HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kokx

no profile record

Submissions

Reverse Engineering the Duco Connectivity Board

github.com
35 points·by kokx·2 years ago·4 comments

comments

kokx
·5 months ago·discuss
The article literally talks about how one of the server implementations does exactly that:

> Does this affect Prosody?

> Not directly. Let’s Encrypt is not the first CA to issue server-only certificates. Many years ago, we incorporated changes into Prosody which allow server-only certificates to be used for server-to-server connections, regardless of which server started the connection. [...]
kokx
·11 months ago·discuss
I wouldn't be surprised if this happened without JD Vance's knowledge. This sounds like a thing that Secret Service would make happen to make sure they can secure him at all times.
kokx
·12 months ago·discuss
Our politics does have some good parts. The political system we have is reasonably good. We have many political parties due to the proportional representation system. A single party is also unlikely to get a majority in parliament on their own, so parties with different backgrounds will have to work together to form a functioning government.

We do suffer from many political parties not willing to cause short term pain to improve long term outcomes. There are a few urgent issues going on in politics at the moment. Stuff where a decision needs to be made now and action should be taken. But the political parties do not want to make those decisions because they would inflict short term pain to some voters but would also improve the long term quality of life and economics of the Netherlands.

The worst part is that those issues have been known for a long time, but decisions were postponed over and over again because politicians didn't want to make the decision. Making the issues worse and more urgent over time.

At the same time populism is clearly on the rise in the Netherlands. A famous thing happening in a debate before the previous elections was a populist saying "But this woman cannot wait for the costs to be decreased, she needs it now." about decreasing a specific part of healthcare costs for citizens. Of course when the same populist became the biggest party during the elections, they never introduced anything to decrease that part of the healthcare costs.
kokx
·12 months ago·discuss
This depth you are never going to get in a college education anyway. Especially not since programming isn't (and shouldn't be) the only thing you learn in a Software Engineering / Computer Science bachelor.
kokx
·last year·discuss
The type of work the people working at an APT do, is mainly office work, while it still is very much "hands-on-keyboard" work (so you cannot set an action to automatically occur when nobody is checking the results in the middle of the night). You might want to try shuffling this up when you are in charge, but your (usually highly skilled and expensive) employees probably don't want to be working weird shifts all the time. Especially when they have families.

It also may not be worth it. Generally APT's want to stay under the radar while they are executing. But after the goals have been reached, most of the time it doesn't matter much if they get attributed. We have yet to see real consequences against any APT's. So paying your employees more to work night shifts, likely doesn't stack up against the consequences of attribution.
kokx
·2 years ago·discuss
The biggest piece of advice I have is to not give up too easily. The writeup makes things seem a lot easier than they actually are. While working on this project I had many moments where I almost gave up. Pushing past such roadblocks can get you to great insights.

For learning how to do such things? Well, a general computer science or electrical engineering background is a great start already. Ideally you learn a bit about embedded systems and how electricity works on circuit boards. A great resource for this is Big Clive on Youtube [1] who reverse engineers many circuits on his channel.

Tinkering around with hardware at a lower level will also reward you with a lot of knowledge. For example just working with an ESP32 and some off-the-shelf sensors will help you get a feeling for how these things work. See if you can communicate with other systems as well this way. Try to do as much as possible using jumper wires and breadboards rather than premade cables, so you get to know how it works. Also get a multimeter (one that beeps) and get comfortable using it. If you're unsure which multimeter to get, Big Clive has a pretty good video about that.

One thing I recommend getting is a logic analyzer. You don't need to go for an expensive Saleae (you can find pretty cheap clones on your regular Chinese webshops for example). Then just use it to investigate things that you already have access to. Attach it to a UART port where you know data is sent over and see if you can obtain that using the logic analyzer.

Then you can probably step over to investigating things you don't know. Just figure out with a multimeter what the voltages are and see if maybe data is sent over the line.

[1]: https://www.youtube.com/@bigclivedotcom
kokx
·2 years ago·discuss
With a little trickery with URL's you could construct something like:

https://github.com/example/project/releases/@example-project...

Due to everything in a URL before the @ being interpreted as a username for basic authentication, this would result in the user navigating to https://example-project-v1.zip instead of to github.

Edit: Fortunately it seems like browsers have caught on to this trick
kokx
·2 years ago·discuss
Usually that CFO doesn't have admin privileges. However, the exe he ran could very easily make use of a privilege escalation exploit on a service that does run with admin privileges. An exploit that is a buffer overflow or otherwise an exploit that is possible due to memory safety issues.

Or that exe tries to connect to other services in the network to exploit a buffer overflow on another system. An example of such an exploit was EternalBlue.

So yes, you're probably right that from a purely external perspective, attackers are unlikely to gain initial access using exploits targeting memory safety. However, once they are in, there are all sorts of memory safety bugs that could be used.
kokx
·3 years ago·discuss
As a pentester that did exactly this in many corporate networks: this is extremely effective. Just announce with a router advertisement that there is a DHCPv6 server and start handing out link-local IPv6 addresses while you specify your own system as DNS-server.

Clients (both Windows and Linux) will prefer the DNS-server specified through IPv6 over the one from IPv4. Then you can spoof any DNS record and capture juicy NTLM hashes flying through the network or relay their authentication and get a free authenticated connection.

This is most effective in networks that were designed for only IPv4 and didn't consider IPv6 at all. But it is also effective in some networks that do use IPv6.

Mitigations? Either disable the IPv6-stack on all systems, or configure your switches to block the router advertisements and do not allow DHCPv6 traffic to the wrong systems.
kokx
·4 years ago·discuss
I'm from the Netherlands as well, and I'm very scared of the talks of permanent DST over here. Which means that the sun would rise at 9:45 if we permanently switch to DST. Our country would be better suited at UTC, instead of UTC+1. Keeping it permanently at UTC+2 would be a special form of hell for me.
kokx
·7 years ago·discuss
If you mean that you have physical keys which you can remap, such as the Optimus Maximus keyboard concept [1], that would indeed be a great idea.

However, I would not be certain if I could type well on a full-touch screen keyboard such as the Optimus Tactus [2]. I do my typing blindly, having a touch screen would constantly require me to find the correct position for my fingers by look. While on a normal keyboard that is easy to do by touch.

[1]: https://www.artlebedev.com/optimus/maximus/ [2]: https://www.artlebedev.com/optimus/tactus/
kokx
·7 years ago·discuss
Most cryptographers do not see Telegram as a secure encrypted protocol. This is for two reasons: the first one is that Telegram doesn't do end-to-end encryption by default (and if you enable it, functionality is limited). And secondly, they roll their own cryptographic protocol.