Peekaboo! I Own You.
|
|
- Candace Dalton
- 6 years ago
- Views:
Transcription
1 Peekaboo! I Own You. The Tale of Hundreds of Thousands Vulnerable Devices with no Patch, Ever. Amit Serper Cybereason Inc. Yoav Orot Cybereason Inc. Abstract This paper details how crafting a special HTTP request allows us to get a device s administrator password and fully control it. Also, by accessing a certain webpage in the administration panel, a full root shell can be achieved by injecting a specific command. This paper covers the reverse engineering process of the product, the vulnerabilities discovered and their ramifications. 1
2 Introduction In this paper we will demonstrate how a specially crafted HTTP request is used as a vector to a fully compromise the product by detailing numerous zero-day remote vulnerabilities. In this paper we will fully demonstrate the following: Bypassing the web authentication mechanism by crafting a special HTTP request Launching a socket binding shell Redirecting a port to the socket binding shell by leveraging the UPNP client on the product We have two goals in this paper. First, we want to show how insecure this product is and how it s developers never took security into consideration. Second, we want researchers and developers to look at the big picture when it comes to embedded systems security. The vulnerabilities we discovered give attackers root access to the camera, allowing them to do whatever they want to the devices, including enslaving them into IoT botnets. These flaws, when exploited, can threaten the Web s ability to function, as we saw with the Dyn attack in October Product overview The product is a very affordable IP surveillance camera with many features such as motorized control, wireless connectivity and an SD card slot to save recorded videos. But its main feature is a plug- n -play system that allows users to connect to their camera from anywhere using a mobile app without the hassle of dealing with nat traversals or port forwardings. 2
3 The cameras are manufactured by a white-box vendor, making tracing their origins and what companies are selling them difficult. We managed to identify 31 vendors that are selling vulnerable cameras. We decided to name one vendor -- a Chinese manufacturer called VStarcam -- since their cameras can be easily purchased on Amazon and the company made claims on its website that users will no longer have security vulnerability worries with the device since it tells them if they have a weak password. Figure 1: Camera advertisement from Vstarcam's website The plug- n -play feature is the very feature that makes the camera such an interesting device to research. The reason is that the plug- n -play system is in fact a vendor managed solution in the form of a cloud. Every camera has a unique ID (in the form of a QR sticker on the camera) that identifies it inside the vendor s cloud and authenticates it with a password, which is also on the same sticker (the default passwords are the same for all the cameras). Theoretically, if attackers possess the victim s unique ID and password, they could watch the camera s image and control it. Analyzing the target device As always with embedded systems, firmware analysis is the best and easiest way to start since vendors usually include firmware update images in their website. Unfortunately, unlike other popular embedded devices, this device is not made by a well-known vendor, hence, firmware upgrades are not in priority. We could not find firmware files anywhere on the Internet so we had to extract them from the product. 3
4 There are several ways to extract firmware. The standard (and more complicated) approach if there is no shell access to the device is to take the flash storage chip off the circuit and read the data directly from it. This approach is usually rather complicated and not for resource-less researches such as us. Luckily, most of those IoT devices have UART headers on their circuit board. That allows one to solder and connect wires to the appropriate headers and achieve an effect that s the equivalent of plugging a monitor and keyboard directly into the console. In our case, it took us about 30 minutes to find the RX, TX, ground and VCC headers on the board using a bus pirate device. Figure 2: Using a BUS Pirate to find the UART headers After successfully locating the UART (serial) ports on the board we rebooted the camera in order to see if we can see it booting. Luckily enough, we guessed all the parameters correctly and got the following boot log, which finished with a root shell: See Appendix As seen in the image, the camera is running a version 2.6 Linux system and we now have a busybox root shell on it. While trying to work on the camera s shell using the serial connection, our console was constantly bombarded by debug error messages (caused by the disconnected camera motors). Since we now had a root shell on the device, getting the firmware itself was as easy as using the dd program on the camera in order to read the raw file system from /dev/mtdblock0 and write to the camera s SD card so that we could further analyze the firmware. 4
5 As we examined the files on the camera s file system, we took special interest in the ones that existed in the webserver s root directory since we were looking for any file that might have anything interesting in it. We found an interesting file called system.ini. This is a binary file which contains the camera s running configuration settings,including the administrator s password. We realized that by disassembling the webserver s binary and looking for any occurrences of this file in the disassembly, we found that this file is being read and parsed by the webserver on its start time: Figure 3: system.ini being read by the webserver IDA Pro screenshot disassembly Since we know that system.ini contains the password and it is in the server s web root directory, we tried accessing it directly through the browser by visiting but we were greeted by the unfortunate authentication dialog. No luck. Since most consumer embedded devices are controlled and managed by the web administration system, it is very common that the webserver running on the embedded device is a vendor modified version of an open source webserver. The first step would be to try to identify the webserver by sending a HEAD / HTTP/1.1 HTTP request. Figure 4: Sending a HEAD request to the camera's HTTP server As seen in the image, the camera is running the goahead webs webserver. Goahead is a very popular open source webserver among embedded devices developers since it allows developers to implement a lot of custom features into the webserver itself, leading to a single lightweight binary executable that contains almost all of the features and functionality of the device in it. This is why the webserver makes the perfect penetration vector and creates the biggest attack surface in embedded devices. 5
6 As said in the previous paragraph, the webserver is being used to both manage the camera and view the images or video that the camera is taking (assuming that you do not wish to use either the camera s Android or iphone app or its built-in RTSP server). When the user is accessing the camera s IP address on port 81 (the default port for the camera s webserver), the user is prompted with a standard authentication request. Figure 5: Authentication prompt Since goahead is an open source product, we decided to look at its source code and look for ways to bypass the authentication. The code of the authentication function was fairly straight forward and nothing interesting was found there, so we decided to look somewhere else. Since the URL is the first user controlled string that an HTTP server meets, we decided that we should look at the logic of the URL parsing. 6
7 We started by looking at the websgetport() function: Figure 6: websgetport() GET /index.asp HTTP/1.1 Figure 7: Legitimate HTTP request 7
8 When the server is parsing a URL, it looks for the first / in the URL and uses s a delimiter to figure out the structure of the request. If the url[7] has a / in it, then it means that the structure of the HTTP request is legitimate and the regular flow of the program will continue; the server will check if the requested URL is protected (requires authentication) or not and normal behavior will continue. But as we looked more and more into the sources, we could not find any code that handles any exceptions.this raised a serious question: What would happen if we sent a malformed HTTP request that does not start with a /? A request like this one: GET index.asp HTTP/1.1 Figure 8: Malformed request Normal webserver behavior would be to return back the the HTTP 400 bad request error code. But no, this isn t the case with this version of goahead. The developers tried to stay as minimal as they could with their code. As far as they expected it, as you can see by looking at the websparsefirst() function, the way an HTTP could be invalid is if it won t be a GET, POST or HEAD. The structure of the request does not matter, it s only the type! Figure 9: websprasefirst() Bad request handling 8
9 So by now we had a theory that sending a malformed HTTP request may cause unexpected behavior in the form of just sending us the raw file that we are (brokenly) GET ing. What better way will be to test this theory than by sending a malformed request for system.ini! After going through all the source code in all of the versions of goahead webs that we could find and looking at the websparsefirst() function, we noticed that a fix for that bug was added by Luigi Auriemma: Figure 10: Broken request fix by Luigi Auriemmahandling As you can see, that fix was added in January This paper was written in January That means that this product, which is still being perpetually sold in stores to this day, doesn t ship with a 0day (that we had thought we discovered) but with 4745-day! It also means that every other product (be it an embedded device or whatever) is vulnerable to this ancient bug. Figure 11: Getting system.ini using a malformed HTTP request Success! The server sent us the contents of the system.ini file, which meant that we now had the camera s password. We could now authenticate to it. Since we now have a way to authenticate legitimately to the camera we can modify, view and control anything within the configuration page that also includes the viewing and streaming of the live feed from the camera. 9
10 While the authentication bypass trick is nifty, that still isn t code execution. There are many ways to achieve code execution on such devices. The common approach is usually a stack buffer overflow. The problem is that such overflows are cumbersome to research. You need to traverse the code and look for unsafe calls and lack of boundary checks and also write shellcode and debug it. In this case, finding a code execution exploit was rather simple. While navigating through the camera s configuration pages we noticed one of the configuration pages, mail.htm. This page allows the user to configure mail notifications from the camera for miscellaneous cases (i.e movement detection) that will cause the camera to send an notification to the user. As you can see in the image, the user must first provide all of his SMTP server details and credentials for this function to work. Since this function was added by the camera s manufacturer to the webserver s source code, this is not part of the open source code that could be pulled from Goahead s GitHub page so some disassembly is required. IDA Pro identifies this function as aechosmailxasss() as can be seen in Figure 12 it is pretty easy to spot the problem there: Figure 12: loc_533d4 disassembly that calls aechosmailxasss() 10
11 The webserver simply executes echo and string formats the user input from the mail.htm form page without any sanitation. That opens up the door for a classic command injection attack by simply setting one of the options in the form to ;<command>. Moreover, since the webserver is executed as root, the commands that will be injected by the attacker will be executed with the highest privileges. After all of the malicious commands were placed in the appropriate field, all the attacker has to do is to click the Test button. That will cause the code to pass the parameters out to echo and once the malicious parameter with the semicolon (which will be placed in the Receiver 1 field) in it will be processed, the system will execute that command. Figure 13: mail.htm configuration page with malicious input That means that we now have two exploits. One 0day/4545-day that allows us to retrieve the camera s admin password and a 0day that allows us to execute commands as root through the camera s mail settings page. 11
12 The code to use both vulnerabilities, including the parsing of the system.ini binary file, boils down to 61 lines of python code (that I m sure that could be narrowed down and tidied up nicely to less code): 12
13 The above code will cause the camera to execute a telnet daemon running on port The following question is asked: What if the camera is behind NAT and only the web port is forwarded? What about port 4444? This makes this exploit useless since there is no reason for port 4444 to be forwarded to the camera. This is where UPNP comes into play. This protocol was created to make port forwarding a non-issue for programs and devices that are connected to the network. UPNP saves users from the long and sometimes cumbersome process of explicitly forwarding ports from their routers to their computers and other devices to make them accessible from the Internet. UPNP takes care of that automatically with the only one prerequisite: UPNP has to be enabled on the router, which it usually is by default. UPNP works in a client/server architecture where a UPNP client sends a request to the UPNP server and asks for a certain port to be opened and redirected to a specific IP for a certain time. The length of time could be anywhere from 1 second to infinity. It depends on the server. Our camera makes use of UPNP for the sake of user friendly-ness when forwarding various ports for the camera. In order to set the UPNP forwarding, the camera vendor implemented several UPNP functions into the webserver. These functions are also not part of the open source code and were reverse engineered. The main functions that handle UPNP port mapping is a function that we ve called SetUpnp(). This function holds a list of all of the port forwardings that are needed by the camera and then calls another function that we ve renamed CallUpnpc(). That function actually sends the UPNP requests to the router. To our surprise, the UPNP client itself was not implemented as a part of the webserver. Figure 14: Disassembly of CallUpnpC() (renamed) 13
14 But again, just like the in the case of the mail notification page, the webserver is using system() to execute a binary called UPNPC and passing the ports as parameters. That means that using our command injection exploit we could call the same UPNPC binary and open the ports for ourselves: Figure 15: upnpc-static being executed with no arguments on the camera Conclusion So why not just throw out the cameras that are impacted by this vulnerability? Not every person wants to toss out these devices and, more importantly, there are already hundreds of thousands of these devices already connected to the Web. This means the bad guys can see every image on the camera or load it with Mirai malware. Plus, sending these cameras to the trash heap wouldn t solve the greater problems around IoT security. There are other connected devices out there that are just as vulnerable and can be hijacked and commandeered into the joining an IoT botnet. Talking about these vulnerabilities is meant to show how easy it is to hack IoT devices and why security can't be tacked on after a product is released. 14
15 Appendix 15
16 16
17 17
18 18
19 19
20 20
21 21
22 22
23 23
24 24
25 25
26 26
27 27
28 28
29 29
UART Thou Mad? An Introduction to the UART Hardware Interface. Mickey Shkatov. Toby Kohlenberg
UART Thou Mad? An Introduction to the UART Hardware Interface Mickey Shkatov Toby Kohlenberg 1 Table of Contents Abstract... 2 Introduction to UART... 2 Essential Tools... 4 UART and Security... 5 Conclusion...
More informationHello? It s Me, Your Not So Smart Device. We Need to Talk.
SESSION ID: SBX1-R2 Hello? It s Me, Your Not So Smart Device. We Need to Talk. Alex Jay Balan Chief Security Researcher Bitdefender @jaymzu IoT is not optional 2 IoT is not optional IoT = hardware + OS
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationJacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013
Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive
More informationIt was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to
1 2 It was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to keep putting garbage characters into the command
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationSecurity. 1 Introduction. Alex S. 1.1 Authentication
Security Alex S. 1 Introduction Security is one of the most important topics in the IT field. Without some degree of security, we wouldn t have the Internet, e-commerce, ATM machines, emails, etc. A lot
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationInstallation Guide. IP cameras recording to cloud + local NVR
Installation Guide V1.1 - Dec 2018 Page 1 1. How it works Manything Pro Cloud NVR Cameras Router 2. Pre-installation 2.1 Installation device All you ll need to connect your cameras to the Manything Pro
More informationSnort Rules Classification and Interpretation
Snort Rules Classification and Interpretation Pop2 Rules: Class Type Attempted Admin(SID: 1934, 284,285) GEN:SID 1:1934 Message POP2 FOLD overflow attempt Summary This event is generated when an attempt
More informationPut something on the internet - Get hacked. Beyond Security 1
Put something on the internet - Get hacked 1 Agenda About me IoT IoT core problems Software Hardware Vulnerabilities What should I do? About me Maor Shwartz Been interested in the field of security since
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationData Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi.
Data Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi Lecture 18 Tries Today we are going to be talking about another data
More informationIoT The gift that keeps on giving
IoT The gift that keeps on giving Contributors labs@bitdefender.com Radu Alexandru Basaraba - rbasaraba@bitdefender.com Alexandru Lazar allazar@bitdefender.com Mihai Moldovan - mimoldovan@bitdefender.com
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationEXPLOITING CLOUD SYNCHRONIZATION TO HACK IOTS
SESSION ID: SBX1-R1 EXPLOITING CLOUD SYNCHRONIZATION TO HACK IOTS Alex Jay Balan Chief Security Researcher Bitdefender @jaymzu 2 IoT = hardware + OS + app (+ Cloud) wu-ftpd IIS5.0 RDP Joomla app 3 EDIMAX
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationMagnetic base Indicator light Microphone Camera lens Micro SD card slot Infrared light Front Side Pivot connector Built-in speakers
Niro USER MANUAL Contents Introduction 4 Product Features 5 Niro LED Indicators 6 What s Included 7 Wi-Fi Requirements 8 Mobile Device Requirements 8 Garage Door Opener Requirements 8 Download the Momentum
More informationIRL: Live Hacking Demos!
SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Omer Farooq Senior Software Engineer Independent Security Evaluators Rick Ramgattie Security Analyst Independent Security Evaluators What is the Internet of
More informationHunting Security Bugs
Microsoft Hunting Security Bugs * Tom Gallagher Bryan Jeffries Lawrence Landauer Contents at a Glance 1 General Approach to Security Testing 1 2 Using Threat Models for Security Testing 11 3 Finding Entry
More information1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques
1 Bug Hunting Bug hunting is the process of finding bugs in software or hardware. In this book, however, the term bug hunting will be used specifically to describe the process of finding security-critical
More informationWI-FI GARAGE DOOR CONTROLLER WITH CAMERA USER MANUAL
WI-FI GARAGE DOOR CONTROLLER WITH CAMERA USER MANUAL Contents Introduction 4 Product Features 5 Garage Door Controller LED Indicators 6 What s Included 7 Wi-Fi Requirements 8 Mobile Device Requirements
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationServer Tips and. Tricks..
Server Tips and. Tricks.. Connect, Inc. 1701 Quincy Avenue, Suites 5 & 6, Naperville, IL 60540 Ph: (630) 717-7200 Fax: (630) 717-7243 www.connectrf.com Table of Contents OpenAir Windows Server Waiting
More informationDevice Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More
TrendLabs Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More Technical Brief TrendLabs Security Intelligence Blog Dove Chiu, Kenney Lu, and Tim Yeh Threats Analysts
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationCloud IP Camera Note:
Version:V2.0 Cloud IP Camera User s Manual Note: To protect your privacy, please change the initial password after login. Please keep your user name and password safely. Contents 1. Introduction... 2 1.1
More informationCounterACT Security Policy Templates
n Guide Version 18.0.1 Table of Contents About Security Policy Templates... 3 Tracking Vulnerable and Infected Endpoints... 3 Supported CounterACT Versions... 3 Requirements... 3 Installation... 4 n...
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationRBS Axis Products Management Web Interface Multiple Vulnerabilities of 9
RBS-2018-003 Axis Products Management Web Interface Multiple Vulnerabilities 2018-05-23 1 of 9 Table of Contents Table of Contents... 2 Vendor / Product Information.... 3 Vulnerable Program Details.. 3
More informationIf you experience issues at any point in the process, try checking our Troublshooting guide.
Follow along with this guide to set up your Omega2 for the first time. We ll first learn how to properly connect your Omega to a Dock and power it up. Then we ll connect to it to use the Setup Wizard to
More informationHow to Stay Safe on Public Wi-Fi Networks
How to Stay Safe on Public Wi-Fi Networks Starbucks is now offering free Wi-Fi to all customers at every location. Whether you re clicking connect on Starbucks Wi-Fi or some other unsecured, public Wi-Fi
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationWeb Hosting. Important features to consider
Web Hosting Important features to consider Amount of Storage When choosing your web hosting, one of your primary concerns will obviously be How much data can I store? For most small and medium web sites,
More informationCapability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)
Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One) Presented by: Andrew Schmitt Theresa Chasar Mangaya Sivagnanam
More informationHow Secure is your Video Surveillance System?
How Secure is your Video Surveillance System? Security Whitepaper Table of Contents 1 EXECUTIVE SUMMARY About Verkada 3 A NOTE ON SYSTEM DESIGN Traditional On-Prem + Internet Enabled Remote Access Video
More informationThe Internet of Things. Steven M. Bellovin November 24,
The Internet of Things Steven M. Bellovin November 24, 2014 1 What is the Internet of Things? Non-computing devices...... with CPUs... and connectivity (Without connectivity, it s a simple embedded system)
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationCase study on PhoneGap / Apache Cordova
Chapter 1 Case study on PhoneGap / Apache Cordova 1.1 Introduction to PhoneGap / Apache Cordova PhoneGap is a free and open source framework that allows you to create mobile applications in a cross platform
More information1 Installing KEEP is Easy
Installing KEEP is Easy 1 Installing KEEP is Easy 1. Plug in the network cable to in Internet enabled port, either directly connected to the Internet or behind a router. 2. Connect the power supply to
More informationIntro. Scheme Basics. scm> 5 5. scm>
Intro Let s take some time to talk about LISP. It stands for LISt Processing a way of coding using only lists! It sounds pretty radical, and it is. There are lots of cool things to know about LISP; if
More informationSimpli.Fi. App for wifi DK series cameras OWNER'S MANUAL. APP DSE Simpli.Fi for Wi-Fi DK series cameras. Product description. Download DSE Simpli.
Page: 1 Simpli.Fi App for wifi DK series cameras Product description Simpli.Fi is THE app to control all our WIFI hidden cameras to investigate Series DK. Our investigation for cameras are IP cameras to
More informationWhite Paper. How the Meltdown and Spectre bugs work and what you can do to prevent a performance plummet. Contents
White Paper How the Meltdown and Spectre bugs work and what you can do to prevent a performance plummet Programs that do a lot of I/O are likely to be the worst hit by the patches designed to fix the Meltdown
More informationTo learn more about Stickley on Security visit You can contact Jim Stickley at
Thanks for attending this session on March 15th. To learn more about Stickley on Security visit www.stickleyonsecurity.com You can contact Jim Stickley at jim@stickleyonsecurity.com Have a great day! Fraud
More informationP1_L3 Operating Systems Security Page 1
P1_L3 Operating Systems Security Page 1 that is done by the operating system. systems. The operating system plays a really critical role in protecting resources in a computer system. Resources such as
More informationIoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution
Security Penetration Through IoT Vulnerabilities By Troy Mattessich, Raymond Fradella, and Arsh Tavi Contribution Distribution Arsh Tavi Troy Mattessich Raymond Fradella Conducted research and compiled
More informationYour name please: NetID:
CPS 310 midterm exam #2, 4/1/16 Your name please: NetID: A Tale of Two Clients Plot summary. In which a client Chuck (C) is having a pleasant exchange of requests and responses with server Sam (S), when
More informationRelease Notes. Dell SonicWALL SRA Release Notes
Secure Remote Access Contents Platform Compatibility... 1 Licensing on the Dell SonicWALL SRA Appliances and Virtual Appliance... 1 Important Differences between the SRA Appliances... 2 Known Issues...
More informationFTP Frequently Asked Questions
Guide to FTP Introduction This manual will guide you through understanding the basics of FTP and file management. Within this manual are step-by-step instructions detailing how to connect to your server,
More informationBark: Default-Off Networking and Access Control for the IoT. James Hong, Amit Levy, Laurynas Riliskis, Philip Levis Stanford University
Bark: Default-Off Networking and Access Control for the IoT James Hong, Amit Levy, Laurynas Riliskis, Philip Levis Stanford University The IoT is everywhere So are the attacks... 1. Devices easily compromised
More informationNetwork Insecurity with Switches
Network Insecurity with Switches Aaron D. Turner aturner@pobox.com http://www.synfin.net/ December 4, 2000 Scope The goal of this paper is to discuss the common misconceptions and poorly publicized issues
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationctio Computer Hygiene /R S E R ich
Computer Hygiene Protect Yourself You don't want to be part of the problem If there is a serious attack, you want your systems to be clean You rely on your systems on the air these days Packet NBEMS Logging
More informationSecure IP Camera Video Streaming Through Kurento Media Server
Secure IP Camera Video Streaming Through Kurento Media Server Kgothatso Ngako Council for Scientific and Industrial Research, Pretoria, South Africa kngako@csir.co.za Abstract With the rise of the IOT
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationHacking Blind BROP. Presented by: Brooke Stinnett. Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh
Hacking Blind BROP Presented by: Brooke Stinnett Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh Overview Objectives Introduction to BROP ROP recap BROP key phases
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationiminicam 1080p Wireless Spy Camera User Manual
iminicam 1080p Wireless Spy Camera User Manual imini Spy Camera User Manual Introduction Thank you for choosing the imini Spy Camera. Experience cutting edge technology and enjoy the security that the
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationESPixelStick V2 Assembly and Usage
ESPixelStick V2 Assembly and Usage OVERVIEW The ESPixelStick is a wireless (802.11g/n) pixel controller that interfaces as a standard sacn / E1.31 controller and supports a variety of pixel types. It also
More informationIf you re serious about Cookie Stuffing, take a look at Cookie Stuffing Script.
Cookie Stuffing What is Cookie Stuffing? Cookie Stuffing is a very mild form of black hat marketing, because in all honesty, this one doesn t break any laws. Certainly, it goes against the terms of service
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationWindows
350 7 th Avenue Suite 1605 New York, NY 10001 http://avpreserve.com 917.475.9630 info@avpreserve.com Fixity User Guide Version 0.5 2015-03-04 Contact information AVPreserve http://www.avpreserve.com/ GitHub
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationSecure Programming I. Steven M. Bellovin September 28,
Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem
More informationUnified Security Platform. Security Center 5.4 Hardening Guide Version: 1.0. Innovative Solutions
Unified Security Platform Security Center 5.4 Hardening Guide Version: 1.0 Innovative Solutions 2016 Genetec Inc. All rights reserved. Genetec Inc. distributes this document with software that includes
More informationTen Things You ve Gotta Try in LogMeIn Rescue
Ten Things You ve Gotta Try in LogMeIn Rescue Ten Things You ve Gotta Try New to LogMeIn Rescue? This guide will get you started. Tip: Complete how-to reference is available at help.logmein.com. Do this
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationIn-Memory Fuzzing in JAVA
Your texte here. In-Memory Fuzzing in JAVA 2012.12.17 Xavier ROUSSEL Summary I. What is Fuzzing? Your texte here. Introduction Fuzzing process Targets Inputs vectors Data generation Target monitoring Advantages
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationBest Practice. Cyber Security. tel: +44 (0) fax: +44 (0) web:
Cyber Security Best Practice Official UK distribution partner tel: +44 (0)1457 874 999 fax: +44 (0)1457 829 201 email: sales@cop-eu.com web: www.cop-eu.com Cyber Security Best Practice With the increased
More informationMalware and Vulnerability Check Point. 1. Find Problems 2. Tell Vendors 3. Share with Community
Malware and Vulnerability Research @ Check Point 1. Find Problems 2. Tell Vendors 3. Share with Community TR-069 quick tour / DEF CON recap Motivation The TR-069 Census 2014 Research Highlights Mass Pwnage
More informationUser Manual. Microdigital IP cameras with built-in Ivideon software
User Manual Microdigital IP cameras with built-in Ivideon software Table of Contents Introduction to Ivideon... What is Ivideon about?... Why use an IP camera with built-in Ivideon software?... How to
More informationUsers Guide. Kerio Technologies
Users Guide Kerio Technologies C 1997-2006 Kerio Technologies. All rights reserved. Release Date: June 8, 2006 This guide provides detailed description on Kerio WebSTAR 5, version 5.4. Any additional modifications
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationScribe Notes -- October 31st, 2017
Scribe Notes -- October 31st, 2017 TCP/IP Protocol Suite Most popular protocol but was designed with fault tolerance in mind, not security. Consequences of this: People realized that errors in transmission
More information1 Installing OPI is Easy
Installing OPI is Easy 1 Installing OPI is Easy 1. Plug in the network cable to in Internet enabled port, either directly connected to the Internet or behind a router. 2. Plug connect the supplied USB
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationFor those who might be worried about the down time during Lync Mobility deployment, No there is no down time required
I was trying to find out the Lync Mobility service step by step deployment guide along with the Publishing rule for TMG but couldn't find anywhere except how to install MCX and Auto discovery Service,
More informationIdentifying and Disrupting Mirai Botnets. Chuck McAuley
Identifying and Disrupting Mirai Botnets Chuck McAuley Who me? Chuck McAuley Principal Threat Researcher at Ixia s Application Threat Intelligence team Talks to all the people Goes to all the places Does
More informationNext-Gen Mirai. Balthasar Martin Fabian Bräunlein SRLabs Template v12
Next-Gen Mirai Balthasar Martin Fabian Bräunlein SRLabs Template v12 Mirai and IoT Reaper botnets exploited open Telnet and other known vulnerabilities Mirai botnet
More informationAirServer Connect User Guide
1 Contents Welcome... 3 Unique features... 3 Set up your AirServer Connect... 4 The Home Screen... 5 Navigating Menus... 5 Configuring Basic Settings... 6 Screen Mirroring Methods... 7 Airplay... 7 Mac...
More informationInstructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play
More informationHello World! Computer Programming for Kids and Other Beginners. Chapter 1. by Warren Sande and Carter Sande. Copyright 2009 Manning Publications
Hello World! Computer Programming for Kids and Other Beginners by Warren Sande and Carter Sande Chapter 1 Copyright 2009 Manning Publications brief contents Preface xiii Acknowledgments xix About this
More informationSecurity of Security. Cyber-Secure? Is Your Security. Mark Bonde Parallel Technologies. Wednesday, Dec. 5, :00 a.m. 11:00 a.m.
Security of Security Is Your Security Cyber-Secure? Wednesday, Dec. 5, 2018 10:00 a.m. 11:00 a.m. Mark Bonde Parallel Technologies Mark Bonde Publisher IPVS Magazine Publication Focused on the transition
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationPort Forwarding & Case Study
Introduction TalkTalk's responsibility lies with ensuring that this facility works on their routers, they cannot be held responsible for you devices that you are trying to forward to. This document not
More information