Looks like Vodaphone considered having a telnet server running as a backdoor in the initial reporting by Bloomberg. All the same though, using Huawei devices as infrastructure of a 5G cellular network gives another nation state access to some potentially sensitive data and they would have the ability to remotely tamper with it. As more and more people rely on high speed cellular networks this is still a bad idea!
Someone posted this video on one of the Slack workspaces that I’m on. It was really informative on the techniques used and where the current state of the art quantum computers currently are. The good news is current quantum computers don’t have enough quantum memory to break large primes, however I wonder if there’s such a thing as Moore’s Law for quantum computing in which case the Internet will be in big trouble in just a few years.
While Huawei has made promises that they have removed all the backdoors found by Vodafone, how about firmware updates and security updates that Vodaphone and other major carriers need to keep the network up to date. Are they going to have a manual review process? Blindly assume the updates don’t re-introduce a backdoor? Seems like risky business!
I found this tutorial on using recon-ng, which is a tool used for pentesters for gathing open source intelligence (OSINT) about an individual or a company. It features a Metasploit-like interface and has the ability to crawl social networks, Google, WHOIS databases, etc to collect information about a company, it’s employees, it’s domains, etc.
While I was browsing Twitter today, I found an interesting open source effort which is a PowerShell module that will make the box into a SOCKv4 and v5 proxy server. I have forked the repo and you can find it here:
This YouTube video is titled “Lightening fast CTF solving – Automatic Exploit Generation & Side Channel Analysis” was sent to me by Sketch from this year’s BSides DC. It shows how to automate exploitation for stack overflows and format string vulnerabilities and the tool suite is built on top of the “angr” framework, Intel’s Pin framework and the “pwntools” package for Python. At the tail end of the video he actually applies this tool suite against a NETGEAR SOHO router which not only finds the vulnerability but will actually exploit it remotely and discusses how it can be used to identify and exploit these vulnerabilities in IoT devices.
This week at the RSA Conference held in San Diego, CA they had a panel that discussed the five most dangerous attacks and how to defend against them. The panel included Ed Skoudis who’s hailed as the best penetration tester in the country and is a SANS Institute Fellow.