Elevation of privilege

--Originally published at miguel.net

Elevation of privilege or privilege escalation is a group of attacks, where the attacker gets can perform an action that he originally didn't had permission to do by exploting a bug, a design flaw or a oversight configuration [Wikipedia].

"So, if I 'accidentally' opened a file that was on the folder of an administrator, then I had performed that kind of attack?" Actually, yes, if you were supposed to don't have access to that file.

Now, lets talk about Windows, it is not a surprise that Windows is one of the most attacked OS, so a lot of vurnerabilities had been found and patched but there is also that weird config under the system that is made to keep you safe but comes unsafe by default. One of those configurations is the one that allows any system to install with all privileges, even adding new users and making them part of the administrator group, so as you can imagine, full access for that user on the system.

A great repository to test your settings is the one from PowerShellMafia, the repository is PowerSploit, please note, this scripts are meant for testing, any other use maybe considered illegal. Also, it is important to note that at least Windows Defender blocks all this scripts as trojans, in fact, they are trojans but in good hands, any weapon can be used for good.

To check this attack been used you can watch the video from the YouTube channel Security World, he makes a really good explanation about the attack, and what I find interesting about this particular aproach is that it is creating a MSI installer that creates a new user with admin privileges, and then your imagination can fly, you can open anything, activate remote desktop, anything. Continue reading "Elevation of privilege"

A password with salt and pepper!

--Originally published at Paco's adventures

When you hear about a platform/company having passwords leaked or stolen, yeah you should be worried but not a lot like going crazy if you know that they (the platform/company) have good encryption with a little bit of salt and pepper and they reset your passwords when you forget them, what do I mean by these two things?

First the salt and pepper. You all know that the passwords have to be encrypted for security reasons, in this context “salt” means adding more words to the password the user types in, for example: I type “CatDog”, the platform adds “R4%” (the salt part) to what I typed so it becomes “CatDogR4%” and then it encrypts it so the encrypted password becomes more difficult to decipher it.

You might say: “This is useless if the hacker finds out what the ‘salt’ is” and you are right but that’s why the pepper, the pepper is like the salt but dark…. Okay it was bad joke but seriously the pepper is like the salt but it’s random, using the example from before: I type “CatDog” and the system adds a random letter and the “4%”, it becomes “CatDogY4%”; the hacker has to spend more time because of the random part. You can say both salt and pepper are really useful, but none of this matters if the company doesn’t use them, but how do you know if they even encrypt your password? This brings me to the second point.

When I said that it’s good that when the platform asks you to reset your password when you forget it’s because they REALLY DON’T KNOW YOUR PASSWORD. They may have a database with the passwords encrypted, but they can’t de-encrypt them, that’s why when you forget your password they don’t send you an email Continue reading "A password with salt and pepper!"

Evitar filtración de información en Facebook

--Originally published at miguel.net

El caso de Facebook con Cambridge Analytica ha sido muy sonado en redes sociales y medios de comunicación en general. Se sabe que aproximadamente 270 mil usuarios de Facebook le dieron acceso consiente a la aplicación que se utilizó para minar datos de los próximos votantes de EUA, pero también se sabe que no solo se hicieron perfiles de esos usuarios, se hicieron perfiles de 87 mil millones de usuarios, esto por una característica de la API de Facebook, que permitía obtener la información de los amigos del usuario que aceptara los términos de la aplicación, por lo que ahora no solo se tenía la información de aquellos que conscientemente aceptaron, si no de todos los que no sabían de la existencia de esta característica.

Ahora, en cuanto supe de porque había sido el filtrado de tanta información me di a la tarea de desactivar esa característica para mi usuario. Aquí dejo una guía paso a paso.

Primero nos vamos a la pagina de configuración de Facebook.


Después, en la barra de la izquierda seleccionamos "Aplicaciones y sitios web".

Ahora, en el panel hasta abajo de la pagina, tenemos cuatro opciones, en el recuadro de la esquina inferior derecha está la característica que buscamos desactivar... o estaba, porque como podemos ver ya no existe y está marcada como obsoleta.
 

Después de un poco de investigación, podemos ver en este reporte que Facebook deprecó múltiples campos en bastantes endpoint para evitar lo que ya les sucedió con Cambridge Analytica, así que nos podemos sentir un poco mas "tranquilos" de que al menos, ahora nuestros amigos no van a poder filtrar nuestra información.

Vehicle cybersecurity

--Originally published at Security – Hermes's Blog

Resultado de imagen para tesla hacked

Today’s behicles feature driver assistance, like collision warning, automatic emergency braking and safety vehicle communications. The NHTSA (National Highway Traffic Security Administration) is exploring the full spectrum of its tools to ensure these technologies are deployed safely and effectively. It encourages the implementation of NIST Cybersecurity Framework. NHTSA promotes a multi-layered approach to cybersecurity by focusing on a vehicle’s entry points, both wireless and wired.

Malicious exploitation of security vulnerabilities in connected cars is a major problem, with news stories of hacking interfering with consumer acceptance of the current and future capabilities of vehicles.

The first well known security compromise of a smart vehicle, a 2014 Jeep Cherokee was hacked by security reserchers Charlie Miller and Chris Valasek in 2015, they were able to turn the steering wheel, disable the brakes and shut the engine down, all remotely. They also discovered that they could access thousands of other vehicles that were using the Uconnect entertainment and navigation system, common in Dodge, Jeep and chrysler vehicles.

It is good to know that automotive manufacturers and transportation compaines are well informed about these problems and are taking it very seriously, hiring cybersecurity experts as part of a concerted auto industry effort to greatly increase the strength of security features in cars.

Sources:

https://www.nhtsa.gov/technology-innovation/vehicle-cybersecurity

https://hackernoon.com/smart-car-hacking-a-major-problem-for-iot-a66c14562419

Cybersecurity in healthcare

--Originally published at Security – Hermes's Blog

One of the most terryfing things in cybersecurity is not our private data being leaked. Imagine our own health is compromised our healthcare data from an hospital is leaked, or even that some critical devices in our bodies could be manipulated remotely by others.

A Bayer MedRad device used to assist in MRI scans infected with the WannaCry ransomware.

A Bayer MedRad device used to assist in MRI scans infected with the WannaCry ransomware from Forbes.

Past year, when the WannaCry ransomware was a thing, some hospital networks were infected, causing hospitals to close their doors to new patients and halting treatments for other patients because they were not able to access the patient’s data records. A lot of healthcare data is being stored in the cloud, this has a expected growth rate of 20.5% by 2020, this is such a risk because, data in the cloud must be correctly protected, it requires robust encryption measures and appropiate authentication. 90% of hospitals run legacy applications to preserve patients data, these kind of applications can have serious security holes that a cybercriminal could take advantage of, they run old and unpatched operating systems (Causing the WannaCry infection).

Resultado de imagen para pacemaker security threats

Last year, St Jude Medical’s pacemakers had a security scandal. It turns out that half a million of patients’ pacemakers could be hacked to run the batteries out or even alter the patient’s heartbeat. The manufactured issued a firmware update (ha! an update for your heart, isn’t that cool?). They are all radio-controlled implantable cardiac pacemakers. The FDA (Food and Drug Administration agency) says that the vulnerability allows an unauthorised user to access a device using commercially available equipment and reprogram it, this could lead to the death of the patient. The security weakness was discovered by MedSec, a cybersecurity firm that specialises in researching vulnerabilities in the medical devices and healthcare industries, and it had previously

Resultado de imagen para artificial pancreas system
Continue reading "Cybersecurity in healthcare"

Rubber Ducky

--Originally published at Stories by Dennis Kingston on Medium

A month ago, on our course of Security, some classmates made a presentation about a USB that could take control of your computer in less that a second. I found it pretty interesting and that is why I’m going to talk about the Rubber Ducky.

Nowadays, is very important to know that USB’s are becoming an important weapon for cracking. This is why you need to have precautions when plugging in a USB to any computer. (It can be a Rubber Ducky)

The Rubber Ducky is a coded keyboard that once it is plugged in, it starts writing whichever commands were coded, on the terminal in order to have permissions to files, and in those movements, start listening to everything you do on your computer.

Finally I would like to remark that security is very important and we should make people more conscious about this subject, because I think there are a lot of people that don’t know this basic concepts and could lead them to be cracked and maybe lose information or be stolen their personal info.

If you want to know more about the Rubber Ducky: https://hakshop.com/products/usb-rubber-ducky-deluxe

Let’s talk about Bitcoins!

--Originally published at Paco's adventures

Hey everyone! I’m sure a lot of you have heard about the bitcoins and how are increasing and decreasing in value and that some people or countries are already using them or even banning them, but, Do you really know how they work or what exactly are? Do you know how to obtain them? Is it really safe to invest on them? Well, I’ll try to give you all this answers and also some data of bitcoins related to security.

First, What are bitcoins? Bitcoins are a descentralized cryptocurrency, follow up question: What is a cryptocurrency? It is a digital currency that uses cryptography to secure and verify transactions and also for the creation of more units.

Resultado de imagen para bitcoin

That’s a good explanation but I will add more to it. Bitcoin is digital money that it has no real value in real life (like gold or bills), just the believe that they have some other value in products. But how does it operate? Well there are a group of people in the bitcoin network, the maintainers, who have a copy of the ledger (book of financial accounts), and they are in charge of making sure the transactionsare correct and not a fraud. Each transaction has the amount, the accounts from where and to who is going that transaction and also a signature encrypted to make sure is the real person doing the transaction and not a fake account, each transaction has their own signature.

To make sure all the maintainers have the same ledger, all of them vote… with MATH! That’s right, they pull a math problem and the first who solve it, and also has a record of multiple problems solved, becomes the “leader” and everyone follows its ledger.

When they solve a problem, and also there is a fee for Continue reading "Let’s talk about Bitcoins!"

What was my password again?

--Originally published at Paco's adventures

Hello everyone! How you doing? Sorry for not uploading in a long time but now I’m back so let’s get to the main topic: Passwords, more specifically, remembering passwords and reusing them in different pages and accounts.

I’m gonna be honest, I’m really bad at creating and remembering different passwords for my accounts whether it’s for games, job, school or Netflix. Not only that but I usually use the same password with some variations like numbers, special characters and more.

giphy

Also, if I want to use a completely new password I write it down in a note where my other passwords are, and also my usernames, and I leave it on my desk. But then, if I don’t remember my username or password and I’m out, I’m basically screwed. Maybe there are people out there with a problem like mine, well in that case I found or rather my classmates and my teacher gave me a great solution: LastPass.

Resultado de imagen para lastpass

This is a great tool and it had helped me a lot. It is a password manager service that can be use in your web browser and what it does is that you create your account and you get you master password, after that when you enter your username and password for Youtube, Facebook, etc. your password gets locally encrypted. After that, not only you don’t have to type again both of them to enter, LastPass remember them and it doe sthe job for you.

Not only that but it also has a security test where it compares all your passwords in all the accounts and tells you how strong or weak are and how many times you repeat it how similar are they to others so you can take action and change them. When I did the test the first Continue reading "What was my password again?"

Upgrade your dependencies!

--Originally published at miguel.net

I recently revisited and old repository on my public GitHub, and I was impressed on how good is the platform, as soon as I was on the repository, I was checking I was received by a big yellow banner alerting me on a dependency vulnerability.












One of my JS dependencies is vulnerable! but when I checked the vulnerable dependency, I was surprised by how the vulnerability is really hitting me.









It is a dependency of one of my dependencies, and then I just started wondering, how may other packages or systems can be affected by things like this! It is not just a dependency, it is a dependency I trusted because I trusted on Chart.js.

Now, ASP.NET Core is one framework I use a lot, and .NET Core is the runtime on which it runs, since it is now open source, I decided to take a look at their announcement repository, just to know if they have something where they tell everyone about a known security issue. To my surprise, they do have a tag of security, and they are continuously updating it, on the .NET repository as well in the ASP.NET repository.




So, now lets take a look at one of those issues, Elevation of Privilege is a common attack on windows systems, so having those kind of problems on a server in a cloud platform seems like a bad idea, lets take a look at the most recent Issue. And to my surprise, it is very well documented, it has all the necessary info about which software is affected and how to be safe, which versions of the runtime or packages are already patched so you can update to those ones.

Conclusion
As maintainers of our own services, we should be aware of this kind Continue reading "Upgrade your dependencies!"

Public Wi-Fi networks

--Originally published at miguel.net

I love visiting different places to eat, like restaurants or small business that serve great food, and beer. As part of my weekly visit to one of those places, I found that their Wi-Fi router was vulnerable to one of the most common and easy attacks, getting into the administrative panel and do what ever you want, because the password was the default!

The process
First, I got the Wi-Fi password, which was cleverly written on a whiteboard on the wall in front of me. After login in, I just checked which was my default gateway and proceed to enter the address in my browser. And I got this page:

Resultado de imagen de hg8245h login page

Then I did what any person with minimum search skills could do, just searched for the default login password and username for that specific modem, which was cleverly publish on this website.










I entered those default username and password and boom! I was in, just got access to the full administrative panel of a place where they have a computer for accepting payments, where Rappi or Uber eats can place orders, and also where they use a terminal to make charges to credit and debit cards.





After that I immediately told my waiter that I needed to talk to the manager, then he showed up and I explained to him what I did, and how easy it is to find those kind of things, he completely understood the problem and fixed it by the next day with some help, and he offered me a beer for the finding, so everyone was happy at the end of the day.

Conclusion
This wasn't my first experience with a problem like this, and I also tried to reach some managers from other places with this problem, some of them seems to not be Continue reading "Public Wi-Fi networks"