About Administrador

This author has not yet filled in any details.
So far Administrador has created 238 blog entries.

DNS Water Torture: how not to drown in this tsunami of requests

By |24 May. 2023|Cyber for all Blog|

Through DNS Water Torture, attackers send an avalanche of requests to saturate the capacities of DNS servers and cause a denial of service Companies are the main target of many cybercriminals. And in many cases, DNS servers are the yellow circle at which they aim their arrows. Thus, through denial-of-service attacks such as DNS Water Torture, attackers try to deny DNS service and prevent access to web services, among others. DDoS attacks attempt to disrupt the activity of websites and organisations' systems by launching vast volumes of requests. Also known as distributed denial-of-service attacks, they seek to saturate server capacities, causing a collapse and impacting the experience of legitimate users. Attacks of this nature have taken place more than two ...

Read More
Comments Off on DNS Water Torture: how not to drown in this tsunami of requests

CVE-2023-32233: Privilege escalation in Linux Kernel due to a Netfilter nf_tables vulnerability

By |18 May. 2023|Tarlogic's Blog - Cybersecurity|

Recently, a user-after-free vulnerability (CVE-2023-32233) has been published that would allow unprivileged local users to obtain root permissions on Linux Kernel versions 6.3.1 and earlier. The issue, which was reported by researchers Patryk Sondej and Piotr Krysiuk, is due to improper handling of anonymous sets in the Netfilter nf_tables module that can be exploited to execute read and write actions in the kernel memory space. It should be noted that the affected nf_tables module is enabled by default in many Linux distributions, so the number of potentially affected systems is high. Although the vulnerability was reported on 8 May 2023, functional proofs of concept are being released in public repositories in the recent days, and show successful execution of the ...

Read More
Comments Off on CVE-2023-32233: Privilege escalation in Linux Kernel due to a Netfilter nf_tables vulnerability

CVE-2023-27363: Proof of concept for remote code execution in Foxit Reader

By |15 May. 2023|Tarlogic's Blog - Cybersecurity|

Following the initial announcement of a critical vulnerability (CVE-2023-27363) which allows remote code execution in Foxit Reader, a functional proof-of-concept has recently been released that shows the exploitation of the vulnerability through the creation of a specially crafted PDF document. The following GIF published on Github shows the PoC execution: Foxit Reader is a free popular PDF document reader that is widely used, and is often chosen as an alternative to Adobe's PDF document reader. The vulnerability CVE-2023-27363, which was initially reported by the researcher Andrea Micalizzi, exploits a problem in the handling of certain JavaScript code when validating the cPath parameter in the exportXFAData method. This situation allows arbitrary writing of files in the system in the context of ...

Read More
Comments Off on CVE-2023-27363: Proof of concept for remote code execution in Foxit Reader

Fancy Bear and where to find them

By |28 Mar. 2023|Tarlogic's Blog - Cybersecurity|

Spain has been targeted by several APT (Advanced Persistent Threat) recently [1], amongst which we can find APT-28, also known as Fancy Bear. This group has many different names, depending on the researched referring to them. Some of those names are: Sofacy, Group 74, Pawn Storm, Sednit and Strontium. Here we will refer to this group as Fancy Bear. Who is Fancy Bear? Fancy Bear is a Russian APT group, which is supposedly related to the GRU (Russian Chief Intelligence Office). They started acting between 2004 and 2004 and their main goal is espionage and information theft. They are specially interested in information that could be useful for the Russian government. Because of this, they normally target sector related to ...

Read More
Comments Off on Fancy Bear and where to find them

BlueTrust, goodbye to Bluetooth privacy

By |8 Mar. 2023|Tarlogic's Blog - Cybersecurity|

BlueTrust is the name of a new technique developed by Tarlogic that makes it possible to discover trust relationships between Bluetooth devices to obtain data of interest about their users. We continue with the series of research articles on Bluetooth technology and the existing attacks on this protocol. Previously, the BIAS and BLESA attacks (introduction to BIAS and BLESA attacks); and KNOB and BLURtooth (KNOB and BLURtooth attacks) were analysed theoretically. This article presents how to reproduce and implement BIAS and KNOB attacks. As one might expect, the leap from the academic (and theoretical) world to the real (and practical) world is neither immediate nor straightforward. The main problems and obstacles encountered and how they have been overcome will be ...

Read More
Comments Off on BlueTrust, goodbye to Bluetooth privacy

SIM swapping, when your phone, and your money, are out in the open

By |20 Dec. 2022|Cyber intelligence blog|

SIM swapping fraud, the lawless duplication of a cell phone card to impersonate a person's identity, is growing. As a result, operators and banks are already reinforcing their cybersecurity structures to contain the problem Can you imagine getting out of bed one fine morning, opening your online banking app, and discovering that your bank account balance has blown up? You may not know it at the time, but you may have fallen victim to SIM swapping. Unfortunately, one of the many digital frauds that prevail in this age is frauds that cyber intelligence services work every day to contain. Furthermore, SIM swapping is a simple fraud. It consists, in short, in illegitimately obtaining a duplicate of a person's cell phone ...

Read More
Comments Off on SIM swapping, when your phone, and your money, are out in the open

IoT Security assessment

By |16 Dec. 2022|Tarlogic's Blog - Cybersecurity|

Discover the IoT security assessment with best practice guides on each of the different stages of an IoT security audir that we have discussed in previous OWASP FSTM methodology articles The Internet of Things (IoT) sector has experienced exponential growth over the last few years. The launch of 4G networks provided the impetus this sector needed to deploy communications effectively and cheaply. The current deployment of 5G networks will be another turning point in this highly competitive market, making IoT security assessment a must in the years to come. On the other hand, the proliferation of wearable devices (wearables) has not only generated a new market but has also created a new data-centric business model. Thus, the business paradigm has ...

Read More
Comments Off on IoT Security assessment

OWASP FSTM, Stage 9: Exploitation of executables

By |7 Dec. 2022|Tarlogic's Blog - Cybersecurity|

Exploitation of executables is the final step in a firmware analysis, in which an exploit is developed for a vulnerability discovered in earlier phases Vulnerability exploitation of executables techniques vary greatly depending on the type of vulnerability and the component they affect, although the most serious and damaging ones usually come from executables without the relevant security measures or that make use of vulnerable functions. If the previous analysis phases have been successful, at this point a vulnerability or hints of a vulnerability will have been discovered in one of the firmware components of an OT or IoT device. Sometimes that vulnerability is found in an executable, for which a proof-of-concept (PoC) or exploit can be written. PoCs and exploits ...

Read More
Comments Off on OWASP FSTM, Stage 9: Exploitation of executables

OWASP FSTM, step 8: Runtime analysis

By |29 Nov. 2022|Tarlogic's Blog - Cybersecurity|

Static analysis of the firmware and its executables provides only a limited amount of information about its operation and performing further analysis at that stage is inefficient in time and effort. Because of this, it is often necessary to continue the analysis in a dynamic environment, where the firmware and its components can be observed and manipulated in execution. Runtime analysis builds on the previous phases to gain access to the system's executables and internal processes, either in a real environment through administrator access or in a virtualized environment, built specifically for the executables of this firmware and where there is much more control over execution. In case of running the system on the original hardware, without emulation, it is ...

Read More
Comments Off on OWASP FSTM, step 8: Runtime analysis

OWASP FSTM, step 7: Dynamic analysis

By |22 Nov. 2022|Tarlogic's Blog - Cybersecurity|

The dynamic analysis phase is defined as the study of the running device in a real or emulated environment. For this purpose, the device is analyzed, trying to delve into possible vulnerabilities found in previous phases (essential for hacking IoT devices). For this phase, an emulation environment can be used that allows the firmware to be run without the need for the original hardware, as shown in the previous article. This method allows a more in-depth analysis of the system in case no debug hardware port has been found, since, in many cases, emulation frameworks allow to connect a debugger such as GDB to control the execution flow. Alternatively, when no hardware ports are available, the original hardware can be ...

Read More
Comments Off on OWASP FSTM, step 7: Dynamic analysis

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Privacy policy - Legal notice

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

Cookies policy