Archive for October, 2008

Making a Linux Ramdisk

Posted: October 30, 2008 in kd-team archive, papers
Tags: , ,

Archive article from the old KD-Team website. Explains how to create a linux ramdisk.

download

A archive article from the old website. We pull a technical joke on a colleague of ours.

(more…)

So you got your harddisks encrypted and feel totally secure? Think again.

Investigators have got some nifty devices which are capable of moving your pc without disconnecting it. Effectively bypassing FDE/WDE encryption if you are not used to lock your computer. Although locking doesn’t seem to be the answer nowadays with all those firewire hacks. So what’s left to do?

First of all disable firewire and make sure you always lock your pc. In the strange case that you do not lock your pc I made some easy yet (this hasn’t been tested in a real life situation) effective code to frustrate the investigator. This is just some quick POC (forgive me the messy code) I wrote. In a lab environment this works, so don’t blaim me if this doesn’t work in a real life situation.

(more…)

This idea popped in my head a while back and is still on my todo list (note: my todo list never shrinks). The following context/problem applies.

Suppose you want to steal information but the server you want to backdoor has got all ports ip restricted on an application level. Like a IIS instance which restricts users based on their ip address. How could this be bypassed without adjusting the IIS configuration or using a complicated rootkit. I thought of the following (note: this can also be implemented in ring0):

(more…)

Trusting Java Applets

Posted: October 28, 2008 in security
Tags: , , , ,

It’s been blogged before but oh well I always learn by example so here is an example. The thing I’m talking about is trusting signed java applets. In short when you trust a java applet it can do whatever it wants. So what could you do with a java applet? The java source code will steal your mac address, rather useless but it serves the example purpose good enough. The stolen mac address get’s submitted to a page in this case it will be google which will look like this:

(more…)

Old Papers and Tools

Posted: October 28, 2008 in kd-team archive
Tags: , , ,

Please bare with me, english is not my native language and I am way to lazy to rewrite old papers and tools. So I hope you can all forgive me for that.

I promise that I will try and write better english from now on.

ARP Poisoning

Posted: October 28, 2008 in kd-team archive, papers
Tags: , , , ,

Arp poisoning explained.

Download