Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Axon

Pages: 1 [2] 3 4 ... 34
16
A new Android Malware has been discovered by AVG which can be “spying” on the user even when the phone is in “Switch off mode”

Mobile Malware Research Team AVG have discovered a new bug which is of great concern to all the Android smartphone users. Usually when user shuts down or puts off the Android phone a dialog box opens asking for 3 options: Power Off, Airplane Mode or Mute. Usually user would select the Power Off option and then the Android phone would shut off. Mobile security AVG team discovered that this Malware captures the “root permission” level of the Power Off process. Once this is done the malware will inject the virus so that the entire Power Off process is locked.

With the malware taking over the Power Off process, whenever the victim clicks the Power Off button an artificial dialog pops up and then the entire fake shutdown process takes place which would resemble as if actually the phone is shutting down. However in reality the phone is still active and working.
http://www.techworm.net/2015/02/android-malware-hijacks-the-smartphone-during-the-shutting-down-process.html

AVG website with some code snippets
http://now.avg.com/malware-is-still-spying-on-you-after-your-mobile-is-off/


17
Hacking and Security / Lenovo superfish scandel
« on: February 21, 2015, 10:59:03 pm »
Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.
http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

Rob Graham, CEO of security firm Errata Security, has cracked the cryptographic key encrypting the Superfish certificate. That means anyone can now use the private key to launch man-in-the-middle HTTPS attacks that won't be detected by machines that have the certificate installed.
http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOX5Ky57RqE

This is crazy, now we can't even trust the laptops manufacturers!! I wonder if other companies have done the same but are still not discovered.

Lesson learned: Do Not Trust The Chinese.


18
Articles / US authorities discover a deadly virus
« on: February 21, 2015, 10:33:17 pm »
Washington (AFP) - US health authorities on Friday announced the discovery of a new virus believed to be responsible for the death of a previously healthy man in Kansas last year. The virus -- named "Bourbon" after the county where the victim lived -- is part of a group of viruses known as thogotovirus, the Centers for Disease Control and Prevention said in a statement.

https://news.yahoo.com/us-authorities-discover-deadly-bourbon-virus-003328329.html

19
Found it on the Webs / PwnPi
« on: February 13, 2015, 06:05:07 pm »
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation’s website and uses Openbox as the window manager. PwnPi can be easily setup to send reverse connections from inside a target network by editing a simple configuration file.

http://www.pwnpi.com/

20
The USB Armory is full-blown computer (800MHz ARM® processor, 512MB RAM) in a tiny form factor (65mm x 19mm x 6mm USB stick) designed from the ground up with information security applications in mind. Not only does the USB Armory have native support for many Linux distributions, it also has a completely open hardware design and a breakout prototyping header, making it a great platform on which to build other hardware.

The ability to emulate arbitrary USB devices in combination with the i.MX53 SoC speed and fully customizable operating environment makes the USB Armory an ideal platform for all kinds of personal security applications. Not only is the USB Armory an excellent tool for testing the security of other devices, but it also has great security features itself:

https://www.crowdsupply.com/inverse-path/usb-armory
Technical documentations.
https://github.com/inversepath/usbarmory/wiki

21
Android / Android Application Security Tutorials
« on: February 03, 2015, 11:19:15 pm »
This series contains some blog post about different types of vulnerabilities which are possible in Android Application’s and there exploitation methods.
https://manifestsecurity.com/android-application-security/

22
Found it on the Webs / Night Vision Device for your smartphone and tablet
« on: January 30, 2015, 05:43:19 pm »
Just saw this on a local internet news website, looks interesting and cool.
http://www.snooperscope.co.uk/
Anyone got it or tried it? Feedback please.

23
So, this was posted on reddit for a couple days, it's interesting and good to read. The author is merely trying to answer a fundamental question to the NSA hacking scandal. Why did we never see it coming?
http://blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html
Obviously, we are facing a very sophisticated offensive machine? 

24
Operating System / Evolve OS
« on: January 26, 2015, 10:05:30 pm »
This is the newest Linux distro to be released in 2015. The first beta release was announced in 26/1/2015. 

Evolve OS is a Linux distribution built from scratch. It uses a forked version of the PiSi package manager, maintained as "eopkg" within Evolve OS, and a custom desktop environment called "Budgie", developed in-house. The Budgie desktop, which can be set to emulate the look and feel of the GNOME 2 desktop, is tightly integrated with the GNOME stack. The distribution is available for 64-bit computers only.

https://evolve-os.com/

25
Security Tools / xsscrapy
« on: January 18, 2015, 09:10:46 am »
xsscrapy is Fast, thorough, XSS/SQLi spider. Give it a URL and it'll test every link it finds for cross-site scripting and some SQL injection vulnerabilities.
https://github.com/DanMcInerney/xsscrapy

26
Security Tools / SPARTA
« on: January 14, 2015, 04:29:01 pm »
SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way.

http://sparta.secforce.com/

27
Found it on the Webs / Slur
« on: December 30, 2014, 11:19:20 pm »
Slur is an open source, decentralized and anonymous marketplace for the selling of secret information in exchange for bitcoin. Slur is written in C and operates over the Tor network with bitcoin transactions through libbitcoin. Both buyers and sellers are fully anonymous and there are no restrictions on the data that is auctioned. There is no charge to buy or sell on the Slur

http://slur.io/

That's disturbing!!!

28
Android / Mobile XSS Scanner
« on: December 29, 2014, 01:19:02 pm »
According to this website, this the first mobile XSS scanner designed for use in Android devices.
http://m.xenotix.in/

29
Android / SnoopSnitch
« on: December 28, 2014, 06:05:36 pm »
SnoopSnitch is an Android app that collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. With SnoopSnitch you can use the data collected in the GSM Security Map at gsmmap.org and contribute your own data to GSM Map.
https://opensource.srlabs.de/projects/snoopsnitch

30
Found it on the Webs / USBdriveby
« on: December 19, 2014, 04:00:53 pm »
USBdriveby is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB in a matter of seconds. It does this by emulating a keyboard and mouse, blindly typing controlled commands, flailing the mouse pointer around and weaponizing mouse clicks.
http://samy.pl/usbdriveby/

Pages: 1 [2] 3 4 ... 34


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.