The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1

Since the April 14th leak of the Equation Group’s hacking tools, I have been busy testing (and decompiling / reversing) the tools, understanding and documenting capabilities, and identifying potential indicators of compromise (IOCs). My goal is to build documentation and IOCs that we at Kudelski Security (and other organizations) could leverage to identify these tools, … Continue reading The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1

How (not) to break your (EC)DSA

During an internal project pertaining to automated cryptographic testing, we discovered that many implementations don't respect standard specifications, especially signature algorithms. Let us take a deeper look into it. We will mostly discuss the DSA and ECDSA algorithms and their respective domains and parameters. It is important to know that both of those digital signature … Continue reading How (not) to break your (EC)DSA

Hunting for Vulnerabilities in Signal – Part 3

Previous posts (part1 and part2) by Markus Vervier (@marver) and myself (@veorq) were about the Java code base and the Android client, now we'll discuss two bugs potentially affecting users of libsignal-protocol-c, the C implementation of the Signal protocol. More precisely, we identified bugs in the example callback functions used in the unit tests of … Continue reading Hunting for Vulnerabilities in Signal – Part 3

Angr management: first steps and limitations

Introduction Last summer I took some time to finally learn about Z3 as I was solving some crackme (see Using Z3 to solve crackme) but in order to stay true to my hipster reputation I had to try something cooler this year: angr. This tool has already been used numerous times during CTF but rarely with a … Continue reading Angr management: first steps and limitations

Drones – A hacker’s playground

Unmanned Aerial Vehicles (UAVs) offer new perspectives, both from a civilian and a military standpoint; yet, they present vulnerabilities having the potential to lead to disastrous consequences regarding public safety if exploited successfully, as evidenced by recent hacks. These repercussions can be prevented by implementing best practices, continuously assessing the technologies used and most importantly … Continue reading Drones – A hacker’s playground

A perspective on the state of the SSLiverse as of early 2016

tl;dr; Most studies about SSL tend to use SSL information retrieved by DNS domain names. This article provides an overview of the SSLiverse when SSL information is retrieved from each SSL enabled host in the IPv4 range on port 443. With today's state of the art scanning tools and proper infrastructure, it is now possible to … Continue reading A perspective on the state of the SSLiverse as of early 2016

Honey! Where is my POS??

Introduction Not a month goes by without news about another new POS (point-of-sale) malware or credit card data breach. Obviously, details of this kind of breach cannot be made public (banks, ongoing investigation, reputation …). But what do we know really about POS malware? Can we create groups of malware and relate them to groups of cyber … Continue reading Honey! Where is my POS??