MottaSec

MottaSec A cyber security company based in Greece. Focused on Pe*******on Testing, Awareness Campaigns and OS

Improvise, adapt, overcome.USB cable layout is public. RS-232 layout also.Therefore you can improvise when you don't hav...
28/01/2021

Improvise, adapt, overcome.
USB cable layout is public. RS-232 layout also.
Therefore you can improvise when you don't have industrial USB and COM attachments.
For COM we used RXD, TXD and GND pins.

In 2017 VUSec (a network security group in University of Amsterdam) attacked the MMU and the cache hierarchy and managed...
24/01/2021

In 2017 VUSec (a network security group in University of Amsterdam) attacked the MMU and the cache hierarchy and managed to break the KASLR.
A couple of years later some independent researchers went a little bit deeper and that's how MELTDOWN was discovered.
Both attacks targeted the behaviour of cache hierarchy used to improve the performance of table walks. VUSec managed to break the randomisation of the Kernel-level ASLR with EVICT+CACHE attacks and Meltdown manages to read the memory abusing the same cache behaviour.

Exploiting a PLC.Configured a MicroLogix 1400 PLC behind an Arduino who was connected to a robotic arm. The arduino was ...
23/01/2021

Exploiting a PLC.
Configured a MicroLogix 1400 PLC behind an Arduino who was connected to a robotic arm. The arduino was the middle man translating the serial signals to commands for the robotic arm.
Connected to the same network as the PLC and through MODBUS TCP/IP I was able to manipulate the robotic arm and have it doing malicious actions as MODBUS doesn't require any form of authentication.
Think that happening to a production line where a giant robotic arm stars spinning around.
We can help you secure your SCADA environment.
https://www.mottasec.com/services/

Exploit development.Located a module loaded without DEP and ASLR. Used it to find a POP/POP/RET instruction and exploit ...
21/01/2021

Exploit development.
Located a module loaded without DEP and ASLR.
Used it to find a POP/POP/RET instruction and exploit the software utilising the Structured Exception Handlers (SEH).
In cyber security a system/software is as secure as its weakest point.
Let us help you locate them.
https://www.mottasec.com/services/

Cyber security is like this device (monitors hot water consumption)If you put it unsecured in the apartment, you have to...
20/01/2021

Cyber security is like this device (monitors hot water consumption)
If you put it unsecured in the apartment, you have to trust me that I will not manipulate the device.
If I do though, you will lose a lot of money.

Playing around with an AVM router.Plugged 3 cables on UART port and used a TTL Serial adapter as an emulator.Receiver (R...
20/01/2021

Playing around with an AVM router.
Plugged 3 cables on UART port and used a TTL Serial adapter as an emulator.
Receiver (RX), Transmitter (TX) and Ground (GND) were the 3 cables.
On KALI side I used the GNU Screen and I got a root shell on the BusyBox OS running on the router.

Are you interested in a vulnerability assessment?Check out our methods and our service packages.
18/01/2021

Are you interested in a vulnerability assessment?
Check out our methods and our service packages.

A cyber security company based in Greece. Focused on Pe*******on Testing, Awareness Campaigns and OSINT. Get to know the services we provide and the various service packages..

Get to know our Team and their achievements
18/01/2021

Get to know our Team and their achievements

A cyber security company based in Greece. All the interesting exploits and technologies developed by our team members during their assignments throughout the years.

Address

Χαλάνδρι

Alerts

Be the first to know and let us send you an email when MottaSec posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to MottaSec:

Share