Assessing a SAProuter’s Security with Onapsis Bizploit
part 1: http://blog.onapsis.com/assessing-a-saprouters-security-with-onapsis-bizploit-part-i/
and part 2: http://www.onapsis.com/blog/assessing-a-saprouters-security-with-onapsis-bizploit-part-ii/
For more information about vulnerabilities affecting the SAProuter, attacks and countermeasures, you should have a look at our SAP Security In Depth publication “Securing the Gate to the Kingdom: Auditing the SAProuter”.
... registration required to get the file Onapsis_SAP_Security_In-Depth_Volume_6.pdf
Testing SAProuter Basic Functions
http://help.sap.com/saphelp_nw70/helpdata/en/4f/992dd7446d11d189700000e8322d00/content.htm
Piercing SAProuter with Metasploit
https://community.rapid7.com/community/metasploit/blog/2014/01/09/piercing-saprouter-with-metasploit
I got a new esp8266 yesterday. an ICSP programmer and a hackaday trinket pro.
for some serial interface magic. now just need a voltage regulator for 3.7v lipos for the tiny little esp8266
amazing. 6$ for a wifi AP and client and microcontroler all in one tiny little chip
serial interface and two GPIO pins
so can connect the trinket up to it to conect more GPIO via arduino software :-)
esp82666 is a good add on to ANYTHING
the esp runs a compilled programm only so no OS
It's so cheap it's hard not to get one :-)
http://www.seeedstudio.com/depot/s/esp8266.html?search_in_description=0
http://hackaday.com/tag/esp8266/
some examples in the second link and a china shop to order from in the first.
you MIGHT like the trinket pro also: just for artistic reasons :-) :http://store.hackaday.com/products/trinket-pro-with-black-solder-mask-and-the-hackaday-io-logo
...
https://nurdspace.nl/ESP8266
http://www.zoobab.com/esp8266-serial2wifi-bridge
how to export serial consoles through the network with the ESP-LINK firmware: https://github.com/jeelabs/esp-link
to be completed
C’est une nouvelle vulnérabilité touchant le protocole TLS qui vient de faire son apparition. Baptisée LogJam, elle touche les connexions chiffrées via l’algorithme Diffie-Hellman.
source en anglais
The Logjam attack https://weakdh.org/
Guide to Deploying Diffie-Hellman for TLS https://weakdh.org/sysadmin.html (recommendations pour serveurs)
Increasing the minimum TLS DH group size to 1024 bits https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/WyGIpevBV1s
à voir
décortiquer une clef ssh privée, et conversion en PKCS8
Dubbed VENOM (Virtualized Environment Neglected Operations Manipulation), the zero-day flaw takes advantage of the “virtual floppy disk controller” and potentially allows attackers to escape out of the virtual machine and execute malicious code on its host.
Rombertik is a complex piece of malware with several layers of obfuscation and anti-analysis functionality that is ultimately designed to steal user data.
lié depuis http://www.cyberisques.com/fr/mots-cles-3/442-etude-trend-ponemon-proteger-sa-vie-privee-contre-la-divulgation-de-donnees-sensibles-et-confidentielles-sans-autorisation-est-un-droit
(voir les liens en bas pour le rapport complet)
This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv is convenient for further analysis. It supports getting the $MFT from a variety of sources.
https://github.com/jschicht/Mft2Csv/wiki/Mft2Csv
https://github.com/jschicht
http://www.cisco.com/c/en/us/products/ios-nx-os-software/eos-eol-listing.html
? IOS 12.2 http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-release-12-2/prod_end-of-life_notice0900aecd80330813.html
-> IOS 12.2.33 SXJ http://www.cisco.com/c/en/us/products/collateral/switches/mgx-8800-series-switches/end-of-life-notice-c51-729742.html
? IOS 12.3 http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-3-mainline/prod_end-of-life_notice0900aecd8052e110.html
? IOS 12.4 http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-4-mainline/end_of_life_notice_c51-574251.html
? IOS 15.x http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-15-1m-t/eos-eol-notice-listing.html
and browse here: http://www.cisco.com/cisco/web/psa/default.html?mode=prod&level0=268438303
ex:
- 3548 XL http://www.cisco.com/c/en/us/support/switches/catalyst-3548-xl-switch/model.html IOS 12.0(5)WC17 http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3500-xl-series-switches/prod_end-of-life_notice0900aecd8021a948.html
? PANOS https://www.paloaltonetworks.com/support/end-of-life-announcements/end-of-life-summary.html
? ScreenOS http://www.juniper.net/support/eol/screenos.html
? TMOS F5 / BIGIP https://support.f5.com/kb/en-us/solutions/public/3000/200/sol3225.html
