|
|
|
BSides Winnipeg 2015 - Fun With WOW64 Abusing Long Mode Transitions in Exploit Payloads |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
BSides Winnipeg 2015 - Fun With WOW64 Abusing Long Mode Transitions in Exploit Payloads Par SecurityTube.NetLe [2016-02-01] à 12:04:55
Présentation : If you want to authenticate that a PC's firmware and boot loader are unaltered, hardware based solutions such as trusted platform module TPM , Intel boot guard, Intel Platform Trust Technology PTT and AMD equivalents probably come to mind. Such contemporary hardware features may not be affordable, available, or trusted. An approach that works on older computers acts as a hedge, available if hardware makers become malicious and as additional competitive discouragement for them to do so and undermine general-purpose computing as we know it. We assess the feasibility for the following soft approach 1 A special boot verifier is loaded from secondary storage by firmware 2 Over a local connection, a trusted second computer sends random parameters for a difficult hashing problem to the boot verifier, this problem requires the contents of firmware and boot relevant parts of secondary storage as inputs and demands the entirety of RAM be utilized 3 Solutions at particular checkpoints to the hashing problem are transmitted to the second trusted computer 4 The secondary computer verifies not just the correctness of all solutions, but their timing of transmission against an established benchmark for the machine tested. For older x86 hardware without virtualization extensions where hardware access for transmission can introduce a significant performance penalty , the idea is that any attempts at virtualization or hiding a malicious payload with the help of paging will show a detectable performance hit on timing. The threat model is an attacker who can only alter the firmware, boot loader, and boot verifier code loaded from secondary storage. The attacker is assumed to not be able to make hardware modifications undetectable to inspection, including overclocking and installation of transmitters to offload the hashing problem. This is for local non-remote attestation only. We have written a prototype for a non-SMP x86 computer and tested problem parameters that produce timing detectable results under a hypervisor virtualizer and assess if these parameters are feasible for practical use. For More Information Please Visit - http bsideswpg.ca
Les mots clés de la revue de presse pour cet article : exploit
Les videos sur SecuObs pour les mots clés : exploit
Les mots clés pour les articles publiés sur SecuObs : exploit
Les éléments de la revue Twitter pour les mots clé : exploit
Les derniers articles du site "SecurityTube.Net" :
- TROOPERSCON - Crypto code the 9 circles of testing
- TROOPERSCON - Towards a LangSec Aware SDLC
- TROOPERSCON - Deep dive into SAP archive file formats
- TROOPERSCON - Thanks SAP for the vulnerabilities. Exploiting the unexploitable
- TROOPERSCON - An easy way into your multi-million dollar SAP systems An unknown default SAP account
- TROOPERSCON - One Tool To Rule Them All
- TROOPERSCON - Mind The Gap - Exploit Free Whitelisting Evasion Tactics
- TROOPERSCON - The Chimaera Processor
- TROOPERSCON - Lets Play Hide and Seek in the Cloud
- TROOPERSCON - Planes, Trains and Automobiles The Internet of Deadly Things
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
