Distributed Fingerprinting with Scannerl

Kudelski Security is proud to announce the open-source release of Scannerl, its distributed fingerprinting tool. Scannerl Scannerl is a modular, distributed fingerprinting engine implemented in Erlang. It is to fingerprinting what zmap is to port scanning. This tool enables easily distributed fingerprinting among a large number of hosts and circumvents limitations of scale and speed, which are the principle challenges of today’s fingerprinting … Continue reading Distributed Fingerprinting with Scannerl

Configuring YubiKey for GPG and U2F

Here is a little walkthrough on how to get started with the YubiKey and GPG. After following this guide you will have a secure setup using a YubiKey containing your GPG keys as well as an authentication key that could be used for SSH. Moreover the configured YubiKey will also be capable of U2F and managing a password store (for examples, … Continue reading Configuring YubiKey for GPG and U2F

Do not create a backdoor, use your provider’s one !

It was recently shown by the Mirai botnet or Linux/Moose worm that more and more connected devices can run a large scale DDoS. As an example, I'll provide here a small analysis showing that the problem is even more complicated since we sometimes have to live with old devices which have not been updated by Internet providers. A … Continue reading Do not create a backdoor, use your provider’s one !

iOS malware: myth or reality?

Introduction The 2015 DBIR report from Verizon contained a small section on mobile malware but the part on iOS said that all alerts on this platform were all false positives that were in fact triggered by Android devices ("most of the suspicious activity logged from iOS devices was just failed Android exploits"). This is great as … Continue reading iOS malware: myth or reality?

Drones – A hacker’s playground

Unmanned Aerial Vehicles (UAVs) offer new perspectives, both from a civilian and a military standpoint; yet, they present vulnerabilities having the potential to lead to disastrous consequences regarding public safety if exploited successfully, as evidenced by recent hacks. These repercussions can be prevented by implementing best practices, continuously assessing the technologies used and most importantly … Continue reading Drones – A hacker’s playground

TROOPERS 2016

I recently attended the TROOPERS conference, held in Heidelberg, Germany. A lot of interesting research was presented, in this blog post I’m going to summarize selected talks that I particularly enjoyed. The first presentation was by Philippe Teuwen, where he demonstrated his latest attack on white-box cryptography. The idea is to apply existing hardware attacks such as side-channel … Continue reading TROOPERS 2016

How to crack Ubuntu encryption and passwords

During Positive Hack Days V, I made a fast track presentation about eCryptfs and password cracking. The idea came to me after using one feature of Ubuntu which consists in encrypting the home folder directory. This option can be selected during installation or activated later. If you select this option, nothing changes for the user … Continue reading How to crack Ubuntu encryption and passwords