»NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.«
Impact: The implant has access to almost all of the personal information available on the device, which it is able to upload, unencrypted, to the attacker's server. The implant binary does not persist on the device; if the phone is rebooted then the implant will not run until the device is re-exploited when the user visits a compromised site again. Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.
We introduce SMoTherSpectre, a speculative code-reuse attack that leverages port-contention in simultaneously multi-threaded processors (SMoTher) as a side channel to leak information from a victim process. SMoTher is a fine-grained side channel that detects contention based on a single victim instruction.
Gerade im Bereich der IT halten externe Berater (und auch Mitarbeiter) sich oft mehr oder weniger an den Vorgaben der Aufsicht fest. So manch einer hat keine Ahnung, ob das eigentlich zielführend ist - und von was redet der Techniker am anderen Ende des Tisches da eigentlich?!?!!!??? Garniert mit eigenen Anekdoten, kleinen fiktiven Beispielen und absolut tauglich für Anfänger: Informationssicherheit & IT-Risikomanagement am Beispiel der Bank B!
Wireless devices are everywhere, at home, at the office, and on the street. Devices are bombarding us with transmissions across a wide range of RF frequencies. Many of these invisible transmissions reflect off our bodies, carrying off information about ou location, movement, and other physiological properties. While a boon to professionals with carefully calibrated instruments, they may also be revealing private data about us to potential attackers nearby.
In this paper, we examine the problem of adversarial WiFi sensing, and consider whether ambient WiFi signals around us pose real risks to our personal privacy. We identify a passive adversarial sensing attack, where bad actors using a single smartphone can silently localize and track individuals in their home or office from outside walls, by just listening to ambient WiFi signals. We experimentally validate this attack in 11 real-world locations, and show user tracking with high accuracy. Finally, we propose and evaluate defenses including geo-fencing, rate limiting, and signal obfuscation by WiFi access points.
For decades, discussion of software reuse was far more common than actual software reuse. Today, the situation is reversed: developers reuse software written by others every day, in the form of software dependencies, and the situation goes mostly unexamined.
OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.
Security researchers have found a way to corrupt the firmware of a critical component usually found in servers to turn the systems into an unbootable hardware assembly. The recovery procedure requires physical intervention to replace the malicious firmware.