November 23rd, 2014


This is a useful XSS reference page that adds to, and puts an interface on, the previously mentioned XSS Cheat Sheet by RSnake. GnuCitizen has had a lot of interesting posts on XSS type attacks recently, and also has some other interesting projects going on that help demonstrate (well) that XSS isn’t a benign attack vector. If you’re at all interested in web application security, I reccommend both GnuCitizen and

MRL and upcoming conferences

We have a couple conferences that we’ll be going to and also speaking at that are coming up over the next couple weeks. The first is Toorcon, and then the following week we have Security Opus. Both of which are very much worth attending (even if we weren’t speaking there, =), so you should come out and join us. Say “hi” if you’re around, we should have MRL stickers on hand. Here’s the schedule:

See you there!

What google thinks of MRL

So, this is what Google thinks of MRL after our meeting… especially after playing around with SEAT. :)

MRL September meeting

Fellow Hackers, Slackers, and Code-crackers:

On Friday September 15th at 7pm PST we will be holding our monthly
official Midnight Research Labs meeting.

This month I (Aaron) will be giving a mini-presentation on an
introduction to distributed cracking with clusters, which leads to a
new potential MRL project (wicrack). Depending on time, I may even
have a proof of concept ready. We'll potentially be poking at some
hardware that Jason is bringing, and we'll also be doing a "glowing
electric pickle" experiment (this time without fire or law enforcement :).

As always, anyone with cool toys, or interesting project ideas, bring
them along.

Light refreshments, pizza and beer will be served.

Phase 0x0: Bootstrapping
- Greetings and welcome
- MRL updates and status
- MRL projects update
Phase 0x1: Initialization
- Mini-presentation: Intro to distributed cracking with clusters
- wicrack brainstorming
- Poking at hardware
- Electric glowing pickle experiment
Phase 0x2: Local exploits
- Food
- Off topic tools, toys and other shiny things -- If anyone
has any interesting to show off or play with, please bring
- Whatever till whenever -- This is the more social
part of the event. People are invited to stay and
hack and have a couple drinks till whenever this
phase is no longer self-sustaining, =)


I just found this pretty interesting project called WifiTap. Basically it allow for communication over a wifi network through traffic injection so that you’re not actually associated to the AP through the driver interface. Apparently you can actually route IP traffic over it and everything like a “real” interface.

The reason this is cool for us, is that it’s a step closer to the 2.0 framework for wicrawl and being able to multi-plex Access points over one card. It’s proof that a software only stack for 802.11 works end to end without crazy firmware issues. A video of his presentation at recon is available online.

Another cool thing I found out while checking out the presentation, is that Scapy actually has packet classes for all the of the different 802.11 management frames, etc.

netcat in the hat

If you’re not familiar with The Ethical Hacker Network you should check it out, it has a decent amount of good content for the aspiring hacker. Among other things, they have new security news and tutorials, but probably the most interesting is the challenges that they post every other month or so. I found the latest challenge entertaining, so I thought I would forward it on. The challenge is in the form of a Dr. Seuss like peom titled netcat in the hat. If you are a winner in one of the categories for the challenge, you get an autographed copy of Counter hack reloaded.

Packet Attack Map

Here’s A little flash movie showing a sample of traffic submitted to dshield within the last 5 minutes:


1 pixel: < 10
2 pixel: < 100
3 pixel: < 1000
4 pixel: < 10000

The color indicates the packet type based on the following classification:
Blue: Not categorized.
Red: Well known services (Ports 80,53,25,22 ...).
Yellow: Windows related traffic (Port 135,137,139... ).
Green: P2P Traffic/Afterglow (Port 6881,6346,4672... ).

The Science of fingerprints and Security Engineering

I found a couple interesting books linked from that are online and available for free. The first is Security Engineering, a Guide to Building Dependable Distributed Systems with a forward by Bruce Schneier. You can download it in chapters, or you can find the whole book in torrent form here.

The second book is The Science of fingerprints. It was written by the FBI in 1963. Its introduction is by J. Edgar Hoover and the book is available on Project Gutenburg. Another site (posted in the comments) had some interesting links on fingerprints and current technology and also a document on the official Interpol “Method For Fingerprint Identification”.

Here is an excerpt from the introduction by J. Edgar Hoover:

This booklet concerning the study of fingerprints has been prepared by the Federal Bureau of Investigation for the use of interested law enforcement officers and agencies, particularly those which may be contemplating the inauguration of fingerprint identification files. It is based on many years’ experience in fingerprint identification work out of which has developed the largest collection of classified fingerprints in the world. Inasmuch as this publication may serve as a general reference on classification and other phases of fingerprint identification work, the systems utilized in the Identification Division of the Federal Bureau of Investigation are set forth fully. The problem of pattern interpretation, in particular, is discussed in detail.

Here is a partial diagram from the science of fingerprints

New Tools

So every once in a while I troll around the PacketStorm latest tools RSS feed, and this time I noticed a few things of interest:

  • – A new version of Aircrack-ng is out. It fixes many bugs. I also just noticed that it now has windows support.
  • Iodine looks like a good easy way to tunnel IPV4 over DNS. I think that anyone who travels should have something like this, or ptunnel (ping tunnel) setup and running since many wi-fi captive portals still allow ICMP and DNS through.
  • rhj is a proof of concept syscall hijacker. This looks pretty cool, I still need to test it out though. I’m curious how well it works.

These are all good candidates for the “tool of the week” column I’ve been meaning to get off the ground — If anyone feels like putting together a write-up, I’ll make sure to post it here.

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS