Monday, August 31, 2015

Examining Router Firmware

My last post got me thinking about whether the CSRF bug that sonar relies on in its example has been fixed. For this post, I decided to see if I could figure out the changes that Asus made to the firmware to determine if the sonar fingerprint might be affected by the bug.

Monday, August 24, 2015

WebRTC and Host Enumeration

Hey there everyone.  I know it has been a long time since I last updated this, but there has been a lot going on.  Between personal stuff, work craziness, the Windows 10 launch, and some other things, I have not had time to make a post.  Things are starting to die down a bit (hopefully), so my goal is to post here more often.

I was browsing /r/netsec yesterday when I stumbled across an interesting post: sonar - A Framework for Scanning and Exploiting Using Internal Hosts (link to source article).  This piqued my interest because it is a compelling way for a pen-tester (or malicious actor) to perform host enumeration inside of a network without having a presence inside of the target network.  The technique relies on the victim's browser being WebRTC enabled, so let's take a moment to talk about what WebRTC is and why we should care.  Then, we will talk about what makes Sonar interesting.  Finally, we will talk about some mitigations.