null.co.in

CopTech … (Ajit Hatti)

// September 21st, 2009 // 3 Comments » // Blog

Event : CopTech
Date : 16th September
Venue : Commissioner Office, Pune

Introduction to CopTech :

Pune Police along with Nasscom and Data Security Council of India (DSCI) on 30 June, established the Cop Tech forum to increase sharing of ideas & knowledge on cyber security between the Cops and the IT Industry. In presence of many CXO of reknowned IT Industry and top brass cops Commissioner of police Satya Pal Singh signed a memorandum of understanding (MoU) with Nasscom.

< IT compnies see CopTech as a great business oportunity. Some how we didnt find any one from IBM who were there in last inaugural meet>

The Event :

Presence :  60+ members, mostly from IT, BPO, Security Consultants and NULL. <around 14 NULL Members, Majority >
Anchored by : DCP Rajendra Dahale.
Headed by : Comissioner of Police Dr.  Satya Pal Singh

<He has huge  popularity among the youth, probably the only tech savy commissioner who blogs, inaugurate Hacker Summits and Promotes Cyber Security at such a great level>

Other dignities :

Mr. Pratap Reddy (IPS, Security Advisor to NASSCOM)

<Guys, we were impressed by his knowledge & great visibility in the operations of IT and Police Department.> ,

Anant Shinde (Add. Comm. of Police Crime Branch)

Deepak Shikarpur (President Computer Society Of India)

<Pune’s IT Icon, he is very popular in Pune, writes columns, I have read some of his sci-fi type tech columns >.

Anand Deshpande (MD Persistent Systems)

<Persistent is higly respected organization in Pune. Its  Devang Methat auditorium is home to many technical conferences and community driven activities>

Opening Speach : Mr. Dahale
Breifed on the coptech initiative and the challanges in front of cyber crime department.
Few intresting points he maidjottings out of his speach

1. Cyber Crime Cell Pune – Formed on first 1st July 2003 and 5 cases were registered in the same year.
2. 207 casese were registered in 2008
3. 182 cases have been reported till 31 Aug 2009
4. The major cyber crime complain comprises of
1. Defacing on orkut and other social sites (67)
2. Nigerian Frauds (12)
3. Mobile Hacking (52)
4. Email account hacking (11)
5. Others.

The Highlight of CopTech : Mr. Pratap Reddy

Mr. Reddy took on the discussion further and enumurated the challanges the Police department has in fron of them

1. Modernising Police Control Room : Drawing an anlogy between Police Control room and BPO industry, Mr. Reddy said that theres a lot department can learn from BPO industry to better manage the operations. He gave 3 points of focus :
a. People : to be trained for soft skills and working with more efficiency.
b. Process : Redifine process to better manage the control romm operations &
c. Technology : to facilitalte the People to execute porcesses and operations more effectively and efficiently.

2. Effectively chanellising the information gathered from Control room to the task forces which work on the actual sight of incidents.
a. Improvements in Response time
b. Exploit the information effectively
c. Use of digital gadgets like GPS, digital Maps etc.

3. Data Mining. Department has huge data and it is ever increasing. Finding relevant information is the biggest challange. Departments is in need of appropriate technology/tools to improve their data mining capabilities.

4. Use of CCTV and Video Analytics in real time to proactively controll the incidnets and improve response time.
He said currently CCTV is used in responsive manner. Department needs technology which can analyse the videos and generate alerts/inform control room in real time.

5. Modern Cyberforensic Lab, tools and Expertise. With the current state, Cyber crime cell takes good amount of time to solve the cases. With enhanced tools and expetise there is good scope to minimize the turn around time.

6. Citizen Advisory : Stressing on Prevention, Mr. Reddy said its higly improtant to make citizens aware of threats on net. Awareness is a good way to fight cyber crime.

The IT Icon of Pune – Depak Shikarpur:

Deepak Shikarpur had mentioned said

“In my child hood I saw two films back 2 back Pandu Havaldar and James Bond. and had thought when will our Pandu Havaldar will become James Bond? And Im pleased to tell that with the modernisition, technology and the new outlook of these dedicated cops, Yes we feel that our cops are no less then James Bond”.

<Yes Sir!!! we all agree with you on that>.

The Chief – Dr. Satya Pal Singh :

Addressing the COPTech Forum Dr. Satya Pal Singh read out another lottery mail which he recieved on his black berry and challanged the corporates to come up with better SPAM filters.

“Its like a marriage of Police Department and Technology. And the relation is dominated by the stronger party. The technology is stronger party and hence department has taken up this challange to make better use of technology and work in smart, effective and efficient manner.”

He also made an early announcement of a new modern Forensic lab in Pune which will be probably best in the country

<Tentative date of official inauguration is 7th Oct. but department is yet to find some chief guest to inaugurate it>

Vote of Thanks :
Mr. Tungar thanked the Corporates, Dignities and NULL members present for the Meet.

We null members had a good long discussions with Mr.Tungar on their day today challanges, non-cooperation, loose operations of IT and Telecom industry etc.  He also discussed a famous case where a person was victim of digital evidences which were against him and how they solved the case based on their experience with humans and not with machine. We had a great time with him.

With sips of coffe, crackles of wafers and sweetness of Gulabjaumns, we were indulged in networking with many other eminent IT personalities present at Cop-Tech.

It was a great event. We were amazed by the humbleness of Police department and there drive to achieve technical excellence right from operations to dealing politely with tax payers.

Dr. Satyapal Singh told

“Control room daily recieves thousands of calls. 75% of which are irrevelent, miss guiding or just to ask some lame address. But still would like our force to work under cool and improve on their soft skills.”

Obviously this event has increased my respect for Police force and has motivited me (rather all nulls) to contribute in this drive called COP-Tech…

Enjoy,

~Ajit

Introduction to vulnerability research

// September 2nd, 2009 // No Comments » // Blog

I often get asked by many people on how we discover new vulnerabilities or code exploits. So, finally I decided to spend some time and make a small tutorial on what vulnerability research is all about. Well, it’s not a tutorial as such, more of an introduction. But I have covered all aspects of it – right from discovery to exploit creation process. I have made this three part series on discovering ActiveX vulnerability using fuzzing. This tutorial could serve as good “jump start” to all the folks looking to get into Fuzzing and vulnerability research.

Discovering ActiveX Vulnerabilities — Part 1 [ Introduction ]
Discovering ActiveX Vulnerabilities — Part 2 [ Fuzzing ]
Discovering ActiveX Vulnerabilities — Part 3 [ The Exploit ]

njoy,

~DaH4ckeR

World’s slimmest TCP port scanner – By @

// July 30th, 2009 // No Comments » // Blog

Ok, the name is a pun on Titan’s watch and is something that is an outcome of a really cool bash feature which I’ll be discussing. Bash provides a way to create a TCP connection or send UDP packets to a host on  a given port, the cool thing is that you don’t have to rely on other scripting languages or programs for creating sockets/network connections when writing a shell script. Using this feature one can write simple to complex network utilities/scripts (a sigh of relief for scriptters if that is that a word ).
NOTE: This is a bash provided feature(if it is compiled with –enable-net-redirections option) and has nothing to do with /dev Devices.

Using these sockets/connections is as simple as accessing a file which is inline with the unix philosophy. All you need to do is to read/write to files of the form:

/dev/<protocol>/<host>/<port>

where, <protocol> = tcp | udp
<host> = hostname | IP
<port> = port number.

For example, lets say you want to send a custom payload to a web server, you can do it with the following command:

$echo -en “HEAD / HTTP/1.0\r\n\r\n”  > /dev/tcp/example.com/80

You won’t get anything in return for obvious reasons(no read!). Now you’ll say what good can this be. Well, you can assign it a fd and read and write to that fd if your script is a network interactive one and expects some data in response.

Example commands:
# 15 is just random fd that I chose, you can choose any fd number you like.

$exec 15<> /dev/tcp/example.com/80
$echo -en “HEAD / HTTP/1.1\r\nhost: example.com\r\n\r\n” >&15
$cat <&15
HTTP/1.1 302 Found
Date: Thu, 30 Jul 2009 21:56:37 GMT
Server: Apache
Location: https://example.com:443/
Connection: close
Content-Type: text/html; charset=iso-8859-1

Finally, time for the slimmest TCP port scanner:

#!/bin/sh
# Usage:>$tcpscan.sh <host> <start_port> <end_port>

for p in `seq $2 $3`;do  (echo “foo” > /dev/tcp/$1/$p) &> /dev/null ; RET=$?; if [ $RET -eq 0 ]; then echo “$p/tcp open”; fi; done

I know it looks ugly , no sanity checks etc, had to keep it slim you know…
Tell me when u use it in your shell scripts.

Morro is coming… (Ajit Hatti)

// June 20th, 2009 // 2 Comments » // Blog

I have always been saying that “The best things in the world are for free ….fresh air, sunlight, friends, Linux……”

Here is some free stuff from Microsoft (not joking ), but whether it will be best, Im doubtful. After Windows Defender which is a free Anti-Mal-ware from Microsoft, it is now coming up with a new single step security solution for Windows users, code named Morro. Morro is to succeed One Care, the paid version of Microsoft’s security offering.

(Surprisingly not many people know about Windows Defender. One of the obvious reason is failure of Vista which has built in Windows Defender. And majority of people are using XP, who need to download Windows Defender, are still using third party A/V)

As we are approaching the Beta Release of Morro I have some interesting doubts/points :

1. So lately Microsoft has agreed that people out there need a “Good and Free” security solution on the problem which they have created. The question is: Morro is out of social responsibility or Microsoft’s strategy to throw antivirus giants out of market?

2. It seems Morro will be available to download and not be bundled with future Windows releases. I guess the focus is to provide the service only to the licenced users (In india many of us use pirated Windows and licenced Antivirus , so does that mean no Morro for many of us?)

3. How good Morro will be in terms of effectiveness and resource efficiency? As far the Microsoft’s image goes, experts dont rule out the possibility of security issues with Microsoft’s security products too (now this will get more interesting Microsoft releasing patches for Morro every patch Tuesdays ). And also the user experience and system performance will be another good thing to watch out for.

4. With Morro (coming for Free) it should enhance Windows reputation as a secure OS. I know many people saying no to Windows and using Linux just for security reasons and to avoid all ‘Anit’ craps. Will Morro help Windows fight Linux in the long term race?

Lets wait and watch till Morro (Beta) is released and thoroughly grilled by users…… Let me know what you guys feel about Microsoft’s Morro move.

~Ajit Hatti

(adh@null.co.in)

Web threats ..a new wave! – by Hemanshu

// June 17th, 2009 // No Comments » // Blog

Today omnipresence of internet makes your browser the favorite attack vector for bad guys. Initially content filtering solutions (think websense) looked effective in curbing malicious website, but of recent there has been a new revival in the malicious websites and what is interesting is more and more legitimate websites are getting infected(msn canda , nitie ,Bank-of-India). Once a legitimate site starts distributing malware or is compromised there is little your web filtering solution or firewall could do about it. To add to injury attackers have now turned to obfuscate the attack payload to evade any security apparatus like IPS in place. Javascript looks like to be the tool of choice; its universally supported in all browsers (and in pdfs too..but that’s again a long story). Known attacks like Gumbler have started leveraging obfuscation an excellent description is here. These obfuscations make it very hard for signature based security engine to confidently detect and attack.

I have never been a fan of signature matching solutions, they are dumb and reactive and would always do more false positive than a DPI based solution. Robert Graham does a nice analysis here .

And things are only gonna get more interesting from here. Think of a payload which do a Javascript ? VbScript ? Javascript transformation. JavaScript are just the beginning, browsers are becoming the next platforms, with every universal plugin will brings newer threats with it ( Java Applets, Flash, third party plugin).

The need of the hour is to develop more heuristic and context aware engines. Solving this problem at the network is gonna be a challenge , instead of perimeter; proxy could be a more suitable carrier (as latency is only to the web requests, in case of IPS the latency is added to the whole network). but nothing could do it faster than a end point solution (And please I am not talking the stupid Anti Virus!)