Profile

Cover photo
Benoit Flippen
436 followers|381,418 views
AboutPostsPhotos

Stream

Benoit Flippen

Shared publicly  - 
 
So now that the cat's out of the bag with the McAfee SiteList.xml vulnerability, and there are publicly available tools to exploit it, the FusionX team wrote up the full reverse-engineering methodology we used in the past to exploit the vulnerability and write out our own internal tools.

You might find the process interesting/instructive for your own research and exploit development practice.
Recently Toufik Airane published a write up on Github about an issue with McAfee Virus Scan Enterprise. The vulnerability deals with the SiteList.XML file used by McAfee Virus Scan Enterprise to store credentials for various update mechanisms. Depending upon how the update mechanisms are ...
3
Add a comment...

Benoit Flippen

Shared publicly  - 
 
We've been using this capability internally against our clients for a while. It's been a known vulnerability for a long time, but without a lot of visibility. Now the fine gentleman at the Fun Over IP blog has released an easy-button for the masses.

Hopefully such an easy-to-use tool available to the broader community of offensive security folks will start pushing McAfee to actually fix this instead of recommending workarounds to their clients.
Recently, a very good friend of mine (@Sn0rkY) pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder (link). Simply clever. ...
2
1
Ryan Ostendorf's profile photo
Add a comment...

Benoit Flippen

Shared publicly  - 
 
I have only had a few genevers, of which, curiously, one out of San Francisco is the best (far better than the much more expensive, but readily available Bols). It was REALLY good. Genevieve, perhaps?

Interestingly, I find American (or New World) style gins actually fall in between a nice, juniper packed London dry and a genever. Though whereas I like both of those things a lot, I tend not to like New World gins.
 
Having originated in the Netherlands and Belgium, genever spread in popularity after members of the Royal Navy garnered a taste for “Dutch courage” when England fought alongside the Netherlands in the Thirty Years’ War. Whereas gin earned a reputation for being of poor quality, genever—the original recipes for which recall the complexity of whiskey more so than they do modern-day gin—held its standing as a more carefully produced, better-tasting product for nearly two centuries. In all likelihood, the “gins” that barman Jerry Thomas calls for in his 19th-century bartenders guides were, in fact, genever, as the era’s importers were bringing in considerably more of it than they were English gin.

Then, in the 1880s, vermouth gained popularity as a valuable tool in the American bartender’s arsenal, paving the way for lighter, brighter cocktails—ideal for gin, and less so for genever. A decade later, the introduction and subsequent boom of the dry Martini further established gin as the country’s preferred juniper spirit. And, though scientific advances in distillation saw a lighter style of genever (known as jonge) emerge, it, along with the darker, maltier style (oude), never regained traction in the market.

The eruption of World War I didn’t help matters. Both Belgium and the Netherlands—countries in which genever had long been considered the national spirit—would fall under German occupation, and, with the subsequent shortage of malt, the jonge style would become the standard out of necessity. Following the war, in 1919—the same year that the United States instituted Prohibition—Belgium enacted a ban on hard liquor, further sealing the spirit’s 20th-century fate.
As is the case with many once-popular cocktail ingredients, the early 20th century wasn't kind to genever, gin’s thicker and malty predecessor. But t
1 comment on original post
1
Add a comment...

Benoit Flippen

Shared publicly  - 
 
To be fair, Einstein was never really intended to be a "firewall." However, even given its original design goals, feature creep, and anything else you can give it the benefit of the doubt on, it's performing... rather poorly.

Despite having spent $1.2bn in 2014 and $5.7bn in total, however, the system still only monitors certain types of network packets – and that does not include web traffic or cloud services.

It doesn't include anomaly based and stateful purpose detection methods – which are commonplace in most halfway decent intrusion detection systems – so the system can only recognize threats that have already been identified and added to the database.
...
How bad is it in reality? The GAO tested the system by trying to exploit 489 known vulnerabilities in Adobe Acrobat, Flash, Internet Explorer, Java and Microsoft Office. Of them, just 29, or six per cent, were picked up by the scanners and stopped – allowing the rest to reach potentially vulnerable devices.
Einstein not so smart, wide open to old-days as well as zero-days
3
Add a comment...

Benoit Flippen

Shared publicly  - 
 
Enjoying my first pipe in YEARS. Broke out my little Peterson, with Mac Baren Navy Flake.
3
Add a comment...

Benoit Flippen

Shared publicly  - 
 
At Shmoocon. Hit me up if you're here (or anywhere near the Washington Hilton today)!
3
Add a comment...

Benoit Flippen

Shared publicly  - 
 
The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure. The report went on to say that the outage was the result of malware that disconnected electrical substations.
...
"It's a milestone because we've definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout," John Hultquist, head of iSIGHT's cyber espionage intelligence practice, told Ars. "It's the major scenario we've all been concerned about for so long."
...
According to ESET, the Ukrainian power authorities were infected using booby-trapped macro functions embedded in Microsoft Office documents. If true, it's distressing that industrial control systems used to supply power to millions of people could be infected using such a simple social-engineering ploy. It's also concerning that malware is now being used to create power failures that can have life-and-death consequences for large numbers of people.
Highly destructive malware creates "destructive events" at 3 Ukrainian substations.
3
3
Joe Klein's profile photoRyan Ostendorf's profile photoAnthony Fink's profile photoKen Furlong's profile photo
3 comments
Add a comment...
In his circles
324 people
Have him in circles
436 people
Fred M's profile photo
Maryjo Mcgraw's profile photo
Neal Keating's profile photo
Lindsey “Fi” Clements's profile photo
Wendi Folk's profile photo
Chuck Shunk's profile photo
Yasmina Preda's profile photo
Brian Hudgens's profile photo
David Nixon's profile photo

Benoit Flippen

Shared publicly  - 
8
1
Silvija Kovačić's profile photoDavid Lighterness's profile photo
 
I didn't lol so much for a long time :) thank you
Add a comment...

Benoit Flippen

Shared publicly  - 
 
 
Next time someone calls you for sales purposes, simply tap "add call.“ Dial 214-666-4321. Merge the calls. Then the Jolly Roger Telephone Co., a voice recording that will frustrate and confuse that telemarketer, will take over.
Robots, algorithms and machines sometimes seem designed to destroy us. They take our jobs, manipulate our Facebook News Feeds and rain death on foreign nations from across the world. But some robots can be heroes, saving us from the dreary agents of capitalism. The Jolly Roger is such a bot, designed
View original post
3
Paul Richmond's profile photo
 
This is the greatest 
Add a comment...

Benoit Flippen

Shared publicly  - 
 
Our team just released a public privilege escalation exploit/PoC based on ZDI's release last year. There was no PoC in the original release, but we were able to follow the clues and figure it out.

The post contains a write-up of how the bug works, in depth, as well as how we followed the steps to weaponize it.
CVE-2015-5090 is an Adobe Reader/Acrobat Pro bug discovered and reported on by ZDI a handful of months ago. They used this bug during their fantastic Abusing Adobe Reader's JavaScript APIs talk at Defcon 23 to demonstrate one of many sandbox escapes discovered in Adobe Reader's Javascript API.
6
1
Dan Borges's profile photo
Add a comment...

Benoit Flippen

Shared publicly  - 
 
 
Jiggering didn’t come into vogue until the early and mid-aughts when bartenders like Sasha Petraske of Milk & Honey and Audrey Saunders of Pegu Club (whom DeGroff trained to free pour) began digging up obscure 19th-century recipes that required a measuring tool to standardize odd, old-fashioned ratios as compared to highballs and standard cocktail specs. Soon, jiggering became the stylistic standard at cocktail bars, the flashing silver implement viewed as an emblem of precision. And the best jiggering bartenders—Sam Ross and Michael McIlroy of Attaboy, Kenta Goto of Bar Goto, Erik Lorincz of the Savoy in London—are a satisfying whir of streamlined accuracy. Even to the layman, the jigger is a badge of legitimacy and expertise. After all, it’s the equipment by which we attempt to recreate the theatrics of cocktail lounges within our own homes.

But many bartenders still swear by the free pour, despite the obvious concerns (waste, inaccuracy, etc.). Of course, some drinks unequivocally call for a jigger—like, say, a strangely portioned, seven-ingredient tiki cocktail. But others, like highballs and standard-ratio drinks can be made more efficiently, the argument goes, via the free pour. Why not free up a hand, and learn to pour accurately the first time around? Further, many advocates of free pouring will tell you that if a bartender lacks the skill to free pour, he or she has omitted an integral piece of knowledge from the craft. As bartender and educator Tobin Ellis puts it, “Free pouring is the knife skills of bartending.”
Beneath every drink measured, in nearly every bar that serves craft cocktails across America, a debate simmers. It's not an argument of which many drinkers
View original post
1
Add a comment...

Benoit Flippen

Shared publicly  - 
2
Add a comment...
People
In his circles
324 people
Have him in circles
436 people
Fred M's profile photo
Maryjo Mcgraw's profile photo
Neal Keating's profile photo
Lindsey “Fi” Clements's profile photo
Wendi Folk's profile photo
Chuck Shunk's profile photo
Yasmina Preda's profile photo
Brian Hudgens's profile photo
David Nixon's profile photo
Basic Information
Gender
Male
Collections Benoit is following