Make your Cloud with Subutai - Preview

Dear readers,

The time to plan your holidays, new journeys, and new adventures are finally here, let's welcome the summer time together! Today we would like to present you the newest issue of Hakin9 Magazine.  

Cryptocurrencies and blockchain technologies have become a very important part of the cyber security field. If you want to learn more about them, we highly recommend an article by Maurício Harley “Make your Cloud with Subutai”. For those of you that would like to first learn the basics about blockchain, Amine Amhoume has prepared an article that will introduce you to the topic.

If you have enough of the blockchain information, we have plenty of other articles that hopefully will catch your interest. During the Confidence Conference in Cracow, Poland, Thomas Fischer gave a workshop and a talk  about open source based car hacking tools and how to jump start for car hacking. If you are looking for a hands-on approach to this topic, you can’t miss this article.

We also have two pieces related to malware. The first one is written by Munir Njiru, in his article you will find the most important information about malware analysis, and two main methods related to it, as well as some samples. The second one “Cloud Services as a Communication Channel between C&C and Malware” by German Namestnikov, a red teamer, discusses covert communication channels between an attacker and his malware, and presents some common ways to evade network protection.

Our long term authors Prasenjit Kanti Paul and Soumen Maitra, wrote about the CSRF attack, and its history. From this article you will learn about the origin of the attack and how to perform it.

Petter Anderson Lopes will demonstrate the main steps to perform reverse engineering and tampering in DOT NET projects. It’s a step by step guide with some advanced techniques.

If you are looking for information about anonymity on the web, Neel Vishwakarma wrote an article just for you. You will find an overview of many possible ways to remain anonymous on the internet.

“Phishing: Techniques, Defenses, and Future Trends” by Jacob Bell focused on presenting the major types of phishing by examining how they work and why they succeed.

For mobile enthusiasts we have an article by Loay Abdelrazek, creator of SigPloit tool and one of our returning authors. This time we wanted to focus on user privacy leakage on the GSM broadcast channel. In the article he presents an experimental analysis of the subscriber’s privacy in cellular networks and in particular of the network initiated IMSI paging procedure.

We hope you will enjoy all of it.

We would also like to thank you for all your support. We appreciate it a lot. If you like this publication, you can share it and tell your friends about it! Every comment means a lot to us.

Enjoy your reading,

Hakin9 Magazine

Editorial Team

>>If you want to buy this magazine click here <<

>>If you are a subscriber, download your magazine here<<

>>TABLE OF CONTENTS<<

Cloud Services as a Communication Channel between C&C and Malware

by German Namestnikov

Today we are going to talk about covert communication channels between an attacker and his malware, discuss some common ways to evade network protection and leverage cloud services in this direction.

User Privacy Leakage on the GSM Broadcast Channel

by Loay Abdelrazek

In this article, we present an experimental analysis of the subscriber’s privacy in cellular networks and in particular of the network initiated IMSI paging procedure. Different from active IMSI catchers, where they require to act as a rogue mobile tower, our methodology is in the passive mode. The passive mode IMSI catching attack, highlights an uncomplicated attack that can be performed to compromise subscriber’s privacy. The paper highlights deficiencies in the operator’s configuration and design.

Surfing on your CAN-Bus

Open Source based car-hacking tools and your jump start cable for car hacking

by Thomas Fischer

Let’s start car-hacking by yourself. In this article, I will give you an introduction to this topic and I will provide some jump start cables for you to build your own car-hacking lab. This part will give you some context about modern car-networks. You will get a condensed introduction into the world of the CAN-Bus and its history. Later in this article, we will be focused on some of the available devices for car-hacking and for what purpose you should take which device. This article is based on the talk and the workshop the author gave at the Confidence 2018 in Krakow.

Make your Cloud with Subutai

by Maurício Harley

This article is about Subutai, a distributed, peer-to-peer open source cloud computing platform with the purpose to give the power of cloud to anyone, without the need to pay a provider. Then, the main idea is to disrupt the traditional public cloud model, that dictates a provider holding all computing, storage and network resources and billing you for them.

Malware Analysis

by Munir Njiru

Dynamic analysis opens malware in execution state and is usually a more efficient approach to analyzing malware that has a bit of sophistication where the replicator and bomb are usually hidden behind a concealer that deconstructs itself at runtime. A good example of malware that would have this as the most applicable method would be metaPHOR or blackbat.

A Brief History of CSRF

by Prasenjit Kanti Paul & Soumen Maitra

On October 4, 2005, the cyber world witnessed its fastest spreading worm of all time called the samy virus that was designed to propagate across the MySpace social-networking site, written by Samy Kamkar. Within just 20 hours of its release, over one million users had run the payload that displayed the string "but most of all, samy is my hero" on a victim's MySpace profile and sent Samy a friend request. This worm is well known as one of the first Cross-Site Scripting (XSS) worms in history that uses Cross Site Request Forgery (CSRF) for its replication. Sounds cool, doesn’t it?

Reversing Code Injection for Tampering in DOT NET

by Petter Anderson Lopes

The present article aims to demonstrate the main steps to perform a reverse and tampering in DOT NET project. The reverse engineering technique can be applied in several areas, not only in software, because its purpose is to present to the one who is carrying out the process, the final result in its construction. Applied in software, such as malware analysis, reverse engineering is the process that involves decompiling the binary code into an assembly language, or even the language in which the program was written. This article will deal exclusively with reverse engineering and tampering with code developed on the .NET platform. Like other globally known languages, .NET is based on a virtual machine platform, that is, although it is compiled, the code is interpreted based on a framework where it is possible to use several programming languages like VB .NET, C # .NET, F # .NET, and so on.

Anonymity on the web

by Neel Vishwakarma

Since the release of Yik Yak in 2013, it has caused chaos among student communities, with numerous posts that included threats, slander and racial slurs. Now, apps like Snapchat and Voxox are trending among teens. Trolling is the single strongest argument against anonymity for public. Most of the internet cases that affect people and their day to day lives have some form of trolling involved. You can easily see small examples of trolling on the internet. Just look at the comments section of any YouTube video and you will find a comment that is completely unrelated to the content of the video, posted with an intention to pick a fight.

Phishing: Techniques, Defenses, and Future Trends

by Jacob Bell

Phishing attacks have gained increased attention in recent years for their success at stealing the information of unsuspecting victims. These invasions have impacted both individuals and organizations alike and are becoming more severe each year. This paper will focus on the major types of phishing by examining how they work and why they succeed. Attention will also be given to countermeasures that are effective at blocking/mitigating phishing attacks. The paper will conclude with a discussion on the trends surrounding phishing, which will center on how attacks are evolving and what new defenses may be needed to counteract the consequences of future phishing invasions.

Blockchain Technology and the Future Transactions

by Amine Amhoume

The internet has served the human being for a really long time. It connected the whole world and it inspired various geniuses to invent new technologies. As for every era, this era has a lot of new inventions to offer, from the Internet of Things (IoT) and Artificial Intelligence (AI) to Blockchain technology and so on. The latest is what appears to be the revolution of future transactions in the forthcoming decades.