Group	Roles
Security
freunde des KUEKeN
XSS	Admin Moderator
street art	Admin Moderator
Privacy	Admin Moderator
Nerds	Admin Moderator
Streetart Berlin	Moderator
SEO	Admin Moderator

Java Deserialization! Gadget Chains? Magic Methods?

fwtf posted in Security 2019-11-20T11:58:34.3600000 edited 2019-11-20T12:07:42.0470000

1.7K

Java deserialization explained

Finally, I found a paper about Java deserialization that I understand!
https://community.microfocus.com/t5/Security-Research-Blog/The-perils-of-Java-deserialization...
After several talks and blog posts, this was the paper that made me feel I understand it now.

Java deserialization is one of those bugs not many people look at.
Not because it's new, it's a damn old topic. I think many (like me) thought it was too hard and didn't go beyond running ysoserial.

Deserialization is such an awesome topic, some gadget chains are just crazy.
Originally, this paper is about mitigations and bypasses, but the intro to deserialization is why I recommend this.

"In our paper, we review the basics of the Java deserialization process and explain how and why it becomes vulnerable. We will show how different Java classes – referred to as gadgets throughout the paper – can be abused by attackers during the deserialization process to compromise or attack applications and servers. We explain how attackers can leverage these gadget classes for their own purposes. We examine several remote code execution gadgets to show how these attacks chain multiple pieces of code to craft the malicious payload. We review available mitigation advice and present a new technique to bypass some of the recommended protections. Finally, we conclude by reviewing how the problem affects similar libraries, and wrap up by offering our own mitigation strategies to more effectively protect against this problem."

Slides

Zelgada - commented 2019-11-20T13:08:06.5600000

Interesting vulnerability. Looks like there is a similar parallel for .NET but only desktop applications https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/december/beware-of-deserialisation-in-.net-methods-and-classes-code-execution-via-paste/

I think, however, that code which is run in an AppDomain can mitigate the risk (https://stackoverflow.com/questions/1056567/java-appdomain-like-abstraction) but this isn't readily available in Java.

Exploiting [...] Side-Channels to Break Monero Receiver Anonymity

fwtf posted in Security 2019-11-15T21:45:02.5130000 edited 2019-11-15T21:45:51.5100000

Linking Anonymous Transactions via Remote Side-Channel Attacks

crypto.stanford.edu/timings

"We describe remote side-channel attacks on receiver privacy in anonymous cryptocurrencies. Our attacks, which we validate on Zcash and Monero, enable a remote attacker to:

Identify the payee for any anonymous transaction being sent into the network.

Locate the machine (i.e., its IP address) that holds the private key that corresponds to an attacker-known public address.

Break unlinkability of a user's diversified addresses, by determining whether two attacker-known public payment addresses correspond to a same private key.

In addition, for Zcash, the vulnerabilities underlying our attacks can be abused to remotely corrupt and crash any Zcash node for which the attacker knows a payment address, as well as to set up a remote timing side-channel on an ECDH key exchange between a victim node's private key and an attacker's ephemeral public key. In principle, this side-channel can be used to fully recover the victim's private key, thereby completely breaking receiver anonymity.

Our attacks rely on differences in the way that a user's wallet processes a transaction, depending on whether the user is the transaction's payee. We show that these differences in wallet behavior affect the behavior of the P2P node that the wallet is connected to. In turn, a remote adversary can exploit various network and timing side-channels to observe these differences in the P2P node's behavior, and thereby infer the wallet's receipt of a transaction."

Found this on hackerone, guess this is the perfect place to share it.

Zelgada - commented 2019-11-16T19:21:11.0470000

attacks can be abused to remotely corrupt and crash any Zcash node for which the attacker knows a payment address

That's quite the attack. Yikes. Still - it sounds like more of an implementation problem vs protocol.

LN in Germany 2

fwtf posted in Community 2019-11-06T12:41:15.5330000

3.4K

Spending LN in Germany

I didn't expect it to be THAT easy...

Eariler this day I asked for help, I wanted to buy an e-book reader via LN.
Now, only some hours later, I've spend almost all my BTC, it wasn't as hard as I first thought.

I used bitrefill.com and within seconds I had amazon gift cards for germany.
I expected to be scammed, but I quickly got my code and added the amount to my amazon acc.

In germany, you can buy beer and some food directly with LN (atleast in Berlin) and you can buy gift cards for almost everything.
Look up ROOM77, they show that you can even run a local biz with BTC.

I thought it would be hard to spend BTC / LN in germany, but it's not. I'm starting to see: BTC is NOW.

158

Zelgada - commented 2019-11-06T12:47:21.8070000

Awesome!!

LN makes BTC a true currency. It is not just a store of value. It is the best money ever. Secured decentralized money.

Isn't it so much more satisfying buying something with BTC?

fwtf - replied to @Zelgada 2019-11-06T13:07:23.0600000

Isn't it so much more satisfying buying something with BTC?

Oh yeah it is, it was quite surprising how smooth it went.

fervi - replied to @fwtf 2019-11-06T14:12:55.4530000

There are many shops in the Lightning chain. Maybe one day there will be houses, although I would see caravans, campers or "Dutch/English cottages" more. ;)

quintomudigo - replied to @Zelgada 2019-11-06T14:30:49.6330000

LN making bitcoin great again

Zelgada - replied to @quintomudigo 2019-11-06T15:37:33.8230000

It has always been great, it just keeps getting better!

I hate reCAPTCHA

fwtf posted in Community 2019-10-26T18:47:05.7630000

3.1K

Buster: Captcha Solver for Humans

Buster is a browser extension which helps you to solve difficult captchas by completing reCAPTCHA audio challenges using speech recognition.
Challenges are solved by clicking on the extension button at the bottom of the reCAPTCHA widget.

I love Buster as much as I hate reCAPTCHA!

fwtf posted in Streetart Berlin 2019-10-21T14:55:54.5630000

1.3K

Not too old pics

fwtf posted in Streetart Berlin 2019-10-20T10:53:07.2400000

1.2K

SSRF

fwtf posted in Security 2019-10-17T16:47:04.3470000 edited 2019-10-17T16:51:09.5200000

2.4K

SSRF Bible / Cheatsheet

"SSRF - Server Side Request Forgery attacks. The ability to create requests from the vulnerable server to intra/internet. Using a protocol supported by available URI schemas, you can communicate with services running on other protocols. Here we collect the various options and examples (exploits) of such interaction"

URL schema support	PHP	Java	cURL	LWP	ASP.NET
gopher	enable by --with-curlwrappers	before last patches	w/o \0 char	+	ASP.NET <=3 and Windows XP and Windows Server 2003 R2 and earlier only
tftp	enable by --with-curlwrappers	-	w/o \0 char	-	-
http	+	+	+	+	+
https	+	+	+	+	+
ldap	-	-	+	+	-
ftp	+	+	+	+	+
dict	enable by --with-curlwrappers	-	+	-	-
ssh2	disabled by default	-	-	Net:SSH2 required	-
file	+	+	+	+	+
ogg	disabled by default	-	-	-	-
expect	disabled by default	-	-	-	-
imap	enable by --with-curlwrappers	-	+	+	-
pop3	enable by --with-curlwrappers	-	+	+	-
mailto	-	-	-	+	-
smtp	enable by --with-curlwrappers	-	+	-	-
telnet	enable by --with-curlwrappers	-	+	-	-

What's up Hong Kong?

fwtf posted in street art 2019-10-11T19:04:44.3270000

1.4K

"During our last visit in Hong Kong, not only did we take a lot of awesome pictures, but we also made a video which was shot a few hours before our flight to Tokyo."

paint artists who specialize in painting trams

fwtf posted in Streetart Berlin 2019-10-11T18:34:32.2030000

944

"UNLIKE U melts into a scene, which for outsiders, is hard to comprehend. The world of trainwriters, those spray paint artists who specialize in painting trams and underground trains."
Old but gold, watch how quickly they turn this whole train into a painting.

105

Unknown User - commented 2019-10-11T19:14:51.0130000

It's an art somehow but forbidden for a reason.... I dont want to pay for the cleaning direct or indirect. And in this case the piece isn't too spectacular because the time preassure.... thats why you'd usually spray at night and take your time, but it wouldnt be so cool for a movie like this one! I never liked pieces which take up so much space for nothing but a foundation

Berlin Kidz

fwtf posted in Streetart Berlin 2019-10-04T15:50:27.6400000 edited 2019-10-04T15:52:28.0930000

3.9K

When I saw this group name, I had to share this.
This Berlin crew made 2 awesome movies, you'll love them.
If you visit Berlin, you will see their art everywhere!

165

Unknown User - commented 2019-10-04T18:39:11.4170000

https://www.youtube.com/watch?v=bu49hnJn2o0 music video with some Kidz

0

0

0

Profile Detail

fwtf

About me

Achievements

38 Posts

2 Following

3 Followers

fwtf is subscribed to

Subscribing to fwtf

Groups

Activites