LAN-blog

LAN-blog

MimiKatz vs Win10 @ MS TechSummit.

HakkeriPosted by Harleyman Sat, April 01, 2017 11:17:43
Så var jeg til Microsoft Tech Summit Copenhagen 2017.

En af de ting jeg bed mærke i var de "nye" IT-sikkerhed tiltag og skal vi sige manglen på samme.

Der var et foredrag hvor de viste at mimiKatz (fra : https://github.com/gentilkiwi/mimikatz )
ikke virker med Windows 10 og frem. Men der kommer sikkert en opdatering fra mimikatz smiley
(de er opmærksom på problemet :https://github.com/gentilkiwi/mimikatz/issues/62 )

Mange af de foredrag der var på Tech Summit ligger på MS-YouTube eller på Channel9.

https://techcommunity.microsoft.com/t5/Microsoft-Tech-Summit/ct-p/MicrosoftTechSummit

Fuld program : Kilde : https://www.microsoft.com/da-dk/techsummit/copenhagen.aspx

Day1:
Tech Summit Keynote

11:30 am - 12:45 pm

An Overview of the Microsoft Application Platform for Developers

Challenges and opportunities in Building Global, ultra-scale SaaS Business Applications

Improve decision-making with Business Analytics in Microsoft Excel 2016

Make your app a native part of Office with Office Add-ins

Modernize your Data Platform with SQL technologies

Move all your communications to Skype for Business Online

Powering IT Transformation with Office 365

Reinventing IT infrastructure for business agility

Secure and manage your digital transformation

The future is closer than you think; broadly deploying Windows 10 for business

1:45 pm - 3:00 pm

Azure SQL Database – A Managed Intelligent Cloud Database for App Developers

Deep dive in the technology stack of Dynamics 365 for Operations

Defend Windows clients from modern threats and attacks with Windows 10 security

Dive into PowerApps, building apps that mean business without writing code

Explore Microsoft Azure Stack “State of the Union” – Foundation 1

Let your apps and services take a front seat in Outlook with Actionable Messages

Moving from legacy on-premises Exchange: upgrade to Exchange 2016, or Exchange Online?

Protect and share data securely with Azure Information Protection

Redefine productivity with the latest Microsoft Office 2016 Features on Windows 10

Running Line of Business Apps on Azure

Take your management and security strategy to the cloud

What's new in Office 365 management: Usage reporting, change management and service health

Windows 10: Deploy and manage Windows as a service (Instructor Led Lab)

3:15 pm - 4:30 pm

Administering Office 365 with PowerShell (Instructor Led Lab)

Build microservices and container solutions using Azure Service Fabric and Azure Container Service

Drive transformative change with advanced analytics in Cortana Intelligence Suite and Microsoft R

Enhance Windows 10 deployment: what's new with Windows 10 deployment?

Explore Microsoft Windows Server 2016 Security

Explore OneDrive for Business key features and roadmap

Explore the new, cross-platform .NET Core 1.0

Get close up with the new Microsoft SharePoint Developer Framework

Microsoft Dynamics 365 – the vision and strategy

Office 365 Groups – Overview & Administration

Protect your business and empower your users with cloud Identity and Access Management

Take advantage of new capabilities in System Center 2016

Turn your users into raving fans of Skype

4:45 pm - 6:00 pm

Bring visibility, control and protection to your cloud apps with Microsoft Cloud App Security

Build modern cloud based web and mobile applications on Azure App Service

Connect your company with Yammer - a vision and roadmap update.

Deploy Microsoft Office 2016 the right way

Discover what's new and what's coming to the SharePoint Mobile and Intelligent Intranet

Dive deep into Operations Management Suite for applications and infrastructure

Engineering for the Cloud at Microsoft CRM

Explore Microsoft Windows Server 2016 Application Platform

Fix web app compatibility with Enterprise Mode

Innovate with Modern BI in the enterprise

Migrating to Exchange Online via Hybrid – over the long haul

SQL Server 2016 Security (Instructor Led Lab)

Understanding Cloud networking planning and troubleshooting with Office 365

Use Azure Infrastructure-as-a-Service (IaaS) as a starting point on your cloud journey

6:00 pm - 7:00 pm

Ask the Experts

Day 2:

10:00 am - 11:15 am

An Overview of the Microsoft Application Platform for Developers (repeat)

Make your app a native part of Office with Office Add-ins (repeat)

Modernize your Data Platform with SQL technologies (repeat)

Move all your communications to Skype for Business Online (repeat)

Powering IT Transformation with Office 365 (repeat)

Reinventing IT infrastructure for business agility (repeat)

Secure and manage your digital transformation (repeat)

The future is closer than you think; broadly deploying Windows 10 for business (repeat)

What's new in TypeScript?

11:30 am - 12:45 pm

Accelerating Office 365 deployment and user adoption

Architecting robust Big Data Solutions with Azure Data Lake

Connect your applications to the cloud through Azure Logic Apps and API Management

Deploy and manage Microsoft Office 365 ProPlus using Configuration manager

DevOps, Microservices and containers - from hype to reality with Red Hat OpenShift and Azure

Enterprise Mobility + Security (EMS) (Instructor Led Labs)

Implement Windows as a Service: understanding how to do it

Introducing Microsoft Teams

Learn about Mobile DevOps with Xamarin, HockeyApp and Visual Studio Team Services

Learn how Microsoft Advanced Threat Analytics combats persistent threats

Microsoft Social Engagement : High performance Java service on Azure

Port your AWS knowledge to Azure

Protect your data with a modern backup, archive and disaster recovery solution

1:45 pm - 3:00 pm

Configuring your heterogeneous environment with PowerShell and DSC

Create a Lab Environment in Azure and LOB Apps in Azure (Instructor Led Labs)

Deliver high scale and low cost solutions with Azure Tiered Cloud Storage

Dive deep into Azure Container Service

Enable a new world of work with Office 365 Identity

Get to know the Skype Operations Framework

How Renault Formula Sport One and Real Madrid C.F. are winning with Microsoft Dynamics 365

Intelligence throughout Office 365: Delve, MyAnalytics, and Microsoft Graph-powered experiences

Keep your OneDrive and SharePoint content safe

Learn about the future of Microsoft PPM

Manage your mobile devices and apps with Microsoft Intune

Microsoft Azure networking: getting things connected

Plan your Cloud PBX deployment

SQL Server v.Next with Support on Linux, Windows and Containers

3:15 pm - 4:30 pm

Building serverless applications with Azure Functions

Detect and respond to advanced and targeted attacks with Windows Defender ATP

Discover Implementation Best Practices, Monitoring & Diagnostics tools for your Azure applications

Dive into the power of the Microsoft Graph API

Explore cross-platform mobile development end-to-end with Xamarin

Explore Microsoft SharePoint Server 2016 and beyond

Get the most out of the Office 365 security solutions

Join your Windows 10 devices to Azure AD for anywhere, anytime productivity

Microsoft Dynamics 365 for Operations

Protect your business with Azure, a secure and trusted cloud

SQL Technologies for Cross-platform Developers

Take control of your data with intelligent compliance in Office 365

Understand the future of software development in the cloud with the Azure Application Platform.





  • Comments(0)//blog.deadmeat.dk/#post309

Demo/Hax0r konf i 2017

HakkeriPosted by Harleyman Wed, February 22, 2017 09:14:16
I år er der flere Demo/hax0r konf./camps der kunne være spændende, men jeg står lidt med overvejelserne om det er noget jeg vil bruge tid på.

De events der er kig på er :

smiley https://2017.revision-party.net/
Invite : https://www.youtube.com/watch?v=bgmMV1MgMww
"Revision takes place from April 14th to 17th 2017 in Saarbrücken, Germany."


smiley https://sha2017.org/
Twitter : https://twitter.com/sha2017camp

"SHA2017 is a non profit outdoor Hacker camp/conference taking place in The Netherlands from the 4th to 8th of August 2017. It is the successor of a string of similar events happening every four years. These are GHP, HEU, HIP, HAL, WTH, HAR and OHM. Similar events are EMF Camp 2016 in the UK, CCC Camp and congress in Germany. The location is the Scoutinglandgoed in Zeewolde, 55km east of Amsterdam."
  • Location: Scoutinglandgoed in Zeewolde, 55km east of Amsterdam.
  • When: 4 - 8 August 2017
  • Buildup from: ±26st of July*
  • Teardown until: ±11 of August*
Billet : https://tickets.sha2017.org

smileyhttps://bornhack.dk/bornhack-2017/
Twitter : https://twitter.com/bornhax

"Bornhack 2017 will be the second BornHack. It will take place from August 22nd to August 29th 2017 on the Danish island of Bornholm. The tagline of this event will be Make Tradition."



  • Comments(0)//blog.deadmeat.dk/#post308

At finde huller i Hardware..

HakkeriPosted by Harleyman Tue, July 19, 2016 14:39:53
Brugte min sommerferie på at finde "sjove" bugs i forskelligt D-link udstyr.
Det er sådan at det meste af det udstyr der kommer på marked i dag er under GPL
og det betyder source koden skal online. NB! bemærk at noget er under BSD!

Jeg har tidligere haft held til til at "hacke" min Router fra Telenor - ved at kigge i firmwaren og de backup funktioner routeren understøtter. Dog har de(telenor) slået funktionerne fra -ØV! smiley
Mere info : http://blog.deadmeat.dk/#post284

Men hvor starter man så? Start med noget simple, som en NAS eller wifi router.( self. din egen!)

1. Find model nummeret på det Dlink udstyr du vil undersøge for sikkerheds-huller.
Går man ind på http://tsd.dlink.com.tw/ og finder den model man vil "kigge" på.
Rigtig mange routere og switches er under GPL og har dermed source koden liggende frit.

2. Hent Linux distro'en Kali fra : https://www.kali.org/

3. Se video'en "kim guldberg hacking 101": https://www.youtube.com/watch?v=wkoR0d5-jeo

Det næste man kunne kigge på var Smart-fjernsyn ,overvågningskamera , biler (Tak Blå tand ) og HD-optagere. Flere af dem understøtter direct-WIFI og har en simple nøgle eller ingen smiley

Ja sku! Der er kommet en opdate til min DNS-320.....NAS box.
WebSite : https://sites.google.com/site/altfirmware/
Firmware : https://sourceforge.net/projects/alt-f/
Google gruppe: https://groups.google.com/forum/#!forum/alt-f



  • Comments(0)//blog.deadmeat.dk/#post306

CCC camp 15 er NoGo!

HakkeriPosted by Harleyman Tue, August 11, 2015 10:35:50
Der er totalt udsolgt til CCC camp 2015 - Bobbi,kim og Thomas var så heldige at få billeter.

Heldigvis er der en del streamning : https://events.ccc.de/camp/2015/wiki/Main_Page



Vel ankommet og tid til en lille lur ...

Sådan ser setup ud... ikke så langt fra OSAA

CCC camp 2015 Badge : https://rad1o.badge.events.ccc.de/

  • Comments(0)//blog.deadmeat.dk/#post303

Password problemer?

HakkeriPosted by Harleyman Thu, June 18, 2015 08:42:30
Så skete det alle ventede på... LASTpass blev hackede og der er adgang til alle de sjove steder smiley

Mailen fra LastPass:

LastPass Security Notice

Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately

blocked suspicious activity on our network. No encrypted user vault data

was taken, however other data, including email addresses and password

reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently

protect our users. To further ensure your security, we are requiring

verification by email when logging in from a new device or IP address, and

will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will

better protect LastPass users. Thank you for your understanding, and for

using LastPass.

Regards,

The LastPass Team

Kilde : http://goo.gl/K9MjEI og https://goo.gl/GyrV7o


MAC er ikke så sikker som sælgeren siger i butikken.... Patch your shit!

"Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's password-storing keychain, break app sandboxes, and bypass its App Store security checks." Kilde : http://goo.gl/nBkSPF



  • Comments(0)//blog.deadmeat.dk/#post299

Du bliver overvåget! (VPN?)

HakkeriPosted by Harleyman Tue, May 12, 2015 18:05:14
Fik lige set DR's program om overvågning...
Du bliver overvåget!: https://www.dr.dk/tv/se/dr2-tema/dr2-tema-du-bliver-overvaget-2

Med Nikolaj Sonne ( https://twitter.com/nikolajsonne/status/596019649067753472 )

Man kunne bruge VPN'er.... (men hvem sidder i den anden ende og lytter til din trafik?)
De nævner TOR i programmet : https://www.torproject.org/index.html.en
Listen over gratis VPN'er: (2015)

HotSpot Shield Free [Windows Only, asked for my Phone Number!]

Private Tunnel Free [Just 100mb data only]

OkayFreedom VPN Free [Free, Ad supported]

CyberGhost Free [Completely Free]

JustFreeVPN Free [Completely Free]

VPNBook Free [Completely Free, No registration required]

AnchorFree HotSpot Shield Elite Free [Free, Ad supported]

proXPN Free [Completely Free]

TorVPN Free [1 GB Free]

VPNGate Free [Hosted at University of Tsukuba, Japan. Completely Free



  • Comments(0)//blog.deadmeat.dk/#post298

Lenovo Adware? SuperFishy!

HakkeriPosted by Harleyman Fri, February 20, 2015 08:31:47
Endnu engang er det bevist at de pre-installed windows der ligger på maskiner man køber er fyldt med crap-ware. Denne gang er det Lenovos maskiner der er undermistanke.
Sådan ser man om man er sårbar og maskinen indeholder Superfish : https://filippo.io/Badfish/removing.html

Lenovo skriver : http://news.lenovo.com/images/20034/remove-superfish-instructions.pdf

Mere om problemet her :

"Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections".
http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

Lenovo has released a list of models that may have had Superfish installed.

G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45

U Series: U330P, U430P, U330Touch, U430Touch, U530Touch

Y Series: Y430P, Y40-70, Y50-70

Z Series: Z40-75, Z50-75, Z40-70, Z50-70

S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch

Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10

MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11

YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW

E Series: E10-30]

Kilde : http://www.bbc.com/news/technology-31533028

"Superfish-adwaren, der har været præinstalleret på Lenovo-computere, laver reelt set et man-in-the-middle angreb for at indsætte reklamer på ellers betroede sider. Lenovo afviser sikkerhedsproblem."
Kilde :
http://www.version2.dk/artikel/adware-paa-lenovo-maskiner-kan-misbruges-af-hackere-til-man-middle-angreb-80608

  • Comments(0)//blog.deadmeat.dk/#post296

Hack din TG788vn !

HakkeriPosted by Harleyman Tue, July 22, 2014 09:54:18
Jeg har her i min sommerferie rodet lidt med min nye Technicolor TG788vn v2 DSL router fra Telenor.
Spørgsmålet var primært :
Hvor sikker er den? (kan det gøres bedre?)
Kommer senere.... tænker Nessus/Nitro og Kali-linux smiley

Kan man ændre de skjulte funktionerne ? (hvad med VOIP?)

Det viser sig at man kan ændre config filen (hente -> ændre -> oploade)
Man finder config filen : Home > MediaAccess Gateway > Configuration > Backup & Restore
Start med : Backup current configuration

Du modtager en : user.ini - Man kan søge efter disable og enable og dermed styre hvad din router kan smiley Når du nu er færdig med at ændre dit setup : Restore saved configuration
Man man også ændre alle service porte og dermed lukke/ændre services...

Jeg fandt sjove ting som:

server config url=https://acs.telenor.dk:8443/tacs/TACSService

server config username=tacsuser1

server config password=_DEV3_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Det er desværre ikke lykkes at cracke passwordet smiley
En af de mere mystiske settings jeg faldt over i user.ini-filen var under "webfilter.ini"

standard category create id=0 name=Pornography type=category

Det er i skrivende stund uvist hvordan den bruges.... Opdateres når jeg ved mere !

Update :
*Et eksempel på user.ini filen(ikke telenor) : http://pastebin.com/raw.php?i=bKXA2QgK
*Ved at kigge i log-filen kan man se der er 2 brugere der ikke står andre steder i systemet. Brugerne : TR69 og support. som man kan se under "Home > MediaAccess Gateway > Event Logs"
"CONFIGURATION saved by TR69"
"LOGIN User support logged in on TELNET (212.242.47.140)"

  • Comments(15)//blog.deadmeat.dk/#post284

Før hakkeri job-samtalen

HakkeriPosted by Harleyman Fri, May 03, 2013 07:43:02

Var til jobsamtale inden for staten omkring et IT-sikkerhedsjob...

Da jeg IKKE har skrevet under på noget om jeg ikke må offentliggøre svarende til prøven er de her... Syntes ikke før-spørgsmålene var så "svære" smiley

Kilde : https://www.surveymonkey.com/s/VSXZ2DQ

Opgave 1:

1. Skriv dit navn
2. Kan du nævne noget malware? Uddyb gerne én
3. Hvordan virker passiv OS fingerprinting?
4. Hvis vi siger SYN, hvad siger du så?
5. Hvis vi siger SYN/ACK ud af det blå, hvad siger du så?
6. Hvad er forskellen på symmetrisk og asymmetrisk kryptering? Hvilke fordele og ulemper er der?
7. Kan du forklare, hvad der er nødvendigt for at kunne brute-force WPA-PSK?
8. Hvordan ville du vælge at gemme et password i en database?
9. Ville du anbefale MD5 som en hash algoritme? Uddyb dit svar.
10. Hvad ville være en bedre hash algoritme end MD5?
11. Kan du forklare hvad et buffer-overflow er?
12. Kan du forklare hvad en ”NOP sled” er?
13. Hvad er en ”race condition”?
14. Hvorfor ville en virksomhed vælge at bruge en proxy server til deres internettrafik? Beskriv fordele og ulemper.
15. Hvordan ville du lægge internettet ned? Alt er tilladt, lige fra at klippe kabler til DoS eller botnets.
16. Hvorfor er der ikke samme niveau af botnet infektioner på Linux og Mac OSX i forhold til Windows-baserede operativsystemer? Er Linux og Mac OSX mere sikre? Uddyb gerne din besvarelse.
17. Hvordan holder du dig opdateret om it-sikkerhed?
18. En kunde nægter at installere en opdatering, der lukker et kritisk sikkerhedshul, fordi der ikke findes en offentlig udnyttelse af hullet. Hvilke argumenter ville du bruge for at overbevise kunden om det modsatte?
19. Kan du sige hvad følgende er? %53%61%79%20%48%65%6c%6c%6f%20%74%6f%20%4d%79%20%4c%69%74%74%6c%65%20%46%72%69%65%6e%64
Svar: Say Hello to My Little Friend
20. Kan du sige hvad følgende er? 541c57960bb997942655d14e3b9607f9
541c57960bb997942655d14e3b9607f9 er: hej
21. Kan du sige hvad følgende er? ZGV0dGUgZXIga29ycmVrdA==
ZGV0dGUgZXIga29ycmVrdA== (BASE64) : dette er korrekt

Opgaver 2: Hvilke IP'er kan du finde i netflow filen? (ud fra BAD_IP og MYN_IP )

Min Løsning:

#!/bin/bash
rm Sort-list.txt
fgrep -f MYN_IP.txt NETFLOW.txt >> tmp.txt; fgrep -f BAD_IP.txt tmp.txt > unsort.txt;
rm tmp.txt
echo "=======FTP :" >> Sort-list.txt
grep ' 21 ' unsort.txt >> Sort-list.txt
echo "=======SSH :" >> Sort-list.txt
grep ' 22 ' unsort.txt >> Sort-list.txt
echo "=======HTTP :" >> Sort-list.txt
grep ' 80 ' unsort.txt >> Sort-list.txt
echo "=======LDAP :" >> Sort-list.txt
grep ' 389 ' unsort.txt >> Sort-list.txt
echo "=======HTTPS :" >> Sort-list.txt
grep ' 443 ' unsort.txt >> Sort-list.txt
rm unsort.txt
cat Sort-list.txt |more

Opgave 3:

I et firma som udvikler udstyr til medicinalindustrien, har man fået den mistanke at pc'en hos en
medarbejder, som hedder Hr. Bob, sender fortrolige oplysninger til en dropserver via e-mail.
Det har været muligt at lave en optage netværkstrafikken på Hr. Bobs pc.

Virksomheden vil gerne vide følgende:

1 - Hvad hedder den fil som blev vedhæftet i e-mailen ? Aftale.docx (word 2010 file)

2 - Hvornår blev det sendt ? Date: Sun, 19 Aug 2012 21:52:55 +0200

3 - Hvem blev e-mailen sendt til ? x@sofucals.com

4 - Hvilken ip adresse blev brugt som afsender IP adresser: 192.168.10.42

5 - Hvad er brugernavn på afsender (base64: Ym9iQGZ5bnNvdXMuY29t )? bob@fynsous.com

6 - Hvad er password på afsender (base64: MTIzNDU2Nzg5cCs=)? 123456789p+

7 - Hvad er filnavnet på den fil som har SHA1: dfb8499dfa41cdef77bd13aeda9e6ca0da178095
Aftale.txt

8 - Hvad står der i indholdet på det der blev sendt ?
Vi mødes på københavns hovedbanegård under uret. - 24 Dec 2012 kl 13.00
Jeg vil være iført Gul jakke med en blå pareply.
Medbring 150.000kr i 100 krone sedler.
Jeg vil medbringe de seneste tegninger på prototyperne som vi aftalte.

-------------------------------------------------------------
Svaret ligger på (fundet med google!)(offline nu!) : http://netcowboy.dk/txt/Svar-puzzle-1.txt

jf. http://www.diffnow.com/
er network_forensics.pcap
filen fra netcowboy : bevis.cap
samme file... så det er nok samme svar ;-)
------------------------------ Flere sjove online på : http://netcowboy.dk/

  • Comments(0)//blog.deadmeat.dk/#post257
Next »