-
Posts
543 -
Joined
-
Last visited
-
Days Won
25
Everything posted by u0m3
-
L.E.: oarecum tangential...
-
Oona Räisänen never disappoints...
-
Escalating Privileges in Linux using Voltage Fault Injection
u0m3 posted a topic in Stiri securitate
Abstract: Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper’s contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability.We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM Cortex-A9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS. Link: https://www.riscure.com/publication/escalating-privileges-linux-using-fault-injection/-
- 2
-
- fault injection
- arm
-
(and 1 more)
Tagged with:
-
Si nu numai Word... Iar pentru cine e interesat de aceasta "functionalitate", aici este un articol care discuta DDEAUTO: https://www.endgame.com/blog/technical-blog/bug-feature-debate-back-yet-again-ddeauto-root-cause-analysis Update Metode de mitigare https://www.peerlyst.com/posts/no-macros-no-problem-how-microsoft-office-dde-attacks-work-and-how-to-block-them-barkly https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b Si inca un vector:
- 1 reply
-
- 3
-
Synopsis: Cameradar hacks its way into RTSP CCTV cameras. An RTSP stream access tool that comes with its library. Link: https://github.com/EtixLabs/cameradar
-
- 3
-
Synopsis: Noriben is a Python-based script that works in conjunction with SysInternals Procmon to automatically collect, analyze, and report on run-time indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Link: https://github.com/Rurik/noriben
-
Synopsis: In past blog posts, we shared our approach to hunting for traditional in-memory attacks along with in-depth analysis of many injection techniques. As a follow up to my DerbyCon presentation, this post will investigate an emerging trend of adversaries using .NET-based in-memory techniques to evade detection. I’ll discuss both eventing (real-time) and on-demand based detection strategies of these .NET techniques. At Endgame, we understand that these differing approaches to detection and prevention are complimentary, and together result in the most robust defense against in-memory attacks. Link: https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks
-
- 1
-
Synopsis: UEFITool is a cross-platform C++/Qt program for parsing, extracting and modifying UEFI firmware images. It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool's structure mode with some additional features, but the program's engine was proven to be usefull for another projects like UEFIPatch, UBU and OZMTool. Link: https://github.com/LongSoft/UEFITool
-
Synopsis: PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. Link: https://github.com/ufrisk/pcileech/
-
Synopsis: A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns by leveraging Sysmon and Windows Events logs. This project will provide specific chains of events exclusively at the host level so that you can take them and develop logic to deploy queries or alerts in your preferred tool or format such as Splunk, ELK, Sigma, GrayLog etc. This repo will follow the structure of the MITRE ATT&CK framework which categorizes post-compromise adversary behavior in tactical groups. In addition, it will provide information about hunting tools/platforms developed by the infosec community for testing and enterprise-wide hunting. Link: https://github.com/Cyb3rWard0g/ThreatHunter-Playbook
-
- 1
-
Synopsis: From the attacker’s perspective, the more logical way to do things nowadays is to simply move to the next level down into the software stack — after boot code, that is the way to the BIOS. Intel Boot Guard is an excellent example of a complex technology where exist a lot of places where making a small mistake allows an attacker to bypass full technology. Link: https://medium.com/@matrosov/bypass-intel-boot-guard-cc05edfca3a9
-
- 2
-
Disassembler and Runtime Analysis (or how IDA Pro has some difficulties when displaying correctly the assembly of the patched run-time whilst using a Graph view) Link: http://blog.talosintelligence.com/2017/10/disassembler-and-runtime-analysis.html
-
At a first glance at your code, you have some logic issues: the code you removed because it does not behave like you expected attempt to create a new instance of Form1 which is essentially itself (including all the socket stuff) the above mentioned code is supposed to be run on an <ENTER> key press, and display the received message in a new window, but that's not how events work: you need to define an event for when you receive the message and then check if you have a window for that client/person/nick/etc and if you don't, pop up a new one you use Yahoo Messenger as an example, but Yahoo Messenger was using a client (the aforementioned Yahoo Messenger) and a server (the Yahoo servers); your applications seems to be IP to IP UDP so you have to adjust accordingly Also in my opinion, it's a bad idea to have the network stuff in the GUI thread. My first suggestion would be to first define a communication protocol: a way to serialize data so you have an easy way to determine what goes where. This also covers message receiving signaling since you are using UDP. Now depending on what you want to achieve, you could go several ways as far as implementation goes: If you want to keep it as a p2p application, the simplest solution is to open a new application instance for each ip-port tuple (meaning for each client designated by an IP:Port combination you will launch an instance of the application) If you would like to allow for things such as a discussion channel or conference channel or what ever you want to call it: a way for your message to be received by more than one person without sending it to everyone, you could use IP Broadcast or IP Multicast. And for private messages you could either tell the application to disregard the messages if it's not meant for them or have the protocol open a private connection using the individual IP addresses. If you want to replicate the Yahoo Messenger "architecture" you would make two applications: one would be a server and one would be a client If I will have time I will try to make you a small demo.
-
[ebook] Malware Diffusion Models for Modern Complex Networks
u0m3 replied to QuoVadis's topic in Tutoriale in engleza
Sorry it's an info-sec/hacking forum... you'll need to figure it out for yourself... I'll give you a hint: it's about the text not the actual link (as in the contents of the a tag not the contents of a href attribute) -
GET data from API to variable and match with value and then POST it.
u0m3 replied to venkatklr's topic in Programare
Could you give some examples of what your code is, what you are trying to parse so on and so forth? Not all of us know what the API looks like... And I for one did not pass the psychic exam... -
Ida Pro 7.0 + All Decompilers Full Leak-Pass Links: http://1024rd.com/ida-pro-7-0-all-decompilers-full-leak-pass (via: https://twitter.com/riusksk/status/913254688488792065) https://forum.reverse4you.org/showthread.php?t=2627 (via: https://twitter.com/malwareunicorn/status/913441973511454720) As always, use with caution, it has not been checked.
- 1 reply
-
- 6
-
Interesant ca si concept, dar mi se pare cam inutil... Poti face asta si cu un webcam (hai, 2 ca sa nu fie pacalite de o poza, desi exista metode de a rezolva si problema asta). Ce uita sa mentioneze este faptul ca radiatia se aduna in corp... Doar ca emite o putere mica nu e chiar un plus. Nu le da idei...
-
[Beginner] - Introduction to Machine Learning - Andrew Ng
u0m3 replied to rsn's topic in Tutoriale video
Pentru cei interesati, tot Andrew Ng preda si o serie de cursuri mai avansate despre Deep Learning. https://www.coursera.org/specializations/deep-learning -
https://create.arduino.cc/projecthub/RobSmithDev/arduino-amiga-floppy-disk-reader-writer-v2-239c97
-
- 1
-
Interesant... Trebuie incercat comparativ cu cel din sdk.
-
Ma refeream la partea cu inchisul FL. Cat despre acest nou tracker, mult succes. In opinia mea concurenta mana progresul.
-
Sounds ominous... Know something we don't?