Aditya K Sood's (0kn0ck) Blog

Infosecwriters feature End Point Malfeasance Article.

Link:
http://www.infosecwriters.com/texts.php?op=display&id=544

[Zknk]

The new article End Point Malfesance Released.

Link:
http://zeroknock.metaeye.org/mlabs/endpointmal.html

[Zknk]

View
This method is quiet useful for inverse mapping the targets for host alive checks.The point will be proved through the scapy via packet crafting.In this we will discuss about inverse mapping with or without padding to compare the results.We know with some tools the response like host unreachable or no response with tool like hping.

Some Considerations:


Look at this:
send()
ans,unans=srloop()
ans.summary() --> get to you to the answer of the packet sent.
unans.summary() --> get to you to the unanswe response.


0xc] The question of padding is ,I used it in just a raw data to be attached and to check it has some implications or not or whether it is changing the output stats.

Example:- For syn scan if u set "S" packet with same stats you will get "SA".If you try "F" , the closed port will reset it and open port will not respond.

Lets check:

Inverse Mapping:
This technique describe the packet crafting with some padding bits.we will analyse whether the response have some effect or not.I will prove this by srloop command of scapy and craft the packet.Acc to our stat and the technique the result should fail the packet.Lets look at snapshot below.

















If you look clearly you will see the packet from our machine is continuously going to the destination but there is a skip in packet from the other side.This indicates according to the concept about the packet should failed.Thats what happening.

Thats the concept.
[Zknk]

Analytical View

The hardware based key logging is some what different in it working specification. This type of keylogging is independent in its context because there will be no cross linkage functioning of software based keyloggers.The fact lies in the case that this hardware keylogging is PRE dynamic in its working which means keystrokes get captured before where as the software keyloggers are POST dynamic which captures key after the system orientation.

Moreover these type of hardware loggers are Operating system independent where as software type depend on the system internals.The working of hardware specific is external which is vice versa in other type. The USB loggers store the keystrokes in transparent way before these are passed to the system , it’s a kind of ABSTRACT TRACING the periphereals through which all information is captured without the intervention of any system related activity.

The keystrokes that get logged can be stored in encrypted way or not that depends on the user specific need.The best part about the hardware key logging is that it can even log the BIOS passwords which is not possible in software type.This is the most profound functioning of hardware specific keyloggers.These can be called as converters for those who don’t know anything of core but in reality it is a logger that logs the keystrokes even acting as a converter.

The major drawback of this kind is that it requires physical access to the system since a hardware is to be plugged as an external device for system. No notifications are being received by the hardware key loggers which relates to system change or internal activity or sysetm crash.It work like a hidden tracer.

[Zknk]

Abstract:
Recently I am reading a news at cgisecurity about thelatest Ajax lockdown framework proposed by someone.The framework is based on the concept of fusing ajax applications with direct web remoting.The stress is laid on the client server communication and the main point of talk is encrypting the client data and decrypting on the server side.The algorithm blowfish is used and the security is defined on that part.The main point that kept in mind is the traffic intruding ,the support for protocol like HTTP/HTTPS is also there with TLS.The security mechanism is bit elaborated on the basis of user data privacy.The concept that is undertaken is the encryption towards the user defined data in the web form mainly where user data privacy is concerned.The data which is incorporated in the web application is encrypted and is stored on the server with the back end defined as the database.I have found some contradictions against this definitive framework which i am going to list in front of the community.

For more reading get on to:
http://zeroknock.metaeye.org/mlabs/ajaxlock.html

[Zknk]

The rogue XML specification article gets featured at Linux security - security tips section.

Link
http://www.linuxsecurity.com/content/blogcategory/108/177/

[Zknk]

The new article has been released at the metaeye portal.
Link
http://www.metaeye.org/articles/38#more-38

[Zknk]