by Nate | Apr 7, 2015 | Products, Research
Sometime in 2012, when Cyber Fast Track was in full swing at DARPA, I had what I thought was a novel idea. People with “hacker mindsets” go through life finding “vulnerabilities”, “exploits”, “asymmetries”, or...
by Nate | Apr 6, 2015 | Security News
I recently learned that the Department of Homeland Security is soliciting bids from private companies to provide access to a database of license plate tracking. As usual, the devil is in the details. I want you to forget big brother for a minute. Stop imagining...
by digitaloperatives | Feb 23, 2015 | Capture the Flag
We began with no hint, and the file ‘cloudfs-31c938df3531611b82fddf0685784a2b67373305ec689015f193a555b756beb2’. The command file tells us that it is compressed data. $ file cloudfs-31c938df3531611b82fddf0685784a2b67373305ec689015f193a555b756beb2...
by digitaloperatives | Sep 25, 2014 | Research
Just wanted to post a quick alternative of Metasploit’s VMWare Fusion CVE-2014-6271 exploit ( metasploit-framework / modules / exploits / osx / local / vmware_bash_function_root.rb ) for local shell use. hephaestus:~ jdugie$ for cmd in "cp /bin/bash /tmp/"...
by digitaloperatives | Sep 22, 2014 | Capture the Flag
The annual NYU Polytechnic School of Engineering Cyber Security Awareness Week (CSAW) Capture The Flag (CTF) competition online qualifiers were held September 19-21, 2014. This is a writeup of one of the Exploitation challenges we solved: "saturn". The...
by digitaloperatives | Feb 13, 2014 | Research
[toc] Hard Problems As cybersecurity researchers, we deal with computationally hard problems all the time. Finding a hash collision… determining the user inputs that can assign a certain value to a tainted EIP… deciding whether a black-box binary is...
by digitaloperatives | Feb 6, 2014 | Research
First of all, thanks for all of your positive feedback on our recent post on physical security. One of the comments we’ve received multiple times is that these types of locks and the practice of using mnemonics for their codes is primarily limited to government...
by digitaloperatives | Jan 31, 2014 | Research
Digital spin locks like the Kaba Mas X-09 and X-10 are very common for high security applications like vault doors. US General Services Administration approval means that they are nearly ubiquitous in securing government filing cabinets that contain documents that are...
by digitaloperatives | Jan 30, 2014 | Capture the Flag
We are given a file, “task.exe,” and told that “smthg wrong with this env.” Running `file` tells us that this is not an EXE at all: it is an x86_64 ELF. We try to run it and quickly determine it expects a certain command-line...
by digitaloperatives | Jan 29, 2014 | Capture the Flag
The description of the task is that the program has been stuck “in a blender.” Upon opening the program in IDA Pro, it is clear the bytes have been modified, since there are nonsensical instructions and a large block of undecipherable bytes. It is...
