Spanish
English
Twitter logo Blogger logo RSS logo LinkedIn logo Google+ logo YouTube logo Vimeo logo Facebook logo

This section includes different publications, articles, presentations, projects and tools we have developed and have been involved in, due to our personal interest, or due to specific needs related to the professional services performed in our customers.


Publications



Publications released from Taddong (years 2010-2013)...



Security Advisories

DinoSec security advisories are available in our blog.


Tools

(More tools available within the DinoSec GitHub Repository)


2015-10-R1
2015-09-R2

ubertooth-install: Ubertooth installation script for Kali Linux 2.x.

iCamasu v0.42
iCamasu v0.41

iCamasu, iOS com_apple_MobileAsset_SoftwareUpdate, is a Python-based tool that parses and extracts multiple details from Apple iOS software update PLIST files: com_apple_MobileAsset_SoftwareUpdate.xml. More information at DinoSec Blog.
(iCamasu v0.42 has been tested with PLIST files up to iOS version 7.1.1).

- New in version 0.42: New options '-q', '-x' and '-X'.

iStupid v1.5
iStupid v1.0

iStupid, indescreet SSID tool (for the) unknown PNL (on) iOS devices, is a Python-based tool for Linux that allows deleting Wi-Fi network entries from the hidden PNL of Apple iOS mobile devices. For more information see the original iStupid blog post, as well as the setup & basic usage, and advanced usage.

- New in version 1.5: Multiple options for monitoring clients, creating hidden networks and launching DoS attacks, for both Android and iOS (see the changelog inside the source code).


Tools released from Taddong (years 2010-2013)...


TLSSLed v1.3
TLSSLed v1.2
TLSSLed v1.1
TLSSLed v1.0

TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the "openssl s_client" command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities. More information in our blog.

- New in version 1.3 (blog): Multiple changes and improvements both in the checks as well as in the data output (see the changelog inside the script).

- New in version 1.2 (blog): Mac OS X support, an initial check to verify if the target service speaks SSL/TLS, a few optimizations, and new tests for TLS v1.1 & v1.2 (CVE-2011-3389 aka BEAST).

- New in version 1.1 (blog): Certificate public key length, the certificate subject and issuer (CA), as well as the validity period. It also checks the existence of HTTP secure headers, such as Strict-Transport-Security and cookies with and without the "secure" flag set.

RaDa

RaDa is a small trojan binary we wrote a while ago in order to illustrate how easy it is to remotely control a system, even traversing through multiple proxies and firewalls, once the system has been infected. Besides that, RaDa was the core of the Scan of the Month #32 contest we organized for the Honeynet Project, where participants had to perform an in-depth forensic analysis of it and publish both the results and the techniques and methods used during the analysis, in community benefit.

The report containing the official answers and solution to the contest can be downloaded here. The original page for the contest, including all the participant's submissions, can be found here.


Projects

DinoSec members contribute to different open-source and community security projects: coming soon...


Media

DinoSec members media appearances: coming soon...


Legal Notice