Sunday, September 10, 2017

Dolphin Ultrasonic Commands Voice Assistance


A newly issued report makes me wonder whether a Dog Whistle could issue commands to voice assistance devices?  Dolphin ultrasonic audio, not within human hearing range, can issue commands to voice assistance Amazon, Apple and Google devices according to a news report  from the BBC - http://www.bbc.co.uk/news/technology-41188557.

The basis of the BBC report is underpinned from Chinese research that can be found here: Dolphin Attack: Inaudible Voice Commands - https://endchan.xyz/.media/50cf379143925a3926298f881d3c19ab-applicationpdf.pdf.

Tuesday, August 22, 2017

Universal Network Investigations Updates

Universal Network Investigations (at LinkedIn) is a discussion group exists to assist telecoms, cyber, forensics, information security, pen testing, and fault-finding investigations: to exchange observations and sharing 'intel' in a closed forum discussing fixed and mobile network investigations - trace data and other forms of evidence (including but not limited to PCAP, CDRs, traffic logs, exchange and switch data, cell details, dumps, etc.). Investigations can start with examining a device or network activity, so all aspects will be posted in the group.

To join - https://www.linkedin.com/groups/13536130

Group Rules:
1) Chatham House Rule applies.
2) An essential aspect of joining the Group is to participate and share knowledge, skills and experience.
3) No selling, no spamming.

Latest Posts
- Dropped phones
- Tool for the Investigator ISMS Toolbox
- Apple Secure Enclave Processer (SEP) - Hacked
- Purging Data HDD (InfoSec)
- Rack and Ruin
- When a Genuine Product is used as a Rogue Device
- GDPR
- GDPR-1
- Framework for Digital Forensic Employment KSE (knowledge, skills, experience)
- VOIP Basics (updated)

- Tool for the Investigator ISMS Toolbox
- BGP
- Cisco IOS Versions
- EIGRP
- First Hop Redundancy
- Frame Mode MPLS
- IEEE 802.11 WLAN
- IOS Interior Routing Protocols
- IOS IPv4 Access Lists
- IOS Zone Based Firewall
- IPSec
- IPv4 Multicast
- IPv6
- IS-IS
- NAT
- OSPF
- Physical Terminations
- PPP
- QoS
- RIP
- Scapy
- Spanning Tree
- TCP Dump
- VLANs
- Wireshark Display Filters
- BILL - Internet of Things IoT Cybersecurity Improvement Act
- 1995-2017 Computer Security (Information Security)
- So what does the TIMSI get me?
- Federal data collection MRMCD
- Tech Against Terrorism
- Telecommunications (Interception and Access) Act 1979 (2017) (Australia)
- 27,482 cyber security incidents reported in H1 2017
- Surveillance Drones Report
- Smartphone Cybercrime
- PSCR Network Identifiers Demonstration Guidelines
- Plan MNC
- Ping Test
- MNC Probe Metrics
- ITU-T GSM Country Codes
- IMSI Prepaid MVNO
- G42UMTS Security
- Cyber Threats to Mobile Phones
- Building Mobile Tools for Rights Defenders and Activists
- USER INVASION TESTS ON SAMSUNG GALAXY J3-6 J320FN
- UTC Document Register
- IMSI Assignment and Management Guidelines and Procedures
- Evolution in the Use of E.212 Mobile Network Codes
- 3rd Party Access to Number Portability Data
- Evolution in CLI usage
- Wrong Evidence Capture Tools
- Phone Hacks
- Multi-Traceroute (MTR) in NST
- NST
- Detecting Hidden Networks created with USB Devices
- Infrastructure - human access - fake fingerprint
- Operator 'Law Enforcement Disclosure' reporting
- Covert Tactical Measures
- NUMBERING PLAN ASSISTS TRACE
- Annual Cybersecurity Report - 2017
- Infrastructure Security Report - Worldwide
- Real Intelligence Threat Analysis (RITA)
- GSM Security Threat Risks
- Where to begin?
- RSOE EDIS Emergency and Disaster Information Service
- GSM Security Threat Risks
- NOC NOC - Fault Management and Troubleshooting
- SS7 and 2FA
- Detection in a multilayer network
- Diameter - Online Charging Systems (OCS)
- Big / Fresh / Deep - Data : Huaewi overview
- Hot technologies to know about
- ARP.pcap
- bgp.pcap
- https.pcap
- ICMP-ARP-OpenFlow1.0.pcap
- ICMP-DHCP-DNS.pcap
- Russians target Telegram App
- Wireshark
- Protocols Relevant to U-N-I
- Industrial Networks Hit By WannaCry
- IM Telegram Replay Attack - Android
- Whisper Signal WhatsApp
- Subpico Intelligent Application Layer Software
- Subpico LI with evidential integrity
- TraceWrangler
- old_GUTI_IMSI_Critical_Reject (updated)

Saturday, August 12, 2017

Field Project Investigations

Conducting a technology review/audit prior to commencing field projects is an important task in order to understand the 'technology estate' owned and/or operated by an organisation. It is for revelation purposes and to comprehend [legacy] technology as stand-alone or interconnected/intra-connected with [current] technology and significantly if or how legacy has been ported-over to operate via applications/software to work with current. So more information has been posted. This is for the purposes as mentioned previously dealing with cases requiring 'field project investigations' (from installs to troubleshooting). I am sharing these .pdfs because I found forensics became one of the tools to be applied during investigations and not the main tool. Knowing the background details (tech spec, set-up, logs files, install procedures, etc.) assists understand "why an artefact was there".


To read the posts - https://www.linkedin.com/groups/2436720

Latest Updates: Institute for Digital Forensics

- Windows Registry Reference
- Apple Reference Cards and iPad iOS7 Quick Guide
- USB Guide & USB Key Guide
- Hardware Configuration Dell Precision WorkStation
- Legacy DOS
- 100 Windows 8 Keyboard Shortcuts
- 100 Chrome Tips


Institute for Digital Forensics - Previous Updates

- Tron Commands
- Malware, Junkware, Virus
- Checking Implemented Security
- Backups
- Troubleshooting, Tips and Guides
- Windows NT Server Resource Reference
- Admin Tools To Know and Explained
- Corrupted Registry
- Windows Resource Kit Reference
- Fasteners
- Projects - Win 10
- Projects - Win 8
- Projects - Win 7
- Vulnerabilities in Critical Evidence Collection
- Imaging with Image-X: The Ghost Killer
- A Guide for the Forensically Sound Examination of a Macintosh Computer
- Interpol's Forensic Report on FARC Computers and Hardware
- Reducing Data Lifetime Through Secure De-allocation
- Realising - Risk Sensitive Evidence Collection
- Notes on Computer Systems and Operating Systems
- Finding Child Porn in the Workplace
- Drafting Electronic Evidence Protocols
- Data Hiding in Journaling File Systems
- Investigation of Protected Electronic Information
- Electronic Evidence: The Ten Commandments
- Electronic Evidence Best Practices
- Laws of evidence in criminal proceedings throughout the European Union
- Evaluating Commercial Counter-Forensic Software
- Hacking into computer systems
- Windows device interface security
- NSA Redacting with Confidence: How to Safely Publish Sanitized Reports
- Reproducibility of Digital Evidence
- Windows Memory Analysis
- Secure Deletion Myths
- Spoliation of Evidence
- Forensic Discovery
- VMware to boot cloned/mounted hard disk images
- Volume Serial Numbers: Format Verification Date/Time

Wednesday, July 26, 2017

Eternal Blues - SMBv1

Newspapers, TV, Radio and Internet have been full of reports about ransomware attacks WannaCry, NotPetya and so on. This short article is not going to repeat those reports but to acknowledge that there is a new FREE tool "Eternal Blues" that helps businesses and consumers to find out, at the push of a button and scan of the network, whether the access point Server Message Block (SMB) version 1 (SMBv1) to determine the enabled state of the host; thus might be vulnerable to attack. Knowing this it enables businesses and consumers to take action to close down a potential threat. As Elad Erez confirmed to trewmte blogspot:
"Please note that having the SMBv1 in use, does not mean a host is vulnerable. SMBv1 was patched by Microsoft 4 months ago. So, the tool helps you find if hosts are in one of these states:
- SMBv1 enabled, but patch not applied, therefore host is vulnerable (the riskiest scenario)
- SMBv1 enabled and patch applied, therefore host is not vulnerable (but it is still risky to keep SMBv1 enabled, even according to Microsoft)." 
 
To get a brief insight to SMBv1, here is the link to Microsoft's website discussing how to disable it:
 
To find out about Eternal Blues visit website: http://omerez.com/eternal-blues-worldwide-statistics/
 
To get this FREE tool go to Download webpage: http://omerez.com/eternalblues/
 
When running this discovery tool consumers can see an IP Address range. A really easy to follow and understandable advice can be found here: "192.168.1.0 - Private Network IP Address Notation" https://www.lifewire.com/192-168-1-0-818388
 
 
For businesses with different IP Address ranges check out, as a starting point, FAQs webpage here: http://www.faqs.org/rfcs/rfc1918.html
 
 
 
Good luck, stay safe!

Big shout out for Elad Erez (Eternal Blues) for creating this FREE tool.

Tuesday, July 25, 2017

New IPhone 7 passcode unlock tool



Obviously this is causing a bit of excitement. 

I have been keeping an eye on two websites selling this product but yet to find any customer feedback. Enquiries so far have drawn a blank response.

http://www.vipprogrammer.com/unlock-passcode-on-iphone-77-plus-crack-the-forgotten-screen-password-programmer-3638

http://myicloud.info/unlock-iphone7-plus-passcode-tool/

Interesting to see what Apple will have to say on this access method?

Sunday, July 23, 2017

USER INVASION TESTS ON SAMSUNG GALAXY J3-6 J320FN

 
Smart Switch is a useful back-up and restore tool for particular user-content on various (but not all) Samsung smartphones. To coin a phrase the program "does what it says on the tin". For general user back-up and restore of certain data it avoids the need for uploading to the cloud.
 
We've been running some tests to see if Samsung Smart Switch back-up/restore utility could be used for capturing forensic images from e.g. the J3. The program was initially checked using CFF to check the internals to find files guarded by MD5 and SHA-1:
 
 
Before forensic examinations are undertaken we ran tests as a user and purchased 3 x J3.
 
 
The J3 handsets were UK versions:
 
 
We see the US versions are compatible for use with Samsung Knox for BYOD:
 
 
This is an early evaluation, so the post is just a heads-up so you can check within your organisation/s.
 
This post is not a legal notice or  anything else.