Vulnerabilities

I Own Your Building (Management System)

by

Acrobat I Own Your Building (Management System)
Author/Researcher: Gjoko Krstic & Sipke Mellema
Source: https://applied-risk.com

Introduction: Not many people have noticed that the modern buildings have changed into industrial control systems. By embedding IP-based technologies throughout the buildings and by connecting sensors, controllers and supervisory software, building owners enjoy a low-cost management of their assets, with minimal staffing. Building Management Systems (BMS) monitor and control a building’s internal environment. They are used in various sectors, such as commercial, banking, industrial, medical, and even residential.

Unfortunately, it is observed that these panels are often accessible from the Internet, enabling also malicious parties to access the administrator’s dashboard. Multiple deployments of BMS solutions remain susceptible to basic cyber security
attacks, such as command injection, file uploads or privilege escalation. The execution of these attacks enables an unauthenticated attacker to access and manipulate doors, elevators, air-conditioning systems, cameras, boilers, lights, safety alarm systems in an entire building. Read More

Of Hacks & Keyloggers – Part 1

by

Of Hacks & Keyloggers…!!! “I don’t know what happened!; I don’t remember visiting any dodgy websites, downloading any weird apps, opening any suspicious emails or attachments, let alone links!, why I am receiving these sms & email notifications from my Bank!?!?” Sounds familiar right? Come to think of it, in most cases the unsuspecting victim is being honest. That being said, I just remembered something; a previous write up revolving around one of the methods used to carry out this type of attack. It can happen to anyone, in fact I was once a victim!

 

 

What is a keylogger? 

Read more

Windows XP Hack

by

uTorrent RemoteWe sat, had a few drinks, he told me he had a couple of Open Source Projects he was working on and also described the technologies he had implemented to get one of his projects going. “Wait! Do these things actually exist?!” I asked… “Yes they do!”, he replied. Okay, I think I am going a little bit fast here; It all started when I was having a chat with one of my associates (long time close associate to be exact), he was telling me how excited he was to have spent the last couple of months investing in learning and implementing Open Source based Server Solutions. Most of his projects initially started / start off by him downloading a couple of Linux based software(s) (.iso images) in the form of torrents from Distrowatch using his TorrentBox. “What did you say, TorrentBox?” I asked, “Wait! Do these things actually exist?!” I asked (again (without even giving him the chance to answer))… “Yes they do!”, he replied. My questions or reasoning didn’t seem to move him, neither did his projects (as a whole)! His major concern was

Read more