SlideShare a Scribd company logo

4G modem – best present ever!

Download as PPTX, PDF
Positive Hack Days
Positive Hack Days
Technology
1 of 22
Dmitry Sklyarov Senior Analyst @ Department for Advanced Developments Positive Technologies Positive Hack Days IV, May 21-22, 2014
How it looks (approximately ;)
Explore textual marks on Modem Front side: • “4G” logo • operator’s logo Under the cover (access to SIM and SD cards): • operator’s internal model number • IMEI • serial number Hmm, what the actual manufacturer name and model number? Back side: • nothing
Explore packaging Manufacturer name (ZTE) printed on the box and in booklet
ZTE MF823 4G Modem Specification • LTE-FDD: 800/900/1800/2600MHz; • UMTS: 900/2100MHz; • LTE-FDD: DL/UL 100/50Mbps (Category3) • DC-HSPA+: DL/UL 42/5.76Mbps • Size: 90 x 28.4 x 13mm • OS: Win7, Windows XP,Vista, Win8, Mac OS
ZTE MF823 4G Modem re-Branding MegaFon (Russia) O2(Germany)
Is there Modem anymore? After plugging into PC running Windows 7: • CWID USB SCSI CD-ROM USB Device • ZTE MMC Storage USB Device (MicroSD Card Reader) After performing “Eject CD Drive”: • CD-ROM (sometimes they come back!) • MicroSD Card Reader • Remote NDIS* based Internet Sharing Device *NDIS == Network Driver Interface Specification No drivers required! (at least on Windows 7 ;)
Remote NDIS adapter properties > ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 192.168.0.182 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1
How to speak with MF823? Results of ports scan for 192.168.0.1
HTTP server on 192.168.0.1 NB: Some brand-customized firmware contains web-interface that relies on “GoForm” handlers GET /index.html HTTP/1.1 Host: 192.168.0.1 HTTP/1.1 404 Site or Page Not Found GET / HTTP/1.1 Host: 192.168.0.1 HTTP/1.0 302 Redirect Server: GoAhead-Webs/2.5.0 Location: http://192.168.0.1/index.html
HTTP server Handlers Defined UrlHandlers: /goform /cgi-bin /mmc2 /api/xmlclient/post /client/backup /api/nvramul.cgi Defined GoForm handlers: /goform/goform_get_cmd_process /goform/goform_set_cmd_process /goform/goform_process /goform/formTest
Getting diagnostics info http://192.168.0.1/goform/ goform_get_cmd_process? cmd=device_diagnostics Returns: productName softwareVersion modemVersion routerVersion webUiVersion hardwareVersion serialNumber simSerialNumber simMsisdn deviceImei simImsi simStatus sdCardAvailable sdCardTotalMemory sdCardUsedMemory currentConnectedUsers maxConnectedUsers timeSinceStartup
Switching to Download (FACTORY) mode http://192.168.0.1/goform/goform_process? goformId=MODE_SWITCH&switchCmd=FACTORY New devices appears: • ZTE Diagnostics Interface (COMX) • ZTE NMEA Device (COMY) • ZTE Proprietary USB Modem NB: Send AT+ZCDRUN=F to COM-port associated with “ZTE NMEA Device” to return from Download mode
telnetd on 192.168.0.1 OpenEmbedded Linux 9615-cdp msm 20130729 9615-cdp 9615-cdp login: root Password: zte9x15 root@9615-cdp:~# id uid=0(root) gid=0(root) groups=0(root)
root is good! Full-featured ARM-based Linux • busybox apps (e.g. nc and netstat) • iptables • tcpdump • gdbserver CD image at /usr/zte_web/ZTEMODEM.ISO HTTP server root at /usr/zte_web/web/* • auto_apn • copy • zte_log
What is actually under your control?
What is actually under your control?
What are the treats? controls all external traffic log all internet activity replicate all internet activity WiFi-enabled? access to local WiFi GPS-enabled? store/report GPS location under remote management access to local network
My favorite Modem ;)
That’s all… Thanks for your patience ;) Dmitry Sklyarov DSklyarov@ptsecurity.ru Senior Analyst @ Department for Advanced Developments Positive Technologies
4G modem – best present ever!

Recommended

DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...Felipe Prado
 
Experience with jemalloc
Experience with jemallocExperience with jemalloc
Experience with jemallocKit Chan
 
C・C++用のコードカバレッジツールを自作してみた話
C・C++用のコードカバレッジツールを自作してみた話C・C++用のコードカバレッジツールを自作してみた話
C・C++用のコードカバレッジツールを自作してみた話simotin13 Miyazaki
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Getting Git Right
Getting Git RightGetting Git Right
Getting Git RightSven Peters
 
Go 語言基礎簡介
Go 語言基礎簡介Go 語言基礎簡介
Go 語言基礎簡介Bo-Yi Wu
 
Git tutorial
Git tutorialGit tutorial
Git tutorialElli Kanal
 
Parallelformers
ParallelformersParallelformers
Parallelformersgohyunwoong
 

Recommended

DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...Felipe Prado
 
Experience with jemalloc
Experience with jemallocExperience with jemalloc
Experience with jemallocKit Chan
 
C・C++用のコードカバレッジツールを自作してみた話
C・C++用のコードカバレッジツールを自作してみた話C・C++用のコードカバレッジツールを自作してみた話
C・C++用のコードカバレッジツールを自作してみた話simotin13 Miyazaki
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Getting Git Right
Getting Git RightGetting Git Right
Getting Git RightSven Peters
 
Go 語言基礎簡介
Go 語言基礎簡介Go 語言基礎簡介
Go 語言基礎簡介Bo-Yi Wu
 
Git tutorial
Git tutorialGit tutorial
Git tutorialElli Kanal
 
Parallelformers
ParallelformersParallelformers
Parallelformersgohyunwoong
 
Memory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux KernelMemory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux KernelAdrian Huang
 
From IA-32 to avx-512
From IA-32 to avx-512From IA-32 to avx-512
From IA-32 to avx-512MITSUNARI Shigeo
 
GitLab.pptx
GitLab.pptxGitLab.pptx
GitLab.pptxLeoulZewelde1
 
Git 101 for Beginners
Git 101 for Beginners Git 101 for Beginners
Git 101 for Beginners Anurag Upadhaya
 
Android BLEのつらみを予防するTips
Android BLEのつらみを予防するTipsAndroid BLEのつらみを予防するTips
Android BLEのつらみを予防するTipsTaisuke Oe
 
避けては通れないバイナリ地獄 - NDEFってなんだろう -
避けては通れないバイナリ地獄 - NDEFってなんだろう -避けては通れないバイナリ地獄 - NDEFってなんだろう -
避けては通れないバイナリ地獄 - NDEFってなんだろう -Tomoki YAMASHITA
 
Raspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematicsRaspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematicshacguest
 
Intro to Git, GitHub, and BitBucket
Intro to Git, GitHub, and BitBucketIntro to Git, GitHub, and BitBucket
Intro to Git, GitHub, and BitBucketLegal Services National Technology Assistance Project (LSNTAP)
 
ブランチを綺麗に保ち、どうやって本番アップするのか
ブランチを綺麗に保ち、どうやって本番アップするのかブランチを綺麗に保ち、どうやって本番アップするのか
ブランチを綺麗に保ち、どうやって本番アップするのかSaeko Yamamoto
 
Advanced Git
Advanced GitAdvanced Git
Advanced GitSergiu-Ioan Ungur
 
Github - Git Training Slides: Foundations
Github - Git Training Slides: FoundationsGithub - Git Training Slides: Foundations
Github - Git Training Slides: FoundationsLee Hanxue
 
Almost Perfect Service Discovery and Failover with ProxySQL and Orchestrator
Almost Perfect Service Discovery and Failover with ProxySQL and OrchestratorAlmost Perfect Service Discovery and Failover with ProxySQL and Orchestrator
Almost Perfect Service Discovery and Failover with ProxySQL and OrchestratorJean-François Gagné
 
Redis 101
Redis 101Redis 101
Redis 101Geoff Hoffman
 
Git Tutorial I
Git Tutorial IGit Tutorial I
Git Tutorial IJim Yeh
 
Git et les systèmes de gestion de versions
Git et les systèmes de gestion de versionsGit et les systèmes de gestion de versions
Git et les systèmes de gestion de versionsAlice Loeser
 
Git and GitHub Info Session
Git and GitHub Info SessionGit and GitHub Info Session
Git and GitHub Info SessionSawanBhattacharya
 
MySQL Enterprise Backup (MEB)
MySQL Enterprise Backup (MEB)MySQL Enterprise Backup (MEB)
MySQL Enterprise Backup (MEB)Mydbops
 
Introduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusIntroduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusRambus
 
Windows 10 mobileでnfc~suica・edy対応編~(公開用)
Windows 10 mobileでnfc~suica・edy対応編~(公開用)Windows 10 mobileでnfc~suica・edy対応編~(公開用)
Windows 10 mobileでnfc~suica・edy対応編~(公開用)Nobuaki Aoki
 
Vitess VReplication: Standing on the Shoulders of a MySQL Giant
Vitess VReplication: Standing on the Shoulders of a MySQL GiantVitess VReplication: Standing on the Shoulders of a MySQL Giant
Vitess VReplication: Standing on the Shoulders of a MySQL GiantMatt Lord
 
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedDEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedFelipe Prado
 
Mvi56 mcm datasheet
Mvi56 mcm datasheetMvi56 mcm datasheet
Mvi56 mcm datasheetFranz07
 

More Related Content

What's hot

Memory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux KernelMemory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux KernelAdrian Huang
 
Android BLEのつらみを予防するTips
Android BLEのつらみを予防するTipsAndroid BLEのつらみを予防するTips
Android BLEのつらみを予防するTipsTaisuke Oe
 
避けては通れないバイナリ地獄 - NDEFってなんだろう -
避けては通れないバイナリ地獄 - NDEFってなんだろう -避けては通れないバイナリ地獄 - NDEFってなんだろう -
避けては通れないバイナリ地獄 - NDEFってなんだろう -Tomoki YAMASHITA
 
Raspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematicsRaspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematicshacguest
 
ブランチを綺麗に保ち、どうやって本番アップするのか
ブランチを綺麗に保ち、どうやって本番アップするのかブランチを綺麗に保ち、どうやって本番アップするのか
ブランチを綺麗に保ち、どうやって本番アップするのかSaeko Yamamoto
 
Github - Git Training Slides: Foundations
Github - Git Training Slides: FoundationsGithub - Git Training Slides: Foundations
Github - Git Training Slides: FoundationsLee Hanxue
 
Almost Perfect Service Discovery and Failover with ProxySQL and Orchestrator
Almost Perfect Service Discovery and Failover with ProxySQL and OrchestratorAlmost Perfect Service Discovery and Failover with ProxySQL and Orchestrator
Almost Perfect Service Discovery and Failover with ProxySQL and OrchestratorJean-François Gagné
 
Git Tutorial I
Git Tutorial IGit Tutorial I
Git Tutorial IJim Yeh
 
Git et les systèmes de gestion de versions
Git et les systèmes de gestion de versionsGit et les systèmes de gestion de versions
Git et les systèmes de gestion de versionsAlice Loeser
 
MySQL Enterprise Backup (MEB)
MySQL Enterprise Backup (MEB)MySQL Enterprise Backup (MEB)
MySQL Enterprise Backup (MEB)Mydbops
 
Introduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusIntroduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusRambus
 
Windows 10 mobileでnfc~suica・edy対応編~(公開用)
Windows 10 mobileでnfc~suica・edy対応編~(公開用)Windows 10 mobileでnfc~suica・edy対応編~(公開用)
Windows 10 mobileでnfc~suica・edy対応編~(公開用)Nobuaki Aoki
 
Vitess VReplication: Standing on the Shoulders of a MySQL Giant
Vitess VReplication: Standing on the Shoulders of a MySQL GiantVitess VReplication: Standing on the Shoulders of a MySQL Giant
Vitess VReplication: Standing on the Shoulders of a MySQL GiantMatt Lord
 

What's hot (20)

Memory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux KernelMemory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux Kernel
 
From IA-32 to avx-512
From IA-32 to avx-512From IA-32 to avx-512
From IA-32 to avx-512
 
GitLab.pptx
GitLab.pptxGitLab.pptx
GitLab.pptx
 
Git 101 for Beginners
Git 101 for Beginners Git 101 for Beginners
Git 101 for Beginners
 
Android BLEのつらみを予防するTips
Android BLEのつらみを予防するTipsAndroid BLEのつらみを予防するTips
Android BLEのつらみを予防するTips
 
避けては通れないバイナリ地獄 - NDEFってなんだろう -
避けては通れないバイナリ地獄 - NDEFってなんだろう -避けては通れないバイナリ地獄 - NDEFってなんだろう -
避けては通れないバイナリ地獄 - NDEFってなんだろう -
 
Raspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematicsRaspberry pi-3 b-v1.2-schematics
Raspberry pi-3 b-v1.2-schematics
 
Intro to Git, GitHub, and BitBucket
Intro to Git, GitHub, and BitBucketIntro to Git, GitHub, and BitBucket
Intro to Git, GitHub, and BitBucket
 
ブランチを綺麗に保ち、どうやって本番アップするのか
ブランチを綺麗に保ち、どうやって本番アップするのかブランチを綺麗に保ち、どうやって本番アップするのか
ブランチを綺麗に保ち、どうやって本番アップするのか
 
Advanced Git
Advanced GitAdvanced Git
Advanced Git
 
Github - Git Training Slides: Foundations
Github - Git Training Slides: FoundationsGithub - Git Training Slides: Foundations
Github - Git Training Slides: Foundations
 
Almost Perfect Service Discovery and Failover with ProxySQL and Orchestrator
Almost Perfect Service Discovery and Failover with ProxySQL and OrchestratorAlmost Perfect Service Discovery and Failover with ProxySQL and Orchestrator
Almost Perfect Service Discovery and Failover with ProxySQL and Orchestrator
 
Redis 101
Redis 101Redis 101
Redis 101
 
Git Tutorial I
Git Tutorial IGit Tutorial I
Git Tutorial I
 
Git et les systèmes de gestion de versions
Git et les systèmes de gestion de versionsGit et les systèmes de gestion de versions
Git et les systèmes de gestion de versions
 
Git and GitHub Info Session
Git and GitHub Info SessionGit and GitHub Info Session
Git and GitHub Info Session
 
MySQL Enterprise Backup (MEB)
MySQL Enterprise Backup (MEB)MySQL Enterprise Backup (MEB)
MySQL Enterprise Backup (MEB)
 
Introduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusIntroduction to differential power analysis - Rambus
Introduction to differential power analysis - Rambus
 
Windows 10 mobileでnfc~suica・edy対応編~(公開用)
Windows 10 mobileでnfc~suica・edy対応編~(公開用)Windows 10 mobileでnfc~suica・edy対応編~(公開用)
Windows 10 mobileでnfc~suica・edy対応編~(公開用)
 
Vitess VReplication: Standing on the Shoulders of a MySQL Giant
Vitess VReplication: Standing on the Shoulders of a MySQL GiantVitess VReplication: Standing on the Shoulders of a MySQL Giant
Vitess VReplication: Standing on the Shoulders of a MySQL Giant
 

Similar to 4G modem – best present ever!

DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedDEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedFelipe Prado
 
Mvi56 mcm datasheet
Mvi56 mcm datasheetMvi56 mcm datasheet
Mvi56 mcm datasheetFranz07
 
Fuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiFuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiRahul Sasi
 
Mozilla chirimen firefox os dwika v5
Mozilla chirimen firefox os dwika v5Mozilla chirimen firefox os dwika v5
Mozilla chirimen firefox os dwika v5Dwika Sudrajat
 
Wifi obd auto checker using step
Wifi obd auto checker using stepWifi obd auto checker using step
Wifi obd auto checker using stepBill Zhao
 
Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015
Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015
Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015Pietro F. Maggi
 
3 g modem_tutorial
3 g modem_tutorial3 g modem_tutorial
3 g modem_tutorialaljarous
 
EDK_II_SW_debugger_v0.1_lj-Plugfest.pdf
EDK_II_SW_debugger_v0.1_lj-Plugfest.pdfEDK_II_SW_debugger_v0.1_lj-Plugfest.pdf
EDK_II_SW_debugger_v0.1_lj-Plugfest.pdfRajeshravi49
 
mago3D Technical Workshop Material
mago3D Technical Workshop Material mago3D Technical Workshop Material
mago3D Technical Workshop Material SANGHEE SHIN
 
ARM uVisor Debug Refinement Project(debugging facility improvements)
ARM uVisor Debug Refinement Project(debugging facility improvements)ARM uVisor Debug Refinement Project(debugging facility improvements)
ARM uVisor Debug Refinement Project(debugging facility improvements)家榮 張
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakesJustin Black
 
Security of Go Modules - SF Meetup
Security of Go Modules - SF MeetupSecurity of Go Modules - SF Meetup
Security of Go Modules - SF MeetupDeep Datta
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTinovex GmbH
 
DSI USA Agent & Retailer Presentation Final Version March 5 2015
DSI USA Agent & Retailer Presentation Final Version March 5 2015DSI USA Agent & Retailer Presentation Final Version March 5 2015
DSI USA Agent & Retailer Presentation Final Version March 5 2015Mark Davis
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Alvaro Roldan Peral
 
Droid Pro Launch
Droid Pro LaunchDroid Pro Launch
Droid Pro Launchndknox
 
Security of go modules and vulnerability scanning in GoCenter
Security of go modules and vulnerability scanning in GoCenterSecurity of go modules and vulnerability scanning in GoCenter
Security of go modules and vulnerability scanning in GoCenterDeep Datta
 

Similar to 4G modem – best present ever! (20)

DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedDEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
 
Mvi56 mcm datasheet
Mvi56 mcm datasheetMvi56 mcm datasheet
Mvi56 mcm datasheet
 
Fuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiFuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasi
 
Mozilla chirimen firefox os dwika v5
Mozilla chirimen firefox os dwika v5Mozilla chirimen firefox os dwika v5
Mozilla chirimen firefox os dwika v5
 
Wifi obd auto checker using step
Wifi obd auto checker using stepWifi obd auto checker using step
Wifi obd auto checker using step
 
Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015
Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015
Android Industrial Mobility - Droidcon Italy - Turin 9-10 April 2015
 
3 g modem_tutorial
3 g modem_tutorial3 g modem_tutorial
3 g modem_tutorial
 
EDK_II_SW_debugger_v0.1_lj-Plugfest.pdf
EDK_II_SW_debugger_v0.1_lj-Plugfest.pdfEDK_II_SW_debugger_v0.1_lj-Plugfest.pdf
EDK_II_SW_debugger_v0.1_lj-Plugfest.pdf
 
gofortution
gofortutiongofortution
gofortution
 
mago3D Technical Workshop Material
mago3D Technical Workshop Material mago3D Technical Workshop Material
mago3D Technical Workshop Material
 
ARM uVisor Debug Refinement Project(debugging facility improvements)
ARM uVisor Debug Refinement Project(debugging facility improvements)ARM uVisor Debug Refinement Project(debugging facility improvements)
ARM uVisor Debug Refinement Project(debugging facility improvements)
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakes
 
Security of Go Modules - SF Meetup
Security of Go Modules - SF MeetupSecurity of Go Modules - SF Meetup
Security of Go Modules - SF Meetup
 
Android Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoTAndroid Embedded - Smart Hubs als Schaltzentrale des IoT
Android Embedded - Smart Hubs als Schaltzentrale des IoT
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
DSI USA Agent & Retailer Presentation Final Version March 5 2015
DSI USA Agent & Retailer Presentation Final Version March 5 2015DSI USA Agent & Retailer Presentation Final Version March 5 2015
DSI USA Agent & Retailer Presentation Final Version March 5 2015
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010Forti Gate Virtual Appliances Sales 201010
Forti Gate Virtual Appliances Sales 201010
 
Droid Pro Launch
Droid Pro LaunchDroid Pro Launch
Droid Pro Launch
 
Security of go modules and vulnerability scanning in GoCenter
Security of go modules and vulnerability scanning in GoCenterSecurity of go modules and vulnerability scanning in GoCenter
Security of go modules and vulnerability scanning in GoCenter
 

More from Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

More from Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

4G modem – best present ever!

  • 1.
  • 2. Dmitry Sklyarov Senior Analyst @ Department for Advanced Developments Positive Technologies Positive Hack Days IV, May 21-22, 2014
  • 3. How it looks (approximately ;)
  • 4. Explore textual marks on Modem Front side: • “4G” logo • operator’s logo Under the cover (access to SIM and SD cards): • operator’s internal model number • IMEI • serial number Hmm, what the actual manufacturer name and model number? Back side: • nothing
  • 5. Explore packaging Manufacturer name (ZTE) printed on the box and in booklet
  • 6. ZTE MF823 4G Modem Specification • LTE-FDD: 800/900/1800/2600MHz; • UMTS: 900/2100MHz; • LTE-FDD: DL/UL 100/50Mbps (Category3) • DC-HSPA+: DL/UL 42/5.76Mbps • Size: 90 x 28.4 x 13mm • OS: Win7, Windows XP,Vista, Win8, Mac OS
  • 7. ZTE MF823 4G Modem re-Branding MegaFon (Russia) O2(Germany)
  • 8. Is there Modem anymore? After plugging into PC running Windows 7: • CWID USB SCSI CD-ROM USB Device • ZTE MMC Storage USB Device (MicroSD Card Reader) After performing “Eject CD Drive”: • CD-ROM (sometimes they come back!) • MicroSD Card Reader • Remote NDIS* based Internet Sharing Device *NDIS == Network Driver Interface Specification No drivers required! (at least on Windows 7 ;)
  • 9. Remote NDIS adapter properties > ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 192.168.0.182 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1
  • 10. How to speak with MF823? Results of ports scan for 192.168.0.1
  • 11. HTTP server on 192.168.0.1 NB: Some brand-customized firmware contains web-interface that relies on “GoForm” handlers GET /index.html HTTP/1.1 Host: 192.168.0.1 HTTP/1.1 404 Site or Page Not Found GET / HTTP/1.1 Host: 192.168.0.1 HTTP/1.0 302 Redirect Server: GoAhead-Webs/2.5.0 Location: http://192.168.0.1/index.html
  • 12. HTTP server Handlers Defined UrlHandlers: /goform /cgi-bin /mmc2 /api/xmlclient/post /client/backup /api/nvramul.cgi Defined GoForm handlers: /goform/goform_get_cmd_process /goform/goform_set_cmd_process /goform/goform_process /goform/formTest
  • 13. Getting diagnostics info http://192.168.0.1/goform/ goform_get_cmd_process? cmd=device_diagnostics Returns: productName softwareVersion modemVersion routerVersion webUiVersion hardwareVersion serialNumber simSerialNumber simMsisdn deviceImei simImsi simStatus sdCardAvailable sdCardTotalMemory sdCardUsedMemory currentConnectedUsers maxConnectedUsers timeSinceStartup
  • 14. Switching to Download (FACTORY) mode http://192.168.0.1/goform/goform_process? goformId=MODE_SWITCH&switchCmd=FACTORY New devices appears: • ZTE Diagnostics Interface (COMX) • ZTE NMEA Device (COMY) • ZTE Proprietary USB Modem NB: Send AT+ZCDRUN=F to COM-port associated with “ZTE NMEA Device” to return from Download mode
  • 15. telnetd on 192.168.0.1 OpenEmbedded Linux 9615-cdp msm 20130729 9615-cdp 9615-cdp login: root Password: zte9x15 root@9615-cdp:~# id uid=0(root) gid=0(root) groups=0(root)
  • 16. root is good! Full-featured ARM-based Linux • busybox apps (e.g. nc and netstat) • iptables • tcpdump • gdbserver CD image at /usr/zte_web/ZTEMODEM.ISO HTTP server root at /usr/zte_web/web/* • auto_apn • copy • zte_log
  • 17. What is actually under your control?
  • 18. What is actually under your control?
  • 19. What are the treats? controls all external traffic log all internet activity replicate all internet activity WiFi-enabled? access to local WiFi GPS-enabled? store/report GPS location under remote management access to local network
  • 21. That’s all… Thanks for your patience ;) Dmitry Sklyarov DSklyarov@ptsecurity.ru Senior Analyst @ Department for Advanced Developments Positive Technologies