Spanish
English

After almost four years, Taddong’s expedition comes to an end… (more information)

David and Jose will continue their activities from Layakk, whereas Monica and Raul will do it from DinoSec. If you want to stay informed about our activities, don't hesitate to follow us in our (personal and professional) webpages, blogs and twitter accounts:

This section includes different publications, articles, presentations, projects and tools we have developed and have been involved in, due to our personal interest, or due to specific needs related to the professional services performed in our customer base.


Publications



Security Advisories


Taddong's security advisories are available in our blog.


Tools


iStupid v1.0

iStupid, indescreet SSID tool (for the) unknown PNL (on) iOS devices, is a Python-based tool for Linux that allows deleting Wi-Fi network entries from the hidden PNL of Apple iOS mobile devices. For more information see the original iStupid blog post, as well as the setup & basic usage, and advanced usage.

tadbsl.sh

Tool that retrieves (from Google) the geographical location of a mobile network base station from its identification numbers (MCC|MNC|LAC|CI).

TLSSLed v1.3
TLSSLed v1.2
TLSSLed v1.1
TLSSLed v1.0

TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the "openssl s_client" command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities. More information in our blog.

New in version 1.3 (blog): multiple changes and improvements both in the checks as well as in the data output (see the changelog inside the script).

New in version 1.2 (blog): Mac OS X support, an initial check to verify if the target service speaks SSL/TLS, a few optimizations, and new tests for TLS v1.1 & v1.2 (CVE-2011-3389 aka BEAST).

New in version 1.1 (blog): Certificate public key length, the certificate subject and issuer (CA), as well as the validity period. It also checks the existence of HTTP secure headers, such as Strict-Transport-Security and cookies with and without the "secure" flag set.

Wireshark SMB2 plug-in
Wireshark SMB plug-in

This freely available plugin for Wireshark provides the ability to save SMB/SMB2 files contained in a Wireshark trace, thus demonstrating that SMB/SMB2 traffic is a high-risk and high-impact vulnerability for the enterprise information security.

SMB v2 support has been added to our original plugin in February 2013. This release also includes many more fixes and features that are explained in our blog. SMB v2 file extraction feature is included in Wireshark from development version 48210 on.

SMB v1 support was implemented in 2010. This article in our blog and this white paper in our Lab contain all the details regarding the tool. SMB v1 file extraction feature was included in Wireshark from development version 33229 on.

RaDa

RaDa is a small trojan binary we wrote a while ago in order to illustrate how easy it is to remotely control a system, even traversing through multiple proxies and firewalls, once the system has been infected. Besides that, RaDa was the core of the Scan of the Month #32 contest we organized for the Honeynet Project, where participants had to perform an in-depth forensic analysis of it and publish both the results and the techniques and methods used during the analysis, in community benefit.

The report containing the official answers and solution to the contest can be downloaded here. The original page for the contest, including all the participant's submissions, can be found here.


nc2

The nc2 program is a customized version of the well known netcat (nc) utility, slightly modified to get rid of two little annoyances available on the initial implementation. The nc2 Linux version, unlike its predecessor, adds the "-L" option, an option only available in the original Windows version. The nc2 Windows version, unlike its predecessor, stops its execution as soon as it finishes a file transfer, without forcing the user to press CTRL+C, a behaviour only available in the original Linux version.

For more information regarding nc2 refer to the post we published in our previous blog, RaDaJo, a while ago. Nevertheless, since we released the nc2 program, newer implementations of netcat have seen the light, not only solving these problems but also adding new functionality. We specially recommend the ncat tool, included in current Nmap versions.


Media


Taddong's media appearances: coming soon...


Copyright © 2010-2013 Taddong S.L.
Legal