Spartan Pro V1 3 Exploit Scanner
In the early days of the public internet, we believed that we were helping build something totally new, a world that would leave behind the shackles of age, of race, of gender, of class, even of law. Twenty years on, "cyberspace" looks a lot less revolutionary than it once did. Hackers have become information security professionals. Racism and sexism have proven resiliant enough to thrive in the digital world. Big companies are getting even bigger, and the decisions corporationsnot just governmentsmake about security, privacy, and free speech affect hundreds of thousands, or millions, of people. The Four Horsemen of the Infocalypseterrorists, pedophiles, drug dealers, and money launderersare driving online policy as governments around the world are getting more deeply involved in the business of regulating the network. Meanwhile, the Next Billion Internet Users are going to connect from Asia and developing countries without a Bill of Rights. Centralization, Regulation, and Globalization are the key words, and over the next twenty years, we'll see these forces change digital networks and information security as we know it today. So where does that leave security, openness, innovation, and freedom?The Digital Millennium Copyright Act is being used to weld the hood of cars shut to keep engine software safe from mechanics. Will we still have the Freedom to Tinker even in the oldest of technologies? What does it mean that the U.S. is a big player in the zero-day market even as international agreements seek to regulate exploit code and surveillance tools? Will we see liability for insecure software and what does that mean for open source? With advances in artificial intelligence that will decide who gets run over, who gets a loan, who gets a job, how far off can legal liability regimes for robots, drones, and even algorythms be? Is the global Internet headed for history's dustbin, and what does a balkanized network mean for security, for civil rights?In this talk, Granick will look forward at the forces that are shaping and will determine the next 20 years in the lifecycle of the revolutionary communications technology that we've had such high hopes for.
spartan pro v1 3 exploit scanner
In the Summer of 2014, Microsoft silently introduced two new exploit mitigations into Internet Explorer with the goal of disrupting the threat landscape. These mitigations increase the complexity of successfully exploiting a use-after-free vulnerability. June's patch (MS14-035) introduced a separate heap, called Isolated Heap, which handles most of the DOM and supporting objects. July's patch (MS14-037) introduced a new strategy called MemoryProtection for freeing memory on the heap.This talk covers the evolution of the Isolated Heap and MemoryProtection mitigations, examines how they operate, and studies their weaknesses. It outlines techniques and steps an attacker must take to attack these mitigations to gain code execution on use-after-free vulnerabilities where possible. It describes how an attacker can use MemoryProtection as an oracle to determine the address at which a module will be loaded to bypass ASLR. Finally, additional recommended defenses are laid out to further harden Internet Explorer from these new attack vectors.
Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits.XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same initialization vector. Error disclosure has always provided valuable information, but thanks to XSLT, it is possible to partially read system files that could disclose service or system's passwords. Finally, XSLT can be used to compromise end-user confidentiality by abusing the same-origin policy concept present in web browsers.This presentation includes proof-of-concept attacks demonstrating XSLTs potential to affect production systems, along with recommendations for safe development.
In recent months, we focus on bug hunting to achieve root on android devices. Our kernel fuzzing, leaded by @wushi, generated a lot of crashes and among them, we found a kernel Use-After-Free bug which lies in all versions of Linux kernel and we successfully take advantage of it to root most android devices(version>=4.3) on the market nowadays, even for the 64-bit ones.We leverage this bug to root whatever android devices(version>=4.3) of whatever brands. And also we are the first one in the world, as far as we are aware, rooting the 64-bit android device by taking advantage of a kernel memory corruption bug. The related kernel exploitation method is unique.In this talk, we will explain the root cause of this UAF bug and also the methods used to exploit it. We will demonstrate how we can fill the kernel memory once occupied by the vulnerable freed kernel object with fully user-controlled data by spraying and finally achieved arbitrarily code execution in kernel mode to gain root. All our spraying methods and exploiting ways apply to the latest Android kernel, and we also bypass all the modern kernel mitigations on Android device like PXN and so on. Even introduced 64-bit address space fails to stop our rooting. And a very important thing is that the rooting is stable and reliable. Actually, we will present a common way to exploit android kernel Use-After-Free bug to gain root. We will also cover some new kernel security issue on the upcoming 64-bit android platform in the future.
The majority of deployed asymmetric cryptography implementations (RSA, DH, ECDH/ECDSA with GF(p) curves) need to perform calculations on integers that are larger than a single machine word. Just like every software package, implementations of multi-precision integer arithmetic sometimes have bugs. This talk investigates the implications of these bugs and shows how they can be used by attackers to exploit asymmetric cryptographic primitives. Isolating bug patterns and understanding exploitation requirements allows us to develop strategies for automated bug hunting.
Object Linking and Embedding (OLE) is a technology based on Component Object Model (COM) allowing an application to embed and link to other documents or objects, and its primarily used in Microsoft Office and WordPad. In the recent years, we have seen a number of vulnerabilities, especially some critical zero-day attacks, are involving OLE. The typical examples are the "Sandworm" attack (CVE-2014-4114) that was disclosed in October 2014, and the CVE-2012-0158 - a years-old vulnerability but is still being actively exploited in the real world.However, the previous work usually focus on the vulnerability or malware but the internals of OLE are never examined. This paper intends to fill this gap. The another important part of this research is to explore the attack surface it exposes on Windows, and to explain how an attacker may possibly leverage OLE vulnerability to perform document-based exploitation. These areas are never being looked at from a security point of view. In the 0-day demo section of our presentation, we will disclose and demonstrate a previously-unknown OLE attack vector introduced by the nature of the OLE mechanism, which could lead to a series of similar vulnerabilities being discovered in future.
For years fingerprint scanning has been supported in many Android devices. Fingerprint scanning on ARM always needs an implementation of TrustZone. While we enjoy unlocking devices and paying by fingerprint, we also figure out these new features bring out some new attack surfaces. Attacking the kernel of Android or the secure world of TrustZone may be not impossible.Theoretically, devices developed with TrustZone technology can support a full Trusted Execution Environment (TEE). TEE runs in a special CPU mode called secure mode, so memory for secure mode and security functions can be hidden to the normal world. In this way, Android vendors can provide many secure features such as fingerprint scanning, DRM, kernel protection, secure boot, and so on.Even though TrustZone is designed for solving security problems, there may be some security issues inside when a developer implements a TEE for Android. The Huawei Hisilicon Kirin 925 processor is the new chip being used on the Huawei Ascend Mate 7, and Hisilicon implemented its own TEE software. There are few documents about it. I found some vulnerabilities both in a normal Android world and the secure world while analyzing Hisilicon's TEE OS.In this talk, I'll show how to analyze the TEE architecture of Huawei Hisilicon and find some new vulnerabilities in such an undocumented black hole. Then, I'll talk about exploit development in TrustZone. I exploited two bugs, one for rooting Androids normal world and disabling the newest SE for Android, the other for running shellcode in secure world. With these exploits, we can get the fingerprint image or bypass some other security features.
It will not be a surprise to you that of all the elements within our organisations and systems, the people are most likely to expose us to risk. In short we are a mess of emotional unpredictablity that threaten us all (and security professionals are the worst of the bunch).Many very clever people have spent a long time teaching us this. This is not news.So if this is the case, why in 20 years of modern information security have we done so little to actively protect them?Technical vulnerability scanning is now mature and commoditised, allowing us to repeatably test and adapt our systems in the face of a changing threat landscape. The time has come to apply the same logic to our people, actively understand human connectivity and behaviours when faced with threat and understand the effect of this behaviour with our organisations.This talk will discuss why this is a difficult challenge and introduce AVA, the first automated human vulnerability scanner that allows us to map the connectivity of our people, test them with a range of security threats and measure their behaviour. A tool built to make human security risk (and the effectiveness of our countermeasures and training) measurable.Let's change the way we approach human security risk. Let's protect our people. 350c69d7ab