IO Shield is a personal platform to share Cyber Security expertise, offering:
- Resources to build field kit for CyberSecurity researcher
- IOT devices Reversing experiences
- Pentesting and auditing Services
- Cheat sheets
How to consider an IOT device ? What are the interesting fields ? What kind of services are connected and distributed in the cloud ?
December 2016 :
Bears in the Midst: Intrusion into the Democratic National Committee, by crowdstrike : APT29 ( COZY BEAR, CozyDuke), APT28 (FANCY BEAR,Sofacy)
<SU Bin > Document de la Cour américaine :
Businessman living in Vancouver faces extradition orders for hacking U.S. military info
|Année de date de compilation connue||Nom de la famille de malwares (Source : Mandiant)|
|2007||BISCUIT, MANITSME, STARSYPOUND, WEBC2.Y21K, WEBC2.UGX, TARSIP|
|2008||DAIRY, SWORD, HELAUTO, HACKSFASE, WEBC2.AUSOV, AURIGA|
|2009||GREENCAT, WEBC2.CLOVER, MACROMAIL, GOGGLES, NEWSREELS, WEBC2.RAVE, WEBC2. ADSPACE, WEBC2.HEAD, BANGAT|
|2010||SEASALT, LONGRUN, WEBC2.TOCK, WEBC2.YAHOO, WEBC2.CSON, WEBC2.QBP, WARP, TABMSGSQL|
|2011||LIGHTBOLT, COMBOS, WEBC2.DIV, GDOCUPLOAD, COOKIEBAG, GLOOXMAIL, MINIASP, BOUNCER|
|2012||CALENDAR, WEBC2.TABLE, WEBC2.SOLID, KURTON|
SRC MISC 85
Trust me, trust me not ...
How Google detect local interception in French private network ?
In dec 2013, French Government ANSSI responsible of a MITM against Google SSL-TLS ? ... Not Exactly ...
- Superfish, installed on somes lenovo devices, uncrypted HTTPS stream for proper advertissment. The same certificate and and key for all targets.
- Privdog, intercept server certificate and replace it by his own (signed by his own root) . Create a certificate and a key on each device.
- FREAK (Factoring RSA Export Keys) CVE-2015-0204, ex the Kaspersky Anti-Virus with a bad implementation of TLS and no HPKP
- CRIME (Compression Ratio Info-Leak Made Easy) CVE-2012-4929 , ex Kaspersky Anti-Virus 184.108.40.2064
- An firefox addon to check if your HTTPS stream is intercepted.
- SSLsplit MITM attacks against SSL/TLS encrypted network connections (available in kali)
- Let's Encrypt
- HSTS - HTTP Strict Transport Security - web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking
- HPKP - HTTP Public Key Pinning - security mechanism which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates (Not supported by IE !)
- Weak Ciphers auditing : on server side with nmap ssl-enum-ciphers and on client side with SSL Cipher suites of your browser