Amit, CISO Platform's Blog (111)

Tineola: Taking A Bite Out of Enterprise Blockchain

Blockchain adaptation has reached a fever pitch, andthe community is late to the game of securing these platforms against attack. With the open source community enamored with the success of Ethereum, the enterprise community has been quietly building the next generation of distributed trustless applications on permissioned blockchain technologies. As of early 2018, an estimated half of these blockchain projects relied on the Hyperledger Fabric platform.



In this talk we will…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:30am — No Comments

Jailbreaking the 3DS through 7 years of hardening

The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:30am — No Comments

Man-In-The-Disk

Most of modern OS are using sandboxing in order to prevent malicious apps from affecting other apps or even harming the OS itself. Google is constantly reinforcing Android’s sandbox protection, introducing new features to prevent any kind of sandbox bypass.



In this talk we want to shed new light on a less known attack surface which affects all Android devices and allows an attacker to hijack the communication between privileged apps and the disk, bypassing Android’s latest…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:00am — No Comments

4G - Who is paying your cellular phone bill?

Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:00am — No Comments

Rock appround the clock: Tracking malware developers by Android "AAPT" timezone disclosure bug

Are you a malware developer for Android devices? We have very bad news for you: the Android-SDK packager (aapt) is leaking your time zone! We have found a bug inside this Android-SDK's component that relies in not properly setting the value of a variable used as an argument for localtime() function, when setting the "Last Modified" field for the Android App's files. Because of this, the time zone of anyone using the Android-SDK packager to generate their APKs is leaked. The curious…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 10:30am — No Comments

All your family secrets belong to us - Worrisome security issues in tracker apps

Google Play Store provides thousands of applications for monitoring your children/family members. Since these apps deal with highly sensitive information, they immediately raise questions on privacy and security. Who else can track the users? Is this data properly protected? To answer these questions, we analyzed a selection of the most popular tracking apps from the Google Play Store.



Many apps and services suffer from grave security issues. Some apps use self-made…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 10:30am — No Comments

Vulnerable Out of the Box: An Evaluation of Android Carrier Devices

Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase. This means that the vulnerabilities are present even before the user enables wireless communications and starts installing third-party apps. To quantify the exposure of the Android end-users to vulnerabilities residing within pre-installed apps and firmware, we analyzed a wide range of Android vendors and carriers using devices spanning…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:47pm — No Comments

The Mouse is mightier than the sword

In today's digital world the mouse, not the pen is arguably mightier than the sword. Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? click ...allowed. Authorize keychain access? click ...allowed. Load 3rd-party kernel extension? click ...allowed. Authorize outgoing network connection? click ...allowed. Luckily security-conscious users will (hopefully) heed such warning dialogues—stopping malicious code in its tracks. But what if such…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit

With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

House of Roman - a "leakless" heap fengshui to achieve RCE on PIE Binaries

Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented on the famous how2heap repository, or as writeups of famous CTF challenges (like House of Orange). However, most of them require atleast a libc/heap leak , or fail in non-PIE binaries. My new technique titled House of Roman leverages a single bug to gain shell leaklessly on a PIE enabled Binary. I shall showcase the ease of aligning the heap to perform this attack, thus…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

Vulnerable Out of the Box: An Evaluation of Android Carrier Devices

Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase. This means that the vulnerabilities are present even before the user enables wireless communications and starts installing third-party apps. To quantify the exposure of the Android end-users to vulnerabilities residing within pre-installed apps and firmware, we analyzed a wide range of Android vendors and carriers using devices spanning…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

Compression Oracle Attacks on VPN Networks

Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

UEFI Exploitation For The Masses

So how do you debug bios and triage a vulnerability for exploitability with no stack trace or error log? How do BIOS developers do it? Do not worry! We will explain how anyone can have debug capabilities on modern Intel platforms and show you how this massively simplifies exploit dev. Developing an exploit for a BIOS vulnerability is a different experience than other types of exploit dev. Your available code base to draw from is unlike what you would expect when running at the…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

BarcOwned : Popping shells with your cereal box

Barcodes and barcode scanners are ubiquitous in many industries and work with untrusted data on labels, boxes, and even phone screens. Most scanners also allow programming via barcodes to manipulate and inject keystrokes. See the problem? By scanning a few programming barcodes, you can infect a scanner and access the keyboard of the host device, letting you type commands just like a Rubber Ducky. This culminates in barcOwned—a small web app that allows you to program scanners and…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

Compromising online accounts by cracking voicemail systems

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these?



In this talk I will cover voicemail systems, it's security and how we can use…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

All your math are belong to us

First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends.



Wait, no, not really.



It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

One Step Ahead of Cheaters -- Instrumenting Android Emulators

Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

Fire & Ice: Making and Breaking macOS Firewalls

In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.



However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.



This talk aims to take a peek behind the proverbial curtain revealing how…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

Relocation Bonus: Attacking the Windows Loader Makes Analysts Switch Careers

The arbiters of defense wield many static analysis tools; disassemblers, PE viewers, and anti-viruses are among them. When you peer into their minds, these tools reveal their perilous implementations of PE file parsing. They assume PE files come as-is, but the Windows Loader actually applies many mutations (some at the command of the PE itself) before execution ever begins. This talk is about bending that loader to one's whim with the Relocations Table as a command spell. It will…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:30pm — No Comments

Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking

When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks.



The ESI language consists of a small set of instructions represented by XML tags,…

Continue

Added by Amit, CISO Platform on September 25, 2018 at 5:00pm — No Comments

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service