Archives

This talk covers how we can exploit applications on macOS (including macOS itself), where some of the directory / file permissions are incorrectly set. The incorrectness of these settings is not trivial at first sight because understanding these permissions are not intuitive. We will see bugs from simple arbitrary overwrites, to file disclosures and privilege […]

In larger enterprise environments multiple Active Directory forests are often in use to separate different environments or parts of the business. To enable integration between the different environments, forest trusts are set up. The goal of this trust is to allow users from the other forest to authenticate while maintaining the security boundary that an […]

In 2019, I have reported some XMLDecoder RCE bugs of Weblogic Server to Oracle and the details of these bugs will be disclosed for the first time. These bugs are very funny, during find the bugs , I analyzed the Critical Patch Updates of Weblogic Server and bypassed the patch twice, assigned CVE number CVE-2019-2725/CVE-2019-2729. […]

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of our lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure, which led to the development of an IoT-specific cybercrime underground. Unfortunately, the software on these systems […]

Networked ATMs have been in continuous operation since the 1980s, and with that comes an industry built around legacy software, hardware, and network protocols. These are the original “IoT” devices, and it shows – picking apart many ATMs will reveal the dirty secret of a dial-up modem hiding behind steel walls. Despite this, the high […]

It’s hard to see vulnerabilities caused by malformed strings nowadays not to mention those with exploitable vulnerabilities. It’s not surprising because all the unsafe functions are banned by SDL in modern software development, but if the developers did not use the security enhanced functions correctly, it may lead to critical security vulnerabilities. In the case […]

Industrial Control Systems / Supervisory Control and Data Acquisition (ICS/SCADA) are widely used in critical infrastructure (CI) sectors such as power, water, and manufacturing all over the world. If a malicious attacker impacts, takes control of, or compromises a CI system, millions could face a dangerous and chaotic situation such as no power, water, or […]

In 2018 McAfee ATR began to re-focus on identifying and tracking the operations attributed to Hidden Cobra / Lazarus group to better understand and reveal activity never seen before. In this talk we will present research conducted by McAfee Advanced Threat Research into the threat actor known as Hidden Cobra and the various operations targeting […]

Targeting better x86 platform security, Intel have created a hardware-based firmware protection mechanisms: TXT, BIOS Guard, Boot Guard and SGX. Since there’s nothing to trust at the runtime, these protections rely on a hardware boundaries set up in a manufacturing environment. This introduces only two Roots of Trusts – Intel Management Engine ROM and Intel […]

Digital forensics investigations typically ingest many sources of information, even if all sources come from one computer or even a single hard drive. This is particularly true with security incident response investigations, where the goal is to look into suspicious or anomalous events, determine their cause and assess their consequences. Such investigations typically rely on […]