HackerTrans
TopNewTrendsCommentsPastAskShowJobs

noproto

no profile record

Submissions

Break Me If You Can: Exploiting PKO and Relay Attacks in 3DES/AES NFC

breakmeifyoucan.com
52 points·by noproto·6 เดือนที่ผ่านมา·44 comments

comments

noproto
·6 เดือนที่ผ่านมา·discuss
All of the attacks are released for the three platforms (Proxmark3, Flipper Zero, and Chameleon Ultra). Our goal was day 1 support for RFID testing devices.
noproto
·5 ปีที่แล้ว·discuss
Took a look at my own codebase, which is 99% Rust. All gray, I'm guessing Rust isn't currently a recognized file type? Either way, very nice! I currently use the "dirtree" tool (https://github.com/emad-elsaid/dirtree) to generate diagrams like this of my codebase for documentation: https://github.com/WhiteBeamSec/WhiteBeam/wiki/Code-layout

The "eralchemy" tool (https://github.com/Alexis-benoist/eralchemy) is also excellent at visualizing SQL databases: https://github.com/WhiteBeamSec/WhiteBeam/wiki/SQL-schema
noproto
·5 ปีที่แล้ว·discuss
No worries. I brought it back, DNS propagation just finished. Someone may have killed init or the like, which the software allows root to do. After all, why stop hackers from removing their own access and alerting the NOC team? :)

To whomever murdered init in cold blood: the challenge server is for trying to bypass the security software. If there are too many attempts to simply bring it offline I'll have to keep it powered off for a bit.
noproto
·5 ปีที่แล้ว·discuss
Yea, sure. It's a server provided for security researchers. The challenge is to run any program we haven't allowed from the root shell. It's been defeated and patched 3 times over the past 2 years. You can get the list of allowed programs by running `whitebeam --list whitelist | grep Executable`. The details (and bounties) are listed here: https://github.com/WhiteBeamSec/WhiteBeam/blob/master/SECURI...

Unlike the challenge system, we also run some honeypots that record attempts. That way it's easy for both whitehats and blackhats to contribute to the overall QA testing.
noproto
·5 ปีที่แล้ว·discuss
I spent a weekend recently comparing GoTTY to similar solutions and GoTTY/ttyd (the C port) are the best projects. Ultimately, I chose ttyd (https://github.com/tsl0922/ttyd), because the main GoTTY project was abandoned 4 years ago. ttyd works very well for my use case, which is sharing a server to test some experimental security software. So far I've gotten thousands of more attempts by running a webserver than sharing SSH credentials. If you'd like to try the server, it's here: http://challenge.whitebeamsec.com/. The font/style are all configurable. The only downside is mobile browsers have difficulty typing.