GSM community edition comes with an artificial restriction to the amount of RAM your VM may use. There is a way to remove it
- Boot up using SystemRescueCd or similar
- mount /dev/sda1 /mnt
- vi /mnt/grub/grug.cfg
- remove all references to mem= (you can also remove CPU limits while at it)
The words “email” and “security” have never mixed, but some things are just too ridiculous to be left as they are.
There are several ways to spoof email, each with their own countermeasures:
- Sender email address -> DKIM and SPF
- Sender email display name -> Solution below
While researching ways to fix this, I came across different methods, ranging from database lookups of valid names to looking for suspicious patterns in the display name. None of those methods get to the root of the problem which is that
senders email display name should never have been a “field” that existed in the first place.
Whose idea was it to create a field where anyone can type in “John Smith” as their name, and to top it all off, the recipients mobile device happily says “you have email from John Smith”. Really? From John Smith? Are you sure? No? Not even little bit sure? Is that because anyone can type in anything they want and there is nothing to verify it against? Then why would you show such information as if it’s the truth? No thanks.
To reverse this horrible mistake, the solution is obvious. Let’s remove email display name from existence and display only email addresses (which can still be spoofed, but at least there are countermeasures in place for anyone trying to get away with it)
/^FROM:.<(.@.)>/ REPLACE From: <$1>
/^REPLY-TO:.<(.@.)>/ REPLACE Reply-to: <$1>
postmap -r header_checks
Piping SMTP commands directly into nc doesn’t work very well. What’s needed is a pause before each command. Something like this
cat "mail.txt" |while read L; do sleep "1"; echo "$L"; done | "nc" -C -v "smtp.example.com" "25"
Recently I saw a demo of AI technology that could count the number of people in a security camera video feed. I thought it was pretty cool and started Googling “how did they do that?”. First I came across scientific papers that require you to have an advanced math degree to understand, but soon I stumbled across a whole other class of open source projects that are pre-packaged and ready to go with zero math. If you can handle the level of complexity roughly equivalent to compiling a Linux program from source, you can also start using powerful AI today.
Presentation is today at the Nicholls Family Library at 5 PM
Download copy of the PowerPoint presentation here
Most modern apps rely on SSL pinning to make sniffing SSL traffic through proxy more difficult. This is great security-in-depth practice, but it’s a real pain when trying to inspect app’s traffic as a part of vulnerability assessment or penetration test. Luckily there if Frida.
- Run frida-server https://www.frida.re/docs/android/
- frida-ps -Uai #find the target’s application identified ex: com.company.myapp
- download file bypass.js into current directory
- frida -U -f com.company.myapp -l bypass.js –no-pause
With increased security, it’s getting trickier to intercept HTTPs traffic send by Android Apps. For that reason most methods rely on rooting Android. But what to do when you don’t have a rooted Android on hand?
Use Android Emulator from Android Studio:
- Go to “Settings->Wireless & Networks->More”
- Go to “Cellular Network Settings”
- Go to “Access Point Names”
- Edit Proxy and Port fields
- Install root cert from BurpSuite or whatever tool you are using to intercept the traffic
- Install and run your APK
When you need to protect an application against XSS and other nasty attacks, but you can’t modify the source code, ModSecurity can save the day.
- Install apache
- Install ModSecurity
- Setup apache as a proxy with the following configuration
#SecRuleRemoveById 999999 whitelist any rules here
- Turn on /etc/modsecurity/modsecurity.conf
5. Turn on CRS blocking in /etc/modsecurity/crs/crs-setup.conf
6. Watch /var/log/apache2/modsec_audit.log for false positives and tweak rules accordingly
Today we launched a new company called ArmorEye. ArmorEye specializes in cyber security. Check us out if you need vulnerability assessments, penetration tests or emergency response.
You can also follow us on github and twitter
Show raw device names
#example output may look something like this
Export to file
dd if=/dev/zvol/rpool/data/vm-100-disk-1 of=/file.raw
Convert to HyperV
qemu-img convert -f raw /file.raw -O vhdx -o subformat=dynamic /file.vhdx
Mount file.vhdx on HyperV and start
One liner method:
Forget about the export and feed the raw device directly to qemu-img
qemu-img convert -f raw /dev/zvol/rpool/data/vm-100-disk-1 -O vhdx -o subformat=dynamic /file.vhdx