicked off its first bug bounty program Thursday, opening the door for white hat hackers to find flaws in a dozen Snapdragon mobile chipsets and related software. Rewards for the invite-only bug bounty program top $15,000 each. HackerOne will facilitate Qualcomm’s bounty program; the chipmaker is hoping to secure millions of smartphones running Snapdragon silicon, including phones sold by Samsung, LG, HTC and Google.
Eligible Snapdragon products include eight mobile processors, four LTE modems and additional related silicon technologies and software. The bug bounty program will be administered through the Qualcomm Technologies business unit in conjunction with HackerOne. The program, Qualcomm claims, is the first of its kind for a major silicon vendor. “With Qualcomm Technologies’ vulnerability rewards program they will continue to build vital relationships with the external security researcher community and supplement the great work their internal security team is doing,” said Alex Rice, chief technology officer for HackerOne in a prepared statement. Qualcomm joins a number of high-profile and recently launched bug-bounty programs. Earlier this month the Department of Defense awarded a contract to HackerOne to bolster the cyber security of the U.S. Army’s digital assets. That complemented another investment by the U.S. government with Synack, which was picked to create a bug-bounty platform for the IRS. HackerOne also had a high profile Hack the Pentagon bug bounty program which ran from April 18 to May 12 earlier this year. Qualcomm and HackerOne said that 40 security researchers have been invited to participate. The bounty program includes a list of chipset models eligible for submissions, along with software components that include Linux kernel code (part of “Android for MSM”) and WLAN and Bluetooth firmware. At the top range of the bounty program are $15,000 rewards for critical bugs tied to Snapdragon cellular modems. Rewards of $9,000 are tied to ‘critical’ Trusted Execution Environment, or TEE, and bootloader vulnerabilities. Security vulnerabilities rated ‘high’ payout between $5,000 and $4,000. Vulnerabilities considered ‘medium’ and ‘low range’ offer rewards of $2,000 to $1,000. Not eligible, are issues tied to OEM modifications, some denial of service issues and bugs tied to PC software such as USB drivers, according to HackerOne. Qualcomm said the rewards program is effective starting November 17. Qualcomm’s bug bounty program comes on the heels of this summer’s revelation of four massive vulnerabilities, dubbed Quadrooter, which impacted over 900 million smartphones running Qualcomm chipsets. Security research firm Check Point discovered the vulnerabilities and said they could allow an attacker to elevate privileges on top Android handsets and give an attacker complete control over targeted devices. In October, Google released the last in a series of patches addressing the vulnerabilities.

Eligible Snapdragon products include eight mobile processors, four LTE modems and additional related silicon technologies and software. The bug bounty program will be administered through the Qualcomm Technologies business unit in conjunction with HackerOne. The program, Qualcomm claims, is the first of its kind for a major silicon vendor. “With Qualcomm Technologies’ vulnerability rewards program they will continue to build vital relationships with the external security researcher community and supplement the great work their internal security team is doing,” said Alex Rice, chief technology officer for HackerOne in a prepared statement. Qualcomm joins a number of high-profile and recently launched bug-bounty programs. Earlier this month the Department of Defense awarded a contract to HackerOne to bolster the cyber security of the U.S. Army’s digital assets. That complemented another investment by the U.S. government with Synack, which was picked to create a bug-bounty platform for the IRS. HackerOne also had a high profile Hack the Pentagon bug bounty program which ran from April 18 to May 12 earlier this year. Qualcomm and HackerOne said that 40 security researchers have been invited to participate. The bounty program includes a list of chipset models eligible for submissions, along with software components that include Linux kernel code (part of “Android for MSM”) and WLAN and Bluetooth firmware. At the top range of the bounty program are $15,000 rewards for critical bugs tied to Snapdragon cellular modems. Rewards of $9,000 are tied to ‘critical’ Trusted Execution Environment, or TEE, and bootloader vulnerabilities. Security vulnerabilities rated ‘high’ payout between $5,000 and $4,000. Vulnerabilities considered ‘medium’ and ‘low range’ offer rewards of $2,000 to $1,000. Not eligible, are issues tied to OEM modifications, some denial of service issues and bugs tied to PC software such as USB drivers, according to HackerOne. Qualcomm said the rewards program is effective starting November 17. Qualcomm’s bug bounty program comes on the heels of this summer’s revelation of four massive vulnerabilities, dubbed Quadrooter, which impacted over 900 million smartphones running Qualcomm chipsets. Security research firm Check Point discovered the vulnerabilities and said they could allow an attacker to elevate privileges on top Android handsets and give an attacker complete control over targeted devices. In October, Google released the last in a series of patches addressing the vulnerabilities.

See more at: Qualcomm and HackerOne Partner on Bounty Program https://wp.me/p3AjUX-vKy

“PoisonTap” Device Made Using $5 Raspberry Pi Can Easily Hack Password-Protected Computers

The lock screen of a computer is the ultimate locked door which every hacker seeks to break. This is because the lock screen protects the access of a PC/laptop to unauthorized access. Many hackers have tried to devise ways and means to break this ultimate door be it on Windows, Mac or Linux run PC/laptops. A hacker used a $50 device called Hak5 LAN Turtle to do the same while our very own Samy Khamkar had better ideas.
He has created a hacking device that allows attackers to easily gain access to a password-protected computer, hijack all its Internet traffic, and install backdoors. He has created this ultimate hack tool called PoisonTap using just $5 Rasberry Pi and running on Node.js. A person wanting to hack the lock screen password has to just plug in the $5 PoisonTap to Windows or Mac computer via USB, the device starts loading the exploits needed to compromise the machine without asking for the lock screen password.
The PoisonTap uses the similar method $50 device called Hak5 LAN Turtle and targets the weak Ethernet authentication in Mac and Windows PC. Once the PoisonTap is connected, the hacking tool emulates an Ethernet device over USB. The Windows/Mac PC recognizes the PoisonTap as Ethernet device it loads it as a low-priority network device and sends it a DHCP request. The PoisonTap then starts hijacking the internet traffic by taking control of IPv4 space. Once this is done, Poison can steal HTTP cookies and sessions for the Alexa top 1 million websites from the victim’s browser.
Khamkar has said that cookie siphoning is possible even if the web browser is not actively used. As long as the application is running in the background, it’s likely that at least one of the open webpages is making HTTP requests.
PoisonTap can then install  backdoors for hundreds of thousands of domains, and open a remote access channel to the victim’s router.
Since PoisonTap steals cookies and not credentials, the attacker can hijack the victim’s online accounts even if they have two-factor authentication (2FA) enabled. Furthermore, HTTPS protection is bypassed if the “secure” cookie flag and HSTS are not enabled. Khamkar says PoisonTap can also bypass several other security mechanisms, including same-origin policy (SOP), HttpOnly cookies, X-Frame-Options HTTP response headers, DNS pinning and cross-origin resource sharing (CORS).
The interesting part is that PoisonTap needed to connect only once to the target PC. Once it is connected and it installs the backdoors, the hacker has access to the exploited PC even when it is disconnected.

creak – Poison, Reset, Spoof, Redirect MITM Script

Performs some of the most famous MITM attack on target addresses located in a local network. Among these, deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language, I decline every responsibility for any abuse, including malevolent or illegal use of this code.
Installation
$ git clone https://github.com/codepr/creak.git
$ cd creak
$ python setup.py install
or simply clone the repository and run the creak.py after all requirements are installed:
$ git clone https://github.com/codepr/creak.git
It is required to have installed pcap libraries for raw packet manipulations and dpkt module, for dns spoofing options is required to have installed dnet module from libdnet package, do not confuse it with pydnet (network evaluation tool) module. It can use also scapy if desired, can just be set in the config.py file.
Options
Usage: creak.py [options] dev

Options:
  -h, --help           show this help message and exit
  -1, --sessions-scan  Sessions scan mode
  -2, --dns-spoof      Dns spoofing
  -3, --session-hijack Try to steal a TCP sessions by desynchronization (old technique)
  -x, --spoof          Spoof mode, generate a fake MAC address to be used
                       during attack
  -m MACADDR           Mac address octet prefix (could be an entire MAC
                       address in the form AA:BB:CC:DD:EE:FF)
  -M MANUFACTURER      Manufacturer of the wireless device, for retrieving a
                       manufactur based prefix for MAC spoof
  -s SOURCE            Source ip address (e.g. a class C address like
                       192.168.1.150) usually the router address
  -t TARGET            Target ip address (e.g. a class C address like
                       192.168.1.150), can be specified multiple times
  -p PORT              Target port to shutdown
  -a HOST              Target host that will be redirect while navigating on
                       target machine
  -r REDIR             Target redirection that will be fetched instead of host
                       on the target machine
  -v, --verbose        Verbose output mode
  -d, --dotted         Dotted output mode
▼Advertisements
Example
Most basic usage: Deny all traffic to the target host
$ python creak.py -t 192.168.1.30 wlan0
Set a different gateway:
$ python creak.py -s 192.168.1.2 -t 192.168.1.30 wlan0
Set a different mac address for the device:
$ python creak.py -m 00:11:22:33:44:55 -t 192.168.1.30 wlan0
Spoof mac address generating a fake one:
$ python creak.py -x -t 192.168.1.30 wlan0
Spoof mac address generating one based on manufacturer(e.g Xeros):
$ python creak.py -x -M xeros -t 192.168.1.30 wlan0
DNS spoofing using a fake MAC address, redirecting ab.xy to cd.xz(e.g. localhost):
$ python creak.py -x -M xeros -t 192.168.1.30 -a www.ab.xy -r www.cd.xz wlan0
Deny multiple hosts in the subnet:
$ python creak.py -x -t 192.168.1.30 -t 192.168.1.31 -t 192.168.1.32 wlan0

The largest DDoS attack ever was probably pulled off by bored teens

Millions of people in the eastern U.S. woke up on a Friday morning in October to find large parts of the internet not working. No Twitter. No Netflix. No Spotify. The issue, as we later learned, was an ominous new kind of cyberattack, where “smart” household devices were marshaled into a zombie army capable of choking critical infrastructure of the web. It was the biggest distributed denial of service (DDoS) attack in history.
We were also told that given the ubiquity of these internet-connected devices — web cameras and “smart” household items of all sorts, largely made in China and shipped to the States by the boatload — this type of attack would only grow worse and more frequent.

Since then, the world’s leading cybersecurity experts have been following clues to track who is responsible. They’ve come to a disturbing conclusion: the biggest DDoS attack in history was probably not caused by a state-sponsored actor, organized crime, terror groups, or anyone with a geopolitical or financial motive. So who’s left?
“Kids,” said Mikko Hypponen, chief research officer with security firm F-Secure. “Kids who have the capability and don’t know what to do with it.”
“The source code that was released could have been written by a high school student, a smart high school student, but a high school student nonetheless,” security expert Rob Graham said after examining the malware used in the attacks. “It wasn’t particularly sophisticated.”
The attack was carried out using the Mirai malware — a malicious piece of software designed to hack hardware — that had been posted on a hacking forum for anyone to use. The hackers were able to infect millions of smart devices to work together as an army of zombie computers — known as a botnet — capable of firing huge amounts of internet traffic at servers, which overwhelmed them and knocked them offline.
The target this time was Dyn, one of the world’s leading Domain Name System (DNS) providers. These companies operate as the phonebooks of the internet, connecting users to the servers hosting the websites they visit. Despite the critical nature of Dyn’s infrastructure, the attack was so huge — reportedly 1.2 terabits per second — the company was unable to prevent its customers from being affected.
What set this attack apart from other DDoS attacks is the apparent ease with which it was carried out and the critical importance of the service it knocked offline.
Dyn said it cannot reveal details about the source of the attack or the identity of the attackers because of an ongoing law enforcement investigation.
But Flashpoint, a security company which has been monitoring this attack from the start, agreed with Hypponen and Graham.
“The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivists, nation-states, and terrorist groups,” the director and two other employees wrote on their site.
Hackforums is an online community where hackers chat, share tools, and offer their services in exchange for money. It was here that a hacker known as Anna Senpai posted the source code to the malware used to compromise hundreds of thousands of “Internet of Things” (IoT) devices across the globe.
As a demonstration of just how powerful these attacks can be, security researcher Kevin Beaumont revealed that the people behind these botnets have been attempting to knock an entire country offline this week.
Liberia has a single submarine cable connecting it to the internet, and one of the botnets created with the Mirai malware has been consistently flooding it with traffic to repeatedly knock it offline for short periods of time.
Beaumont calls the group behind the Liberia attack Shadow Kills, in reference to a mocking message the attackers sent to the researcher.
While financial gain can motivate script kiddies, typically selling access to their botnets, just as often, they execute attacks such as these to show off or cause disruption and chaos for sport.
That happened two years ago, when a group of hackers called Lizard Squad attacked the PlayStation Network and Xbox Live, causing a lot of problems for Sony and Microsoft by knocking the networks offline for long periods.
Just this week in the U.K., a teenager who, at just 15, created a tool to easily carry out DDoS attacks on any website, pled guilty after the police claimed the tool had been used in 1.7 million attacks.
While security experts may call the method of attack on Dyn unsophisticated, the company holds a different view. Chief Strategy Officer Kyle York said the attack was “complicated, multi-layered, unprecedented, and more distributed than your average attack.”
In fact, he called that Friday “the proudest day in the company’s history” because of the way the engineers mitigated an attack of this size.
The success of the attack also took many in the industry by surprise. “I think it is remarkable that the attack was so successful against Dyn, considering the track record the company has,” Hypponen said.
Aside from the outcome, the fact that the attack leveraged the power of millions of unsecured devices connected directly to the internet — products like CCTV cameras, routers, and DVRs — is part of a worrying trend.
In September a similar but separate army of zombie devices created by the Mirai malware attacked the website of Brian Krebs, an investigative journalist. Since then, others have used the source code multiple times to create their own botnets, some of which were used in the attack on Dyn.
In the wake of the high-profile attack on Krebs, multiple members of Hackforums offered access to Mirai botnets for as little as $3 a time. Anyone who hires the botnet can name their target, and the hacker will turn his zombie army in that direction, with the aim of knocking the website offline for a period of time.
Hackforums administrator Jesse LaBrocca, worried about the negative attention the attack brought on his website, shut down the section selling those services.
“Unfortunately once again the few ruin it for the many,” LaBrocca wrote.
The problem facing those who control the backbone of the internet is that if a group of script kiddies can knock large portions of the web offline with such a simple attack, what’s next?
Unfortunately, there’s no easy fix for the problem. The vulnerable devices contain little to no security, often using default usernames and passwords hardwired at the factory. And the companies that make them — mostly based in China — have little incentive to make them more secure because of a lack of regulation forcing them to do so. Lastly, consumers, typically concerned with price, design, and color when buying a new product, don’t care enough about security to ask the salesman if their shiny new fridge is secure — even though the device may connect to their Wi-Fi and pose a significant security risk.
Just this week, another major flaw in IoT devices was revealed when researchers showed how a vulnerability in wireless technology used in smart devices like lights, switches, locks, and thermostats could be exploited to take control of those devices.
“This means that the vendors building these things invest the minimum amount of money possible because it is not a selling point, and this is unlikely to change,” Hypponen said.
With millions of these devices connected to the internet every week, the problem will only grow. And while it may make for lots of fun for script kiddies, for the rest of us, it’s very worrying.

Hack In Paris: Registration open

The  Seventh Edition of Europe's leading I.T security Congress,  Hack In Paris is scheduled to be held from June 19, 2017 to June 23, 2017 in DinseyLand.

Confernce will focus on  topics related to Internet of Things (IoT), Modern reverse engineering, Vulnerability research and exploitation, Penetration testing and security assessment, Malware analysis and new trends in malicious codes, Forensics, IT crime & law enforcement, Privacy issues: LOPPSI, HADOPI, Low-level hacking (console security & mobile devices), Risk management and ISO 27001, BYOD, Social Engineering, but don't hesitate to submit your research paper if your topic of research is not in the list.

They have opened registration for  speakers and trainers  to share their experience. The time limit for the speaker is 45min + 10min of Q&A, you can fill and send it to cfp@hackinparis.com. All submissions will be reviewed by the  program committee. Authors will be notified of acceptance of their talk.

 For registration details please visit the website (https://hackinparis.com/).  The last date for submitting the application is  March 6th, 2017.


Here  is the whole schedule of the program:
* November 16th - CFP/CFT announced
* March 6th - Submission deadline
* March 13th - Booking opening
* March 26th - Talks & Trainings program announcement
* June 19th to 23rd - Hack In Paris
* June 24th to 25th - Nuit Du Hack

The 6th edition of Hack In Paris was held in France, at la Maison De la Chimie, Paris, and was attended by more than 400 attendees around the world.

Hack In Paris attendees aims to discover the realities of hacking, and its consequences for companies. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.
Mobile Chipset Qualcomm and HackerOne Partner on Bounty Program by Tom Spring November 18, 2016 , 12:45 pm Qualcomm kicked off its first bug bounty program Thursday, opening the door for white hat hackers to find flaws in a dozen Snapdragon mobile chipsets and related software. Rewards for the invite-only bug bounty program top $15,000 each. HackerOne will facilitate Qualcomm’s bounty program; the chipmaker is hoping to secure millions of smartphones running Snapdragon silicon, including phones sold by Samsung, LG, HTC and Google. Related Posts Army Bug Bounty Building New Relationships with Hackers November 14, 2016 , 12:03 pm Google Releases Supplemental Patch for Dirty Cow Vulnerability November 8, 2016 , 1:38 pm GitLab Patches Command Execution Vulnerability November 3, 2016 , 2:50 pm Eligible Snapdragon products include eight mobile processors, four LTE modems and additional related silicon technologies and software. The bug bounty program will be administered through the Qualcomm Technologies business unit in conjunction with HackerOne. The program, Qualcomm claims, is the first of its kind for a major silicon vendor. “With Qualcomm Technologies’ vulnerability rewards program they will continue to build vital relationships with the external security researcher community and supplement the great work their internal security team is doing,” said Alex Rice, chief technology officer for HackerOne in a prepared statement. Qualcomm joins a number of high-profile and recently launched bug-bounty programs. Earlier this month the Department of Defense awarded a contract to HackerOne to bolster the cyber security of the U.S. Army’s digital assets. That complemented another investment by the U.S. government with Synack, which was picked to create a bug-bounty platform for the IRS. HackerOne also had a high profile Hack the Pentagon bug bounty program which ran from April 18 to May 12 earlier this year. Qualcomm and HackerOne said that 40 security researchers have been invited to participate. The bounty program includes a list of chipset models eligible for submissions, along with software components that include Linux kernel code (part of “Android for MSM”) and WLAN and Bluetooth firmware. At the top range of the bounty program are $15,000 rewards for critical bugs tied to Snapdragon cellular modems. Rewards of $9,000 are tied to ‘critical’ Trusted Execution Environment, or TEE, and bootloader vulnerabilities. Security vulnerabilities rated ‘high’ payout between $5,000 and $4,000. Vulnerabilities considered ‘medium’ and ‘low range’ offer rewards of $2,000 to $1,000. Not eligible, are issues tied to OEM modifications, some denial of service issues and bugs tied to PC software such as USB drivers, according to HackerOne. Qualcomm said the rewards program is effective starting November 17. Qualcomm’s bug bounty program comes on the heels of this summer’s revelation of four massive vulnerabilities, dubbed Quadrooter, which impacted over 900 million smartphones running Qualcomm chipsets. Security research firm Check Point discovered the vulnerabilities and said they could allow an attacker to elevate privileges on top Android handsets and give an attacker complete control over targeted devices. In October, Google released the last in a series of patches addressing the vulnerabilities.

See more at: Qualcomm and HackerOne Partner on Bounty Program https://wp.me/p3AjUX-vKy
Mobile Chipset Qualcomm and HackerOne Partner on Bounty Program by Tom Spring November 18, 2016 , 12:45 pm Qualcomm kicked off its first bug bounty program Thursday, opening the door for white hat hackers to find flaws in a dozen Snapdragon mobile chipsets and related software. Rewards for the invite-only bug bounty program top $15,000 each. HackerOne will facilitate Qualcomm’s bounty program; the chipmaker is hoping to secure millions of smartphones running Snapdragon silicon, including phones sold by Samsung, LG, HTC and Google. Related Posts Army Bug Bounty Building New Relationships with Hackers November 14, 2016 , 12:03 pm Google Releases Supplemental Patch for Dirty Cow Vulnerability November 8, 2016 , 1:38 pm GitLab Patches Command Execution Vulnerability November 3, 2016 , 2:50 pm Eligible Snapdragon products include eight mobile processors, four LTE modems and additional related silicon technologies and software. The bug bounty program will be administered through the Qualcomm Technologies business unit in conjunction with HackerOne. The program, Qualcomm claims, is the first of its kind for a major silicon vendor. “With Qualcomm Technologies’ vulnerability rewards program they will continue to build vital relationships with the external security researcher community and supplement the great work their internal security team is doing,” said Alex Rice, chief technology officer for HackerOne in a prepared statement. Qualcomm joins a number of high-profile and recently launched bug-bounty programs. Earlier this month the Department of Defense awarded a contract to HackerOne to bolster the cyber security of the U.S. Army’s digital assets. That complemented another investment by the U.S. government with Synack, which was picked to create a bug-bounty platform for the IRS. HackerOne also had a high profile Hack the Pentagon bug bounty program which ran from April 18 to May 12 earlier this year. Qualcomm and HackerOne said that 40 security researchers have been invited to participate. The bounty program includes a list of chipset models eligible for submissions, along with software components that include Linux kernel code (part of “Android for MSM”) and WLAN and Bluetooth firmware. At the top range of the bounty program are $15,000 rewards for critical bugs tied to Snapdragon cellular modems. Rewards of $9,000 are tied to ‘critical’ Trusted Execution Environment, or TEE, and bootloader vulnerabilities. Security vulnerabilities rated ‘high’ payout between $5,000 and $4,000. Vulnerabilities considered ‘medium’ and ‘low range’ offer rewards of $2,000 to $1,000. Not eligible, are issues tied to OEM modifications, some denial of service issues and bugs tied to PC software such as USB drivers, according to HackerOne. Qualcomm said the rewards program is effective starting November 17. Qualcomm’s bug bounty program comes on the heels of this summer’s revelation of four massive vulnerabilities, dubbed Quadrooter, which impacted over 900 million smartphones running Qualcomm chipsets. Security research firm Check Point discovered the vulnerabilities and said they could allow an attacker to elevate privileges on top Android handsets and give an attacker complete control over targeted devices. In October, Google released the last in a series of patches addressing the vulnerabilities.

See more at: Qualcomm and HackerOne Partner on Bounty Program https://wp.me/p3AjUX-vKy