-
Aditya Singh
Fingerprinting
- Mobile
- Browser via Favicon and Cookies, Cross Browser
- Cross Browser - Scheme Flooding Vulnerability
- Allows for Targeted Advertising without User consent
- CPU/GPU via Mathematical Operations
- Network via TLS
- Side Channel Attacks
- Information leakage from LL CPU behavior.
- Access information via Sweep Counting.
- Clock Deviation
- Inherits inaccuracies leading to small changes in frequency
- Prevention from Browser FP
- Farbling used by Brave (with some drawbacks)
-
Kaushik Pal
TTPs
- Tactics, Techniques and Procedures
- via MITRE ATT&CK Framework
- Hunt for OPSEC mistakes in APTs and TAs.
- Phishing Cluster by Sidecopy PAK
- Check Passive DNS or IP Resolution
- search via fofa
- Chinese APTs (EPFO Attack)
- Large scale phishing + Social engineering campaigns
- Tactics, Techniques and Procedures
-
Abhijit Singh
Binaries
- Searching with Shodan
- “220” “230 Login Successful” FTP: 21
- “Android Debug Bridge” “Device” port: 5555
- Immunity Debugger
- Search for text strings in executables (Under text slab)
- Stack Architecture and Buffer Overflow Condition
- Registers (EBP, ESP, EIP)
- Extended Base Pointer
- Extended Stack Pointer
- Extended Instruction Pointer (called at Termination Pointer)
- nmap scan for syncbreeze application
- wireshark scan and python script for vuln ip request for buffer overflow condition
- check max values to be stored with debugger and python script
- generate pattern with msf and send it to cause an overflow.
- buffer overflow max value is stored in EIP register value.
- check the EIP value match with msf offset.
- use !mona modules for safe and unsafe DLLs
- !mona -find “fileaddress”
- use msfconsole to extract shellcode and convert it to readable format.
- start a netcat listener at the same port
- gain a reverse shell in msf through overflow condition
- Resolution
- ASLR Bypassing
- Searching with Shodan
