Hacking

So there I was...

Today I was sitting at home watching Irongeek’s post of John Strand’s talk Defense In Depth is Dead, Long Live Defense In Depth. And I had one really evil thought:

Someone (such as Bob), could sit at an airport. We all do this it isn’t difficult. He could then turn on his laptop and connect it the airport wireless. Another task, difficult for some, but lets go with Bob being able to. Bob then, pulls out a Fon with Jasager on it. He then connects it to his newly started laptop running evilgrade. Bob’s setup for evilgrade installs and runs the USB Hacksaw payload. Now, every computer that is duped into connecting through Jasager automatically installs a payload that will copy and send all data from any inserted USB stick to... This post is already evil enough, so I will leave it up to you to figure it out. That is also why I haven’t included any in-post links.

For the cost of an airline ticket, Bob has possibly infected and/or circumvented your whole defense in depth strategy.

In closing. Don’t be like Bob. Bob is in jail.

Well, it’s not the only answer but I will call them that because it’s what worked for me:

 Sitting a couple rows down from the line so that no one would see me from the bus line I was targeting, I waited for the bus to come. As soon as it came rolling up and quickly moved into a dash for the door, timing it so that I could cut in line to be the 4th on. When contronted by the bus driver, I said that I had dropped my wallet a few stops back and and wanted to find it. Dropping my wallet while I ‘looked’ for it allowed me to certify this lie. I asked the busdriver if I could ride the bus back around to my original stop. He said yes and I was allowed to ride free of charge. And, due to all of this drama the target was already seated and others have taken up bubble-room spots (no body likes to sit together), so I didn’t look completely odd sitting next to the target. I even got up when a elderly woman came to sit down. By that time dialog was already started with the target and my honor was solidified by my kindness to others.

These challenges don’t have prizes or winners, it’s just here to make you think. The goal is not to raise too much suspicion and gain trust.

Here is the scenerio:

There is a line of government, and commerical workers that are in line for the bus. The bus is late, and everyone has had a long day of work. Your target is the first person in line. The line is 75 people long for a bus with a max occupancy of 35 people. Your target is the same sex as you and has headphones in their ears. You can use any prop item that would not look out of place in line for a bus with other commuters.

Your goal is to sit next to your target in order to start a dialog. You do not need to be 1st, 2nd or even 3rd in line, but you do have to get on the bus with the least amount of suspicion raised. (That doesn’t rule out being flambouant)

Comment your solutions with detail.

EDIT: I will post how I was able to do it tomorrow. For all of these challenges I will publish the way I succeeded at 11:59 PM EST of the next day.

So we are taking a short break from my 4 part series on Maltego to bring you a guest post on runtime packers done by your friendly neighborhood Security Shoggoth. Packers are one of those mystical tech items out there that for most people sound too complicated to even look into. What SecShoggoth and I aimed for with this post is to have understandable yet technical and I think he did an awesome job:

What is a packer?

What do they do?

A packer, also known as a run time packer, is a program which compresses another executable to a smaller size on disk.  When executed, the packed executable is uncompressed in memory and executes.  The time to uncompress the executable in memory is usually not noticeable, making it very advantageous to use one.

There are hundreds of packing programs available.  One of the most commonly used is UPX (http://upx.sourceforge.net) which will pack a number of executable formats.  Unlike most packers, UPX can unpack a program to its original, uncompressed state.  Many packers do not have this functionality and analysts who wish to unpack a program have to find a separate unpacker or manually unpack the program in a debugger.

Why do virus/malware developers use them?

There is one side effect of packers that malware developers have found useful.  Not only does the packer make the malware smaller and easier to transfer, but they also obfuscate or encrypt the internal components of the malware making static analysis virtually impossible. 

For example, normally an analyst would be able to look at the internal strings of a malware sample and determine some of its functionality - such as what registry keys it adds, what URLs it contacts, what functions it loads, etc.  However, by using a packer on the malware, the internal strings would be compressed and obfuscated, hiding them from view.  The only way to view to internal strings would be to unpack the malware - something which is not always an easy thing to do.

Some packers also contain anti-virtual machine, anti-sandboxing and anti-debugging “features” which prevent the packed executable from running if it detects any software analysts typically use to analyze malware.  This makes it much harder for the malware to be analyzed and will extend the amount of time before it can be reliably detected by AV software.

How do they work?

When an executable is packed, the packer compresses the original program and places some wrapper code around it.  When the packed program is executed, this wrapper code runs and uncompresses the original program in memory, loads any dynamic libraries needed by the import table and jumps to the original entry point (OEP) of the now uncompressed program where it begins execution.

As you may have heard me rant and rave about a special USB stick that downloads contact, messaging, and other information from phones just by plugging them in on Episode 5 of Securabit or read about it via an earlier posting on my blog (Crazed Bovine Traversal). A company called Paraben Corporation went out and made it (Motorola and Samsung support only so far)

I first learned about it via CNet’s report “CSI Stick grabs data from cell phones” and you can find it directly on http://csistick.com/ for $199.00 plus you have to buy the accessory “DS Lite” just to read the data on it. (another 99.00). I think they should at least send me one for free for stealing my idea