vendredi 9 décembre 2011

[Video] – Exploit firewire access against MAC OS X

In my last paper [HACKMACOSX], I wrote a python script based on "libforensic1394" libraires to extract physical memory through firewire access.
This [video] shows you an exploitation of this script in a real scenario ...
Also, you can download this video :.avi / .m4v


jeudi 10 novembre 2011

[Net2SharePwn] - 1.0b


Net2SharePwn is an utility to check and exploit automatically the NetBIOS Network Shares available from network access points.


Question: How do you identify THE FILE containing a password to elevate your network or system privileges, when too much domains or IP addresses are present? The time is an important factor in this situation … and during penetration testing, it’s common to identify a VBS script embedding a domain administrator account password.
Answer: Net2SharePwn has been built to allow that.

Net2SharePwn is built in Python (tested on Python2.6) and can be launched only on Linux and Mac OS x platforms.

I apologize for Python coding, it doesn’t respect the best practices but I didn’t predict to publish Net2SharePwn
Net2SharePwn is perhaps developed “with my feet” but it is functional.

You can, if you want to, modify this program to adapt it for your personal usage.
Download : Readme (very important !)
Download : Net2SharePwn

vendredi 28 octobre 2011

[Net2SharePwn] – soon published ...


For Hacking of NetBIOS Network Share :)

vendredi 9 septembre 2011

mercredi 10 août 2011

[HACKMACOSX] – update 1.1



Version 1.1 of paper "HACKMACOSX", is available.
http://sud0man.blogspot.com/2011/08/hackmacosx-tips-and-tricks-for-mac-os-x.html

This version includes recommendations to secure your Mac Computer.

mercredi 3 août 2011

[HACKMACOSX] – tips and tricks for Mac OS X hack (1.1)






Download > HackMacOSX-TipsNTricks-1.1.pdf
Gs Days 2012_Presentation.pdf

EN> The objective of this document is to present a variety of fun tricks (but not necessarily an exhaustive list) to compromise the Apple Mac OS X system. I plan to update this document following further research and the publication of subsequent new tricks concerning the Mac OS X.
Please be indulgent, I’m not a security researcher and this paper was written in a few hours.
In the current version (1.1), I included the recommendations to avoid the presented hacks in this paper.

FR> L'objectif de ce document est de présenter différentes astuces connues à l'heure actuelle et permettant la compromission du système Mac OS X.
Je prévois de mettre à jour régulièrement ce document selon les résultats de mes recherches personnelles et des nouvelles astuces publiées sur Internet.
Soyez indulgent, je ne suis pas chercheur en sécurité et ce document est une première ébauche écrite seulement en quelques heures…
La prochaine version (1.1) inclue les recommandations associées aux différents Hacks présentés.

You can find also my presentation for GS Days 2012.