[...] able to successfully hide all four executables from detection in 9 of the 12 products (in some cases, evasion was unnecessary for one or two of the files as the original, unencoded files were not even detected. The only products that provided at least partial protection were Avast, Bitdefender, and BullGuard.Evaded AV detection in 9 of 12 products of a meterpreter reverse tcp executable by just encoding instructions (only using add, sub, xor) and making use of nops and sequential inc/decs.
A quick glance at the table, will demonstrate that despite a few of the products detecting some of the executables, the best method of evading AV detection is by cloaking a backdoored executable (as I did with strings.exe). In fact, as you’ll see below, one of the products actually automatically whitelisted my backdoored executable without any action on my part!
After scanning 10,985 popular Google Play Android apps with more than 1 million downloads each, we found 1228 (11.2%) of them are vulnerable to a FREAK attack because they use a vulnerable OpenSSL library to connect to vulnerable HTTPS servers. These 1228 apps have been downloaded over 6.3 billion times. Of these 1228 Android apps, 664 use Android’s bundled OpenSSL library and 564 have their own compiled OpenSSL library. All these OpenSSL versions are vulnerable to FREAK.
On the iOS side, 771 out of 14,079 (5.5%) popular iOS apps connect to vulnerable HTTPS servers. These apps are vulnerable to FREAK attacks on iOS versions lower than 8.2. Seven these 771 apps have their own vulnerable versions of OpenSSL and they remain vulnerable on iOS 8.2.
“Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
Works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.Interesting approach in that by cutting power it prevents iOS from storing the attempt information. Long story short, always use a passphrase, not a PIN.
On March 25, 1961, a group of peasants in Izhevsk, a village near the Ural Mountains in the center of the Soviet Union, watched a man fall from the sky. He wore a bright-orange jumpsuit attached to a blooming parachute. His arms shook. His legs flailed. When he succumbed, finally, to gravity, he crumpled onto the snow-covered ground. He made no noise. The Izhevsk villagers, Deborah Cadbury writes in her book Space Race, were baffled by the sight of this fallen flier and "his lumpy body." They ran to him, opened his helmet's visor -- and were even more bewildered by the new sight that greeted them.
Update on the OPM hack, 14 million people affected by the breach - details from nearly everyone who works for the US government are in the hands of the Chinese government now. Worse is the absolute lack of security controls in their core systems:
- Of the 47 major IT systems at OPM, 22 of them are currently run by contractors.
- While OPM instituted security monitoring of some systems, those tools covered only 80 percent of OPM's systems and did not include contractor-operated systems.
- Seven major systems out of 25 had inadequate documentation of security testing, three out of the 22 contractor-operated systems had not been tested in the last year; the remainder had only been tested once a year.
- None of the agency's 47 major applications required two-factor authentication.
Flash Boys, the author’s best-selling exposé of high-speed trading, made some of Wall Street’s richest people very angry. Dissecting the reaction, he argues that the furor has obscured his book’s real news.
This repository is an attempt to answer the age old interview question "What happens when you type google.com into your browser's address box and press enter?"
On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC.Reminder to go through all trusted Root CAs in Keychain Access / Certificate Manager tools and delete/untrust all "shady" roots (CNNIC, Turktrust, etc.)
CNNIC is included in all major root stores and so the misissued certificates would be trusted by almost all browsers and operating systems. Chrome on Windows, OS X, and Linux, ChromeOS, and Firefox 33 and greater would have rejected these certificates because of public-key pinning, although misissued certificates for other sites likely exist.
ORDOS, A MAGICAL LAND in the just north of China, is a dazzling pearl in the world history and culture. That’s what it says — verbatim, in ungrammatical English — on a plaque that greets you as you enter a rotunda in the Ordos Museum. The city of Ordos sits in a coal-rich wilderness of desert and grassland at the southwestern edge of the Chinese province of Inner Mongolia. It is not even 15 years old and has a minuscule population compared to most Chinese cities. But those facts have not constrained Ordos’s municipal rhetoric. In the museum’s exhibition devoted to Genghis Khan you are told that when the great warrior traveled through in the early 13th century, he praised Ordos as a paradise, an ideal home for both children and old people, with a natural landscape of unrivaled beauty. Signs welcome visitors to “the famous tourist city,” “the most excellent tourist city” and “the top tourist city in China.” The word Ordos itself is a kind of boast: In Mongolian, it means “many palaces.”
In short, this is how this Man-on-the-Side attack is carried out:Interesting approach, DDoS by using their capability to MitM any connection and adding a JS causing any user going to Baidu to hit GitHub. The mitigation by GitHub was clever, returning an alert tag when connecting to the target URLs, effectively blocking the user's browser.
- An innocent user is browsing the internet from outside China.
- One website the user visits loads a javascript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).
- The web browser's request for the Baidu javascript is detected by the Chinese passive infrastructure as it enters China.
- A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user's browser to continuously reload two specific pages on GitHub.com.
If a new theory turns out to be true, the universe may not have started with a bang. In the new formulation, the universe was never a singularity, or an infinitely small and infinitely dense point of matter. In fact, the universe may have no beginning at all.
Elon Musk argues that we must put a million people on Mars if we are to ensure that humanity has a future
DNS rebinding attacks are known since a long time as useful tools in the hands of attackers for subverting the browser Same-origin policy. The attack abuses DNS, changing the IP address of a website after serving the page contents, usually with some ad-hoc Javascript payload, tricking the browser into waiting some time for the DNS cache to invalidate and perform other requests, still believing it is connecting to the same host, while in reality it is now communicating with a new IP chosen by the attacker. As a result, the attacker can access internal services, exfiltrate information and do other nasty stuff.Good explanation and proof of concept on how some devices connected to your WiFi might help an attacker in extracting your WiFi password.