PRINT
PRINT
SEND MAIL
SEND MAIL

Month: September 2017

TUTORIALS

Analysis of AddressBook and Call History data

Analysis of AddressBook and Call History data Analysis of artifacts on iOS devicesThroughout the following paragraphs, I will be going through a discussion about the objects on an iOS device and their interpretation. That is regardless whether it was the user’s interaction that generated them or the device itself along with its features. However, most of the extracted artifacts will be of one of two main formats. These are either the .plist files used for the sake of configuration files or of SQL database…

TUTORIALS

How to use Dander Spiritz Tool ( available with kerberos)

tutorial  by MisterCh0c I setup a lab with 2 Windows 7 machines (32 Bit but should wokr on 64 too), one for the attacker and one for the victim. I am using the FUZZBUNCH tool from the leak which is some kind of exploit framework kinda like metasploit. Basically you use it to run exploits. Let’s use the ETERNALBLUE (MS07–10) exploits to take over the victim machine   After that we have several option. We can run shellcode on the machine or any .dll or .exe. In…

TUTORIALS

SQLite Databases and Plist Files

SQLite Databases and Plist Files What about partitions?Partitions are the components on which different data could get stored inside a device. It comes without saying that the mechanisms differ according to the user to specify partitions and allocate storage to them when it comes to computers or personal laptops. On the other hand, one does not have that much freedom when it comes to a mobile device. The manufacturer of such equipment is the one responsible for such allocation of resources. Hence, Apple is…

TUTORIALS

Physical Acquisition of iOS data

How to acquire iOS data using physical acquisition techniques?Acquiring a bit by bit image of a system is always the best case in favor of someone performing forensics on a system. That is what is meant initially by the physical acquisition of IOS data. The next step of the procedure is to check that both the copy and the original data are precisely the same with no slight change. While this technique can be performed soundly and correctly on computers like laptops and desktops,…

EXPLOIT-COLLECTOR

BlueBorne Kernel version v3.3-rc1 Denial Of Service Vulnerability

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

TUTORIALS

Logical Acquisition on an iOS device

What are the operating modes of an IOS device?When it comes to iOS forensics it is really an important issue to understand and distinguish between the diverse operating modes that an iOS device could be working on. There are in fact three modes that are available for an iOS device to be working on. These include Normal Mode, Recovery Mode, and DFU Mode. An examiner shall be aware of such modes to turn a device into it while performing forensics on it. This aspect…

EXPLOIT-COLLECTOR

Oracle Advanced Outbound Telephony 12.1.3 unauthorized Remote Code Execution Vulnerability

Oracle Advanced Outbound Telephony is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

EXPLOIT-COLLECTOR

Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.