Session Hijacking: Transferring Chrome Cookies and Bypassing Two-Factor Authentication (2FA)

This blog is a detailed technical guide on how to perform session hijacking by extracting, decrypting, and transferring encrypted Google Chrome cookies from one computer to another. It delves into Chrome’s security mechanisms, explaining how cookies are encrypted using the AES-256-GCM algorithm and how the encryption key is protected by Windows’ Data Protection API (DPAPI). The blog specifically highlights the complexities involved in handling the newer version 20 (v20) cookies, which are protected by App-Bound Encryption and require SYSTEM-level privileges to decrypt. By following the instructions provided, readers will be able to clone a login session and potentially bypass even two-factor authentication (2FA) mechanisms. [Read More]

Cryptography 1: Perfect Security and the Limits of Perfect Security

This blog post explores the concept of Perfect Security in cryptography, which guarantees that observing a ciphertext provides no additional information about the original message. We establish a fundamental theorem stating that Perfect Security is equivalent to the statistical independence of ciphertexts and plaintexts. However, Shannon’s Theorem proves that achieving Perfect Security requires the secret key to be at least as long as the message, making practical implementations infeasible beyond small-scale use cases like the One-Time Pad. [Read More]

Decoding CVE-2021-22659: How to Protect the MicroLogix 1400 from Attacks

This blog delves into the vulnerabilities associated with the MicroLogix 1400 PLC, particularly focusing on CVE-2021-22659. Through a detailed analysis, I outline the phases of potential attacks, the underlying Modbus protocol, and the steps necessary for effective remediation. By understanding the intricacies of this vulnerability and employing robust security measures, organizations can better protect their operational technology environments. With the insights gained from the OPSWAT Fellowship Program, this work serves as a crucial resource for enhancing cybersecurity in industrial settings. [Read More]

Unmasking Cyber Threats: The Art of Phishing with Canarytokens and RTLO Attacks

In this detailed blog post, we explore the insidious world of phishing attacks carried out via Zalo chat. Through a step-by-step demonstration, we reveal how attackers craft convincing disguised files, use social engineering to lure victims, and employ Canarytokens to track unauthorized access and gather critical data like public IP addresses. Discover the techniques behind this sophisticated form of cyber deception and learn how to protect yourself from falling victim to such attacks. [Read More]

Extracting IP Addresses via Chat Apps: Zalo and Telegram

In this blog post, I explore how cybercriminals exploit chat applications like Zalo and Telegram to extract users’ IP addresses through methods like URL spoofing and phishing. By creating and distributing spoofed URLs, attackers can deceive users into revealing sensitive information. I also highlight a specific vulnerability in Telegram that exposes user IP addresses during calls. Learn the mechanics of these attacks, see a detailed proof of concept, and discover essential tips to protect your privacy online. [Read More]