I)ruid, C˛ISSP

druid (@) caughq (.) org ( GPG Key )
602.466.6006 x2600


IRC: FreeNode: I}ruid
IRC: EFNet: I}ruid
SILC: CompSec: I)ruid


An Analysis of VoIP Steganography Research Efforts

Abstract: An analysis of various research efforts within the discipline of steganography dated between 2003 and July 2007, specifically targeted at Voice-over-IP as cover-medium, was peformed. Within each individual effort's analysis, deficiencies in the authors' understanding of the dicipline, their paper's theories, reference implementation or proofs of concept, and/or hurdles to applicability are detailed.

2024.06 - Unreleased

Context-keyed Payload Encoding

Abstract: A common goal of payload encoders is to evade a third-party detection mechanism which is actively observing the attack traffic somewhere along the route from an attacker to target application, filtering on commonly used payload instructions. More often than not, however, payload encoders are easily detected themselves and either decoded or blocked. Even so-called keyed encoders utilize easily observable, recoverable, or guessable key values in their encoding algorithm, thus making decoding on-the-fly trivial once the encoding algorithm is identified. It is feasible that an active observer may exploit the inherent functionality of the decoder stub to decode a suspected exploit's payload in a sandbox environment in order to inspect the contents of that payload and make a control decision about the traffic. This paper presents a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic, however, should be unable to decode the payload due to lack of the contextual keying information.

2024.06 - Most Recent Local Document
2008.01 - Uninformed Journal Vol 9

Metasploit Framework Telephony

Abstract: An important attack vector missing in many penetration testing and attack tools available today is the tried-and-true telephony dialup. With the recent surge in popularity of VoIP connectivity, accessing such attack vectors has become both cheap and easy. Using the new Metasploit telephony components, users are now able to both scan for and dial up directly to telephony-accessible exploitation targets.

2024.06 - Most Recent Local Document
2009.07 - BlackHat USA 2009

Mnemonic Password Formulas

Abstract: The information technology landscape is cluttered with large numbers of information systems, many of which have their own individual authentication systems. Even with single-sign-on and multi-system authentication mechanisms, systems within disparate authentication domains are likely to be accessed by users of various levels of involvement with the landscape as a whole. Due to this inherent complexity and abundance of varying authentication requirements, users must manage volumes of password credentials for all of the systems that they interface with regularly. This has given rise to many different insecurities resulting from poor methods of password selection and management. This paper describes some security issues facing users and management of authentication systems that involve passwords, further discusses current approaches to mitigating those issues, and then finally introduces a new method for password recall and management termed Mnemonic Password Formulas.

2024.06 - Most Recent Local Document
2007.05 - Uninformed Journal Vol 7

Real-time Steganography with RTP

Abstract: Real-time Transfer Protocol (RTP) is used almost ubiquitously by Voice over IP technologies to provide an audio channel for calls. As such, it provides ample opportunity for creation of a covert communications channel due to it's very nature and use in implementation. While use of steganographic techniques with various audio cover-mediums has been extensively researched, most applications of such have been limited to audio cover-medium of a static nature such as WAV or MP3 file audio data. This paper details common techniques for use of steganography with auido data cover-medium, outlines the problem issues that arise when attempting to use these techniques to establish a full-duplex communications channel using audio data transmitted via an unreliable streaming protocol, and finally documents solutions to these problems as well as a reference implementation entitled SteganRTP.

2024.06 - Most Recent Local Document
2007.09 - Uninformed Journal Vol 8

Simulating Distributed Denial-of-Service Attacks with BreakingPoint

Abstract: This paper and the accompanying test cases are intended to illustrate how the BreakingPoint products can be used to simulate Distributed Denial-of-Service (DDoS) attacks using some of the product's various components.

2024.06 - Most Recent Local Document
2024.06 - Most Recent Local Document with Materials
2009.04 - BreakingPoint Systems Paper
2009.04 - BreakingPoint Systems Paper with Materials

Thursday June 13, 2024