Actus Sécurité Confirmé 2011 S38

=> Morto Post Mortem: Dissecting a Worm . 07/09/2011. «Morto has been in the headlines, for good reason. This worm is unique as it exploits Microsoft’s remote desktop protocol (RDP). It doesn’t exploit any specific vulnerability, it simply relies on people installing the worm and then it uses a brute force password attack to gain access to systems. It is the first time we’ve seen something like this. The malware itself is sophisticated even if the method of proliferation isn’t (…).»
Source :
Billets en relation :
12/09/2011. Reverse engineering specialist dissects the Morto worm :

=> MYBIOS. Is it possible to infect the BIOS?. 15/09/2011. «The possibility of contamination BIOS there is quite a long time. One of the best, in my opinion, the articles on this topic is available in the magazine Phrack , and to share pinczakko are a lot of useful information. At the moment, can be traced a clear trend that I would be labeled as a « return to basics. » Infection MBR, interceptions pointers in various system tables of the operating system, infecting the system components – all this has been, and very long (…).»
Source :
Billets en relation :
08/09/2011. Mebromi, a bios-flashing trojan :
12/09/2011. Le Trojan.Bioskit.1 infecte le BIOS :
13/09/2011. Mebromi: the first BIOS rootkit in the wild :
19/09/2011. Mebromi BIOS rootkit affecting Award BIOS (aka « BMW » virus) :

=> Playing with MOF files on Windows, for fun & profit . 18/09/2011. «In this article, we will focus on a high-level Windows feature that is not so well-known, and that can be interesting from an attacker’s point of view. I will share my investigation of MOF files from its use in Stuxnet – in the exploitation of a vulnerability in the Windows Printer Spooler – to some basic practical examples of what we can do with MOF files. (…).»
Source :
Billets en relation :
18/09/2011. Source :!/BorjaMerino/statuses/115523782898233345

=> SQL Injection: By The Numbers . 20/09/2011. «Imperva’s Hacker Intelligence Initiative has put out a 4th report. This time, our focus is SQL injection (…).»
Source :
Billets en relation :
20/09/2011. [pdf] Hacker Intelligence Summary Report – An Anatomy of a SQL Injection Attack :

=> Tracking Cyber Crime: AV-AFF.BIZ (Total Protect FakeAV) . 21/09/2011. «New fresh AV affiliate, they spread Total Protect. I was approached the 12 Sept on a underground forum. (…).»
Source :

=> Fixes in the Works For SSL Attack, But Support Lacking for Newer Versions of Protocol. 22/09/2011. «With the release of the BEAST SSL attack research due tomorrow, researchers are beginning to take note of potential fixes and mitigations for the attack. One of the possibilities is moving to newer versions of TLS that are not vulnerable to the attack, but the problem is that there is precious little adoption of those newer versions. (…).»
Source :
Billets en relation :
19/09/2011. New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies :
20/09/2011. Des chercheurs auraient réussi à casser le protocole SSL :
21/09/2011. Pauvre SSL ! :
23/09/2011. BEAST et TLS, la fin du monde ? :
23/09/2011. Tiens, SSL est (encore) cassé… :
23/09/2011. [pdf] A challenging but feasible blockwise-adaptive chosen-plaintext attack on SSL :
23/09/2011. Chrome and the BEAST :
23/09/2011. Tor and the BEAST SSL attack :
23/09/2011. [pdf] Vulnerability of SSL to Chosen-Plaintext Attack :
24/09/2011. The SSL Sky is Falling? :

=> Malware using the Local Group Policy to Gain Persistence. 23/09/2011. «Malware is constantly finding obscure ways to hide hooks within the OS so that it can remain active after a reboot. One approach that we encountered recently involved using the Local Group Policy. Group Policy is a set of rules and settings that can be used to manage the Operating System and environment. (…).»
Source :


Etudes, slides, rapports, etc.

image Hacker Intelligence Summary Report – An Anatomy of a SQL Injection Attack
image iOS Kernel Exploitation – Stefan Esser BlackHatUSA2011
image A challenging but feasible blockwise-adaptive chosen-plaintext attack on SSL
image Vulnerability of SSL to Chosen-Plaintext Attack
image A Criminal Perspective on Exploit Packs, Team Cymru
image QR Code Security
image Automatic Extraction of Secrets from Malware
image An Analysis of Underground Forums
image Dissecting Andro Malware
image Hackerspaces – The Beginning (the book)