Text-based CAPTCHA Strengths and Weaknesses
Based on sucessfull attacks on 13 of the most popular captchas schemes
we show how to attack text-based captchas and provide guidelines on how to design secure ones.
@CCS 2011
medias:2
Offensive technologies research
Sort by:
Articles, softwares and blog posts related to offensive technologies
captcha
embedded devices
Towards Secure Embedded Web Interfaces
We audited the security of more than 30 embedded devices web interfaces
and found more than 50 vulnerabilities. To help developers, we have developed WebDroid
the first framework specifically dedicated to build secure embedded WebApp.
@Usenix Security 2011
medias:2
video game
OpenConflict Preventing Real Time Map Hacks in Online Games
We show how to perform memory based attack against real-strategy games
using our tool Kartograph to create map-hack. To defend against theses attacks
we develop secure protocols for distributing game state among players so that each client
only has the data he is allowed to see.
@S&P 2011
medias:3
captcha
The Failure of Noise-Based Non-Continuous Audio Captchas
We show how using a generic approach, based on advanced audio processing and machine learning
algorithm, our captcha breaker "Decaptcha" is able to break all the popular audio CAPTCHA schemes,
including Microsoft and Yahoo.
@S&P 2011
medias:2
web security
An Analysis of Private Browsing Modes in Modern Browsers
We analyze how each of the major browser implements the private browsing mode
and show their limitations and describe attacks against them.
We also measure on which kind of website people use the private browsing mode.
@Usenix Security 2010
medias:2
embedded devices
The emergence of cross channel scripting
We reveal a series of attacks against embedded devices based on a new type of
vulnerability that we call cross channel scripting (XCS). XCS is a sophisticated form of cross site
scripting (XSS) in which the attack injection and execution are carried out via different protocols.
@CACM Journal Volume 53 Number 8 2010
forensic
Recovering Windows Secrets and EFS Certificates Offline
Based on our reverse-engineering
we show how DPAPI, the Windows API for safe data storage on disk work.
Our analysis reveals that it is possible to recover all previous passwords
used by any user on a system. We have implemented DPAPI data decryption
and previous password extraction in a free and open-source tool called DPAPIck.
@WOOT 2010
medias:2
clickjacking
Framing Attacks on Smartphones Dumb Routers and Social Sites Tap-jacking Geo-localization and Framing Leak Attacks
We show that phone features makes Tap-jacking easier.
We explain how to exploit router web interface to steal WiFi network WPA key and location.
Finally we demonstrate how to exploit the frame scrolling attack
to attack Facebook frame busting defense and leak private information
from Yahoo mobile webmail.
@WOOT 2010
medias:2
clickjacking
Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites
We study frame busting defense for the Alexa Top-500 sites
and show that all can be broken.
Some attacks are browser-specific, other exploit code mistakes.
We conclude with practical recommendations how to implement a secure frame busting defense.
@W2SP 2010
medias:2
embedded devices
XCS cross channel scripting and its impact on web applications
We reveal a series of attacks against embedded devices based
on a new type of vulnerability that we call cross channel scripting (XCS).
XCS is a sophisticated form of cross site scripting (XSS) in which the attack injection
and execution are carried out via different protocols.
@CCS 2009
medias:2
captcha
Decaptcha Breaking 75% of eBay Audio CAPTCHAs
This paper shows how Decpatcha is able to break eBay captchas with 75% accuracy.
We show that using a custom breaker (75%) greatly out-perform state of art speech recognition system (1%)
@WoOT 2009
medias:2
forensic
Beyond files recovery OWADE cloud-based forensic
We present how to by pass offline the 4 layers of Windows encryption
that protect web credentials and instant messengers credentials.
We explain how to extract the sensitive data stored by the four major web browsers
and the most popular instant messengers softwares such as Skype and Live messenger.
@BlackHat USA 2011
medias:2
video game
Kartograph
We present Kartograph our memory analyzer
designed to perform live memory attacks against various games.
We demonstrate how to use Kartograph to create undetectable map-hacks against various populars
RTS such as Civ 4, Warcraft 3 and Supreme commander 2 in a matter of minutes.
@Defcon 18 2010
medias:4
web security
Bad Memories
We demonstrate how to steal a WiFi network WPA key and location
by attacking the router web interface.
Then we show how to bypass SSL warning on Internet Explorer and Firefox to perform HTTPS cache
injection attacks. Finally we show how to perform various advanced click-jacking attacks
on browser and phones (tapjacking).
@BlackHat USA / Defcon 2010
medias:5
forensic
Reversing DPAPI and Stealing Windows Secrets Offline
We show how DPAPI, the Windows API for safe data storage on disk work.
Our analysis reveals that it is possible to recover all previous passwords used by any user
on a system. We have implemented DPAPI data decryption and previous password extraction
in a free and open-source tool called DPAPIck.
@BlackHat DC 2010
medias:2
embedded devices
Embedded Management Interfaces Emerging Massive Insecurity
@BlackHat USA 09 2009
medias:2
forensic
OWADE Offline Windows Analysis and Data Extraction
OWADE is the first open source tool dedicated to cloud forensics.
2011
medias:2
forensic
DPAPIck
DPAPIck is a forensic tool designed to recover offline the data encrypted using DPAPI (Data Protection API).
2010
medias:2