Update13 1.4.2019
Novinky
Hlavní stránka
News -
+ Dělení podle roků 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008
- Aktualizace jednotlivých operací
+ New Operation:
+ Sekce obsahuje veškeré informace a nástroje pro první pomoc od odvirování systému až po jeho reinstalaci.
+ Nová sekce, která nahradí sekci "Tutoriály" bude tu vše, co je v sekci "Tutoriál".
+ Seznam školení, které obsahuje tento web.
+ Obsahuje seznam veškerých sylabů na webu.
+ Nová sekce obsahující všechny články, které budou postupně rozdělovány podle času, datumu atd.
+ Sekce bude obsahovat informace o Cyber bojích v sítích mezi velmocemi.
+ Sekce obsahuje video ze seriálu "CyberWar" o jednotlivých útocích, které byly probírány na webu a v televizích.
+ Nová sekce obsahující všechny bugy pro rok 2019
+ Sekce zabývající se informacemi o profesi "Správce systému".
Požadavky Certifikáty Tutoriály Školení Sylaby Online kurzy Weby
+ Nová sekce zaměřující se na aktualizovaný seznam exploitů a jejich rozdělení podle kategorií.
+ Nové sekce
Změny
ZeroDay - Změněn odkaz na novou stránku, která obsahuje všechny hrozby a jejich popis.
Threats - Grafická úprava a odstraněn problém s tabulkou.
Chyby
Opraveno několik chyb
Aktualizace
Remote - Aktualizace pro rok 2019/2018
Web App - Aktualizace pro rok 2019/2018
Local&Privilege Escalation - Aktualizace pro rok 2019/2018
DoS & PoC - Aktualizace pro rok 2019/2018
ShellCode - Aktualizace pro rok 2019/2018
|
29.3.19 |
LTE Attack |
Every commercial eNB has a maximum capacity of active user connections based on their hardware and software specifications. The purpose of the BTS resource depletion attack is to deplete this capacity of the active RRC Connections, thereby preventing other users from connecting to the target eNB. | |
|
29.3.19 |
LTE Attack |
Unlike the aforementioned attack that denies multiple users in an eNB, the Blind DoS attack denies a targeted UE by establishing RRC Connections spoofed as the victim UE. 1) Attack model: The attacker performs the attack within the area covered by the victim’s serving eNB. The attacker also knows the victim’s S-TMSI that can be obtained in three ways | |
|
29.3.19 |
LTE Attack |
During our experiments, we discovered that operational MMEs have several implementation flaws that cause them to unnecessarily de-register the victim UE without notification. The detailed attack scenario is as below. 1) Adversary model: An adversary should be able to send malicious NAS messages to the MME in which the victim UE is registered. Typically, an MME manages a number of eNBs which are distributed throughout large geographical regions. | |
|
29.3.19 |
LTE Attack |
1) Adversary model: In this scenario, the adversary sends an SMS message to victim UE1 by spoofing the message sender using the phone number of victim UE2. To this end, the adversary knows the S-TMSI of UE2 to spoof the sender. The phone number of UE1, to which the actual SMS message is sent, is also known. In addition, we assume that the target LTE network provides the SMS through the NAS layer. 2) Attack procedure: ➀ The adversary starts by establishing a spoofed RRC Connection using the S-TMSI of UE2 | |
|
29.3.19 |
LTE Attack |
1) Adversary model: The adversary is located sufficiently close to the victim UE to trigger handover from an existing eNB to the adversary’s rogue LTE network. To this end, the rogue LTE network transmits an LTE signal with higher transmission power than commercial eNBs. Additionally, the adversary would have to know the list of Tracking Areas (TAs) to masquerade the rogue LTE network as a commercial one. A valid TA Code (TAC) can easily be captured in two ways | |
|
29.3.19 |
LTE Attack |
In the case of a BTS resource depletion attack, it is impossible for an eNB to distinguish the adversary’s RRC Connection requests from benign RRC connection requests. A possible mitigation to this attack could be to reduce the inactivity timer value to allow an RRC Connection that is unresponsive to the Authentication request to expire. | |
|
29.3.19 |
LTE Attack |
As discussed in Section V, both the Remote de-register attack and SMS phishing attack are rooted from incorrect implementation of the operational MMEs. Thus, these MMEs should be carefully implemented by strictly following the 3GPP standard. The AKA bypass attack is also rooted in the UE handling the mandatory security procedure incorrectly. Therefore, the UE should not proceed with any control plane procedures before completing the mandatory security procedure successfully. | |
|
29.3.19 |
LTE Attack |
Many previous studies, employed a rogue BTS in a 2G/3G network. However, the Man in the Middle (MitM) attack in LTE networks received less attention . Rupprecht et al. showed that an LTE dongle could be used for eavesdropping and tampering if the dongle incorrectly allows null integrity to both the control and data plane. Hussain et al. demonstrated an Authentication relay attack to eavesdrop a victim UE’s data communication if the carrier uses null encryption to the data plane. | |
|
29.3.19 |
LTE Attack |
Previous studies introduced DoS attacks that exploit vulnerabilities in LTE control plane procedures. Shaik et al. presented DoS attacks using plain reject messages (NAS TAU reject, Service reject and Attach reject). Raza et al. demonstrated two types of DoS attacks that were able to detach a user from the network: the first uses a plain NAS Detach request message and the other uses Paging with the user’s IMSI. Both studies showed that certain unprotected plain messages may cause denial of service to users. |