Actus Sécurité Confirmé 2011 S38

=> Morto Post Mortem: Dissecting a Worm . 07/09/2011. «Morto has been in the headlines, for good reason. This worm is unique as it exploits Microsoft’s remote desktop protocol (RDP). It doesn’t exploit any specific vulnerability, it simply relies on people installing the worm and then it uses a brute force password attack to gain access to systems. It is the first time we’ve seen something like this. The malware itself is sophisticated even if the method of proliferation isn’t (…).»
Source : blog.imperva.com/2011/09/morto-post-mortem-a-worm-deep-dive.html
Billets en relation :
12/09/2011. Reverse engineering specialist dissects the Morto worm : www.infosecurity-magazine.com/view/20686/reverse-engineering-specialist-dissects-the-morto-worm/

=> MYBIOS. Is it possible to infect the BIOS?. 15/09/2011. «The possibility of contamination BIOS there is quite a long time. One of the best, in my opinion, the articles on this topic is available in the magazine Phrack , and to share pinczakko are a lot of useful information. At the moment, can be traced a clear trend that I would be labeled as a « return to basics. » Infection MBR, interceptions pointers in various system tables of the operating system, infecting the system components – all this has been, and very long (…).»
Source : translate.google.com/translate?sl=ru&tl=en&u=http%3A%2F%2Fwww.securelist.com%2Fru%2Fanalysis%2F208050716%2FMYBIOS_Vozmozhno_li_zarazit_BIOS
Billets en relation :
08/09/2011. Mebromi, a bios-flashing trojan : blogs.norman.com/2011/malware-detection-team/mebromi-a-bios-flashing-trojan
12/09/2011. Le Trojan.Bioskit.1 infecte le BIOS : news.drweb.fr/show/?i=482&c=5
13/09/2011. Mebromi: the first BIOS rootkit in the wild : blog.webroot.com/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/
19/09/2011. Mebromi BIOS rootkit affecting Award BIOS (aka « BMW » virus) : contagiodump.blogspot.com/2011/09/mebromi-bios-rootkit-affecting-award.html

=> Playing with MOF files on Windows, for fun & profit . 18/09/2011. «In this article, we will focus on a high-level Windows feature that is not so well-known, and that can be interesting from an attacker’s point of view. I will share my investigation of MOF files from its use in Stuxnet – in the exploitation of a vulnerability in the Windows Printer Spooler – to some basic practical examples of what we can do with MOF files. (…).»
Source : poppopret.blogspot.com/2011/09/playing-with-mof-files-on-windows-for.html
Billets en relation :
18/09/2011. Source : twitter.com/#!/BorjaMerino/statuses/115523782898233345

=> SQL Injection: By The Numbers . 20/09/2011. «Imperva’s Hacker Intelligence Initiative has put out a 4th report. This time, our focus is SQL injection (…).»
Source : blog.imperva.com/2011/09/sql-injection-by-the-numbers.html
Billets en relation :
20/09/2011. [pdf] Hacker Intelligence Summary Report – An Anatomy of a SQL Injection Attack : www.imperva.com/docs/HII_An_Anatomy_of_a_SQL_Injection_Attack_SQLi.pdf

=> Tracking Cyber Crime: AV-AFF.BIZ (Total Protect FakeAV) . 21/09/2011. «New fresh AV affiliate, they spread Total Protect. I was approached the 12 Sept on a underground forum. (…).»
Source : xylibox.blogspot.com/2011/09/tracking-cyber-crime-av-affbiz-total.html

=> Fixes in the Works For SSL Attack, But Support Lacking for Newer Versions of Protocol. 22/09/2011. «With the release of the BEAST SSL attack research due tomorrow, researchers are beginning to take note of potential fixes and mitigations for the attack. One of the possibilities is moving to newer versions of TLS that are not vulnerable to the attack, but the problem is that there is precious little adoption of those newer versions. (…).»
Source : threatpost.com/en_us/blogs/fixes-works-ssl-attack-support-lacking-newer-versions-protocol-092211
Billets en relation :
19/09/2011. New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies : threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611
20/09/2011. Des chercheurs auraient réussi à casser le protocole SSL : pro.01net.com/editorial/541264/des-chercheurs-auraient-reussi-a-casser-le-protocole-ssl/
21/09/2011. Pauvre SSL ! : cidris-news.blogspot.com/2011/09/pauvre-ssl.html
23/09/2011. BEAST et TLS, la fin du monde ? : www.bortzmeyer.org/beast-tls.html
23/09/2011. Tiens, SSL est (encore) cassé… : www.securityvibes.fr/menaces-alertes/ssl-faille-beast/
23/09/2011. [pdf] A challenging but feasible blockwise-adaptive chosen-plaintext attack on SSL : eprint.iacr.org/2006/136.pdf
23/09/2011. Chrome and the BEAST : www.imperialviolet.org/2011/09/23/chromeandbeast.html
23/09/2011. Tor and the BEAST SSL attack : blog.torproject.org/blog/tor-and-beast-ssl-attack
23/09/2011. [pdf] Vulnerability of SSL to Chosen-Plaintext Attack : eprint.iacr.org/2004/111.pdf
24/09/2011. The SSL Sky is Falling? : www.securelist.com/en/blog/208193135/The_SSL_Sky_is_Falling

=> Malware using the Local Group Policy to Gain Persistence. 23/09/2011. «Malware is constantly finding obscure ways to hide hooks within the OS so that it can remain active after a reboot. One approach that we encountered recently involved using the Local Group Policy. Group Policy is a set of rules and settings that can be used to manage the Operating System and environment. (…).»
Source : www.hbgary.com/malware-using-local-group-policy

 

Etudes, slides, rapports, etc.

image Hacker Intelligence Summary Report – An Anatomy of a SQL Injection Attack
image iOS Kernel Exploitation – Stefan Esser BlackHatUSA2011
image A challenging but feasible blockwise-adaptive chosen-plaintext attack on SSL
image Vulnerability of SSL to Chosen-Plaintext Attack
image A Criminal Perspective on Exploit Packs, Team Cymru
image QR Code Security
image Automatic Extraction of Secrets from Malware
image An Analysis of Underground Forums
image Dissecting Andro Malware
image Hackerspaces – The Beginning (the book)

 

Vous pourriez aussi aimer...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.