MetaBreaking MetaTrader (and FCXM Trading Station too!)
November 13, 2013

Security in proprietary financial application stacks is something the security community rarely talks about. Either due to the fact its difficult to obtain access to such setups, or because they are not in widespread use, basic security issues in such platforms have mostly flown under the radar.

Today, we would like to announce the slides from our PacSec 2013 talk on the state of affairs in proprietary FOREX trading platforms. In our research, we discovered several vulnerabilities and design issues in the way MetaQuotes MetaTrader 4 and FXCM’s Trading Station (and SDK) communicate over the internet, transmit credentials and authenticate to their respective services.

The slides can be downloaded from here. Thanks to everyone who attended, gave us feedback and bought us beer!

Roboo - HTTP Robot Mitigator released!
March 17, 2011

We’re happy to announce the release of Roboo - the first and most advanced open-source HTTP Robot mitigator of its kind!

Roboo uses advanced non-interactive HTTP challenge/response mechanisms to detect and subsequently mitigate HTTP robots, by verifying the existence of HTTP, HTML, DOM, Javascript and Flash stacks at the client side.

Such deep level of verification weeds out the larger percentage of HTTP robots which do not use real browsers or implement full browser stacks, resulting in the mitigation of various web threats:

  • HTTP Denial of Service tools - e.g. Low Orbit Ion Cannon
  • Vulnerability Scanning - e.g. Acunetix Web Vulnerability Scanner, Metasploit Pro, Nessus
  • Web exploits
  • Automatic comment posters/comment spam as a replacement of conventional CAPTCHA methods
  • Spiders, Crawlers and other robotic evil

You can find the first public version here - for more information, refer to the presentation “Building Floodgates: Cutting-Edge Denial of Service Mitigation” given at Black Hat Europe 2011 (slides) and the Roboo source code repository.

A tool for creating IDS/IPS signatures for SMTP based worms
November 29, 2006

Worminator (source & binary) - A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. Written in Delphi.