Ads 468x60px

15 de octubre de 2018

Crowd Counting Researches

I’m not a research but I like reading papers to know and learn about new technologies and trends because many papers later on are useful in the future. For instance, I read about Notos, which is a dynamic reputation system; Pleiades, which is a DGA malware detection system, and Phoenix, which is another DGA botnets searching system. These papers helped me to understand how Domain Generation Algorithms work and, therefore, helped me to win the ISACA Challenge in 2015. Today, I want to write about some papers I’ve been reading about Crowd Counting.

I knew a little bit about crowd counting using computer-vision techniques which is useful to know how many people are in the area. However, after reading more about crowd counting, I’ve realised that crowd counting is interesting for many other applications. For instance, crowd counting can be used in smart buildings to optimize the energy consumption based on the number of people in the building or crowd counting can also be used by retailers for better plan their business by assessing which parts of the store get more visitors. In addition, crowd counting is not only investigated from computer-vision but also from environmental science communities and wireless networking.

I didn’t know environmental science communities also studied about crowd counting. They utilize the characteristics of the area of interest such as temperature, concentration of carbon dioxide, lighting, relative humidity, motion, acoustics, etc to identify the number of people in the area. It’s interesting. However, it requires installing specialized sensors such as gas detection sensors, ambient sensors or CO2 sensors, which are expensive. In addition, it requires access to the area of interest.

Wireless networking is another technique to identify the number of people in the area where radio frequency (RF) signals can penetrate through objects, such as walls, that combined with wireless devices, such as WiFi routers, provide a great potential for imaging, tracking, and occupancy estimation. There are two methods using RF signals, which are the device-based active methods and the device-free passive methods.

The device-based active methods rely on pedestrians to carry smartphones. For instance, device-based active methods can use GPS or Bluetooth to assess crowd density. It’s interesting how some researches are based in the walking speed of pedestrians to know the crowd density. However, the device-free passive methods don’t require people to carry any device. Instead, device-free methods rely on the interaction of the wireless signals with the people in the area of interest. It’s interesting how these methods can count people through walls using WiFi.

Crowd Counting Through Walls Using WiFi

Once I read the first paper “Crowd Counting Through Walls Using WiFi”, I wanted to know and learn more and more. After reading this paper, I also read “Occupancy Detection Through An Extensive Environmental Sensor Network In An Open-Plan Office Building”, “Indoor Occupancy Estimation From Carbon Dioxide Concentration”, “Bluetooth Based Collaborative Crowd Density Estimation with Mobile Phones” and “Probing Crowd Density Through Smartphones In City-Scale Mass Gatherings”. It’s been interesting, it’s been funny reading about Crowd Counting Researches.

Regards my friends. Keep studying. Keep reading!

8 de octubre de 2018

Linux Privilege Escalation Example

Privilege escalation is when someone exploits an error, design failure or application configuration, into an operating system or application. Privilege escalation is used to get administrative access into operating systems and applications by malicious users. Most systems have two types of user profiles: users which configure the system with administrator privilege and users which use the system without administrator privilege. Therefore, privilege escalation exploits are used by attackers to get superuser privileges into systems.

There are many web pages out there where we can find privilege escalation exploits which can be used to get into operating systems and applications. Most of them take advantage of bugs and vulnerabilities. One of them, which have many exploits and I like it, is the Exploits Database by Offensive Security where we can search exploits and shellcodes by CVE and platforms. In addition, we can even download the vulnerable application and information to learn how to get into the system.

I’ve uploaded to my YouTube channel a new video where we can watch how to get root access in a Linux machine with a local privilege escalation exploit, which I’ve downloaded from This exploit takes advantage of a vulnerability in Linux Kernel 2.6.39 < 3.2.2. On the other hand, we can also watch how to get remote root access abusing the weak service permission configuration on Linux. As we can watch, privilege escalation is got through bugs and vulnerabilities but also through misconfiguration.

Regards my friends. Keep studying. Keep testing!!

1 de octubre de 2018

Linux Buffer Overflow Example

I uploaded a video and I wrote about Windows Buffer Overflow Example two weeks ago. I learnt a lot with this example but I wanted to study about Linux Buffer Overflow as well. Therefore, I’ve been testing with the crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow these days. I installed a Kali Linux 32 bits with the crossfire server, which is an online computer game, and thanks to the edb debugger and python scripts, I’ve been able to learn how to exploit a Linux Buffer Overflow vulnerability. You can check in the next video.

Firstly, I’ve started the virtual machine with the NX protection disabled (noexec=off) and I’ve executed the crossfire server, which listens in the 13327 TCP port. I’ve also tested a simple python script to send 4379 ‘A’s to the vulnerable service. We can see how the program crashes and ESP register contains many ‘A’s or ‘41’ in hex. However, we have to find the specific EIP memory location thus I’ve created a unique string which is sent to the vulnerable server through the malicious script. After I’ve controlled the EIP register, I have to know where I’m going to save the shellcode. Following the EIP register, only 7 bytes are left thus shellcode can’t be saved there. As a result, I’ve pointed to the EAX register where the shellcode is going to be located. The next challenge is to locate a JMP ESP instruction into the memory to insert it into the EIP register. Finally, I’ve created a payload with the msfvenom tool to add it into the script, which give us a Linux remote reverse shell.

Regards my friends. This is another amazing demo to know how Buffer Overflow works. I recommend you do it by yourself.
Related Posts Plugin for WordPress, Blogger...

Entradas populares