Browsed by
Category: Uncategorized

Evaluating the Effectiveness of Miner Blocker Browser Extensions ?>

Evaluating the Effectiveness of Miner Blocker Browser Extensions

JavaScript crypto miners have been around for quite a while. Monero (XMR), the crypto currency mined by these scripts was released in April 2014. As shown in the following figure, the increase in price of Bitcoin was coupled with increase in price of Ethereum and Monero. This jump led to these in browser miners being over emphasized in the media. Advertisements being replaced by miners Website administrators started including miner scripts in their websites. The more the user stays on…

Read More Read More

Shadowbrokers’ Leaks, Next Versions of WannaCry and Adylkuzz on the Rise ?>

Shadowbrokers’ Leaks, Next Versions of WannaCry and Adylkuzz on the Rise

Introduction During the past couple of weeks, we have seen a rise in public abuse of Shadowbrokers’ leaked exploits allegedly used by the NSA, a handful of these exploits target windows operating system and gives attackers the ability to reliably penetrate into windows boxes! Eternalblue is the name of the exploit that targeted SMB 445 port on windows operating systems that gave you RCE, it was patched by Microsoft a couple of days before the leak but many systems were…

Read More Read More

Analysis of a Scam: Fake Telegram Client (BlackGram) ?>

Analysis of a Scam: Fake Telegram Client (BlackGram)

I’m officially contributing to telescam.ir project where we analyze the growing trend of android malware and scam campaigns spreading via Telegram messenger in Iran. Since Telegram is the dominant messaging application used by Iranians, scammers have built their tools and services on top of this infrastructure. We have observed scam campaigns where they take your money but don’t deliver the service they promised and we have also observed the case where various social engineering techniques are used to get access…

Read More Read More

Never Trust Untrusted SSL Certificates, XSS in Certcc SSLCheck subdomain ?>

Never Trust Untrusted SSL Certificates, XSS in Certcc SSLCheck subdomain

In this blog post I’m going to discuss the XSS vulnerability that I found in sslcheck.certcc.ir. Certcc has developed its own SSL configuration assessment service (like SSLLabs.com). The good point about this is that websites that are only reachable from Iran’s IP addresses can be tested using this service. I was playing around with this website to see how it works in contrast to SSLLabs.com, I found out that it gives you much more options like entering ip addresses, testing…

Read More Read More

Easy Money, As Simple As An Android Scam! ?>

Easy Money, As Simple As An Android Scam!

The story – Smelly Smelly apk One of my colleagues came to me with an apk (Android application), he said he can’t make it work on his Genymotion emulator but he’s 100% certain it’s an Iranian malware. Based on his observation the guy behind this application was spending more than 500$ daily to spread this app on Telegram messenger public channels, he was basically paying channel administrators with huge number of members to advertise and spread his application. A non-exhaustive…

Read More Read More

Generating the Exploit for OpenSSL 1.1.0a, b CVE-2016-7054 Part 2/3 ?>

Generating the Exploit for OpenSSL 1.1.0a, b CVE-2016-7054 Part 2/3

Continuing the previous post, now that we know what MACs are and how they work in the context of TLS protocol we can move further ahead and analyze OpenSSL 1.1.0a and 1.1.0b Heap Overflow vulnerability. To exploit this vulnerability (cve-2016-7054) we need to negotiate a ChaCha20-Poly1305 cipher suite with the server and send a message with a bad mac. Let us first setup the server that’s running OpenSSL 1.1.0a. Setting Up OpenSSL 1.1.0a We can download the desired version from…

Read More Read More

Client Certificate Authentication, Configuring IIS To Authenticate Users Via Hardware Tokens ?>

Client Certificate Authentication, Configuring IIS To Authenticate Users Via Hardware Tokens

Preface What is PKI? Wikipedia says: A Public Key Infrastructure (PKI) is a set of roles, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. Is PKI all about public key cryptography? Not exactly, the emphasis is more on policies and procedures rather than the technology and math. Ok, What does this PKI thing look like? This system consists of different parties, namely the Certificate Authority (CA), the Registration Authority (RA)…

Read More Read More