Forwarded from Private Shizo
0% Privacy
Decompiled_by_RetDec.c
1.6 MB
💥Decompiled TriangleDB implant
❤6👍3
Workshop_TOR.pdf
10.1 MB
🧅Презентация с моего выступления на Osint Workshop V "Идентификация владельцев луковичных ресурсов".
from North Palmyra with love
#Osint_report #NorthPalmyra #SIGINT #tor #deanonymization #WF #ML #expoitation #SCA #browser #firefox
from North Palmyra with love
#Osint_report #NorthPalmyra #SIGINT #tor #deanonymization #WF #ML #expoitation #SCA #browser #firefox
🔥9👍4
Forwarded from Private Shizo
bayes.py
6.7 KB
💥Exploiting Noisy Oracles with Bayesian Inference
"In this post, we’ll look at how to deal with noisy oracles, and how to mount attacks using them. The specific cases considered will be MAC validation and PKCS7 padding validation, two common cases where non-constant-time code can lead to dramatic attacks. However, the techniques discussed can be adapted to other contexts as well."
🔖Test script which defines this class and uses it to run a padding oracle attack here
"In this post, we’ll look at how to deal with noisy oracles, and how to mount attacks using them. The specific cases considered will be MAC validation and PKCS7 padding validation, two common cases where non-constant-time code can lead to dramatic attacks. However, the techniques discussed can be adapted to other contexts as well."
🔖Test script which defines this class and uses it to run a padding oracle attack here
👍3
|Webtunnel|
🧅Все те, кто хотел пощупать HPTTPT(репа на гитхабе) в связке с луковичной маршрутизацией(конкретно для Tor-мостов), наконец вышло пригодная для использования версия Webtunnel. Webtunnel - это PT(pluggable transport) для мостов Tor, который основывается на HTTPT(прокси-сервер, помогает при обходе цензуры при помощи повсеместного распространения протокола HTTPS, помогая сливаться с "обычным" интернет-трафиком). То есть, для противостояния цензуры происходит имитация HTTPS-трафика. Важно заметить, что на одном IP-адресе, можно поднять сразу и WebTunnel и extor-static-cookie и Snowflake и остальные PTs, то есть ничто не мешает сразу у себя держать и Snowflake и WebTunnel.
🧅All those who wanted to feel HPTTPT(github repo) in conjunction with onion routing (specifically for Tor bridges), finally came out a usable version of Webtunnel. Webtunnel is a PT (pluggable transport) for Tor bridges, which is based on HTTPT (a proxy server that helps in circumventing censorship with the ubiquity of the HTTPS protocol, helping to merge with "normal" Internet traffic). That is, to counter censorship, HTTPS traffic is simulated. It is important to note that on the same IP address, you can immediately raise both WebTunnel and extor-static-cookie and Snowflake and the rest of the PTs, that is, nothing prevents you from keeping both Snowflake and WebTunnel at once.
#anonymity #Anti_Censorship #Tor #PT #bridge #HTTPT #HTTPS #Replay_Attack_Protection #ProbeResistant_Proxies
🧅Все те, кто хотел пощупать HPTTPT(репа на гитхабе) в связке с луковичной маршрутизацией(конкретно для Tor-мостов), наконец вышло пригодная для использования версия Webtunnel. Webtunnel - это PT(pluggable transport) для мостов Tor, который основывается на HTTPT(прокси-сервер, помогает при обходе цензуры при помощи повсеместного распространения протокола HTTPS, помогая сливаться с "обычным" интернет-трафиком). То есть, для противостояния цензуры происходит имитация HTTPS-трафика. Важно заметить, что на одном IP-адресе, можно поднять сразу и WebTunnel и extor-static-cookie и Snowflake и остальные PTs, то есть ничто не мешает сразу у себя держать и Snowflake и WebTunnel.
🧅All those who wanted to feel HPTTPT(github repo) in conjunction with onion routing (specifically for Tor bridges), finally came out a usable version of Webtunnel. Webtunnel is a PT (pluggable transport) for Tor bridges, which is based on HTTPT (a proxy server that helps in circumventing censorship with the ubiquity of the HTTPS protocol, helping to merge with "normal" Internet traffic). That is, to counter censorship, HTTPS traffic is simulated. It is important to note that on the same IP address, you can immediately raise both WebTunnel and extor-static-cookie and Snowflake and the rest of the PTs, that is, nothing prevents you from keeping both Snowflake and WebTunnel at once.
#anonymity #Anti_Censorship #Tor #PT #bridge #HTTPT #HTTPS #Replay_Attack_Protection #ProbeResistant_Proxies
👍3
HTTPT.pdf
196.9 KB
🌐HTTPT: A Probe-Resistant Proxy
#anonymity #Anti_Censorship #HTTPT #HTTPS #Replay_Attack_Protection #ProbeResistant_Proxies
#anonymity #Anti_Censorship #HTTPT #HTTPS #Replay_Attack_Protection #ProbeResistant_Proxies
👍4
Forwarded from Private Shizo
🔥BlueTrust, goodbye to Bluetooth privacy
BlueTrust is a new Bluetooth attack technique developed by Tarlogic that allows to determine which devices have been previously paired and if they still maintain a trusted relationship. It arises from an evolution of the BIAS and KNOB attacks.
BlueTrust leverages the ability to spoof device characteristics and bypass the authentication phase of a connection to study the responses received to different probing messages. In this way, information about devices and their users can be inferred, such as whether a device is paired with the impersonated device. Pairing networks can be traced to determine which user each device belongs to, among other useful data.
📰Galician county Tarlogic found a security flaw in Bluetooth technology
📰‘Open’ mobile phones blocked via Bluetooth: experts from Tarlogic, a Spanish cybersecurity company, share use cases for their BlueTrust solution
📰Cybercriminals can use the bluetooth of your mobile to steal information without you knowing it.
BlueTrust is a new Bluetooth attack technique developed by Tarlogic that allows to determine which devices have been previously paired and if they still maintain a trusted relationship. It arises from an evolution of the BIAS and KNOB attacks.
BlueTrust leverages the ability to spoof device characteristics and bypass the authentication phase of a connection to study the responses received to different probing messages. In this way, information about devices and their users can be inferred, such as whether a device is paired with the impersonated device. Pairing networks can be traced to determine which user each device belongs to, among other useful data.
📰Galician county Tarlogic found a security flaw in Bluetooth technology
📰‘Open’ mobile phones blocked via Bluetooth: experts from Tarlogic, a Spanish cybersecurity company, share use cases for their BlueTrust solution
📰Cybercriminals can use the bluetooth of your mobile to steal information without you knowing it.
👍4❤1