Dragos Ruiu
Dragos Ruiu
1 day ago
Sleep mode end run on EFI protections on all pre mid2014 MacBooks leaves EFI vulnerable to unremovable bios rootkits.
I wouldn't bet that EFI is untouchable from user land on later model MacBooks either, though not necessarily with this bug. Apple might someday learn more eyes on security is better than their silent march of obscurity and planned obsolescence.
Wish there was some nonEFI dependent way to verify EFI - the architecture is broken.


Firmware Bug in OSX Could Allow Installation of Low-Level Rootkits
goo.gl
Dragos Ruiu
3 weeks ago
Nice Windows Kernel Exploitation tutorial http://goo.gl/N3iaje

Windows Kernel Exploitation Humla Mumbai by Ashfaq Ansari
goo.gl
7
1
Gustav Hartvigsson Would be interesting to see someone have a look at ReactOS's kernel and subsystems for bugs like these.
It is an NT like OS, so...
Dragos Ruiu
4 weeks ago
Good enumeration of Windows persistence methods. http://goo.gl/kMnbho 

Many ways of malware persistence (that you were always afraid to ask)
goo.gl
8
2
Jackie Moon Haven´t touch that OS for so long. Now you brought all the bad memories back.
Thx a lot +Dragos Ruiu.
Dragos Ruiu
1 month ago
HD firmware hacking (part3): reversing the boot loader http://goo.gl/fmaFjc

Hard Disk Firmware Hacking (Part 3)
goo.gl
Dragos Ruiu
1 month ago
Fox-IT publishes open source tools to detect duplicate sequence numbers of QUANTUM INSERT style NSA attacks http://goo.gl/sGy2k2

Deep dive into QUANTUM INSERT
goo.gl
48
4
Greg A. Woods What do you want to bet that all they did to "fix" it was invent a deeper and more obscure back door?

OS X has been an excellent example of very bad security design from day one.  Of course it's really not any worse than most any other desktop system, including all Linux systems.
Dragos Ruiu
1 month ago
Windows Stack Necromancy http://goo.gl/lQaFxX

Spare Clock Cycles
goo.gl
Dragos Ruiu
2 months ago
Dave Sparks originally shared:
I had the honor of coaching +Alan Eustace in a McLaren MP4-12C at Thunderhill Raceway a couple of years ago. It's a day I'll remember for the rest of my life for several reasons. First and foremost, Alan is a wonderful person and I thoroughly enjoyed talking to him. Second, McLaren MP4-12C, need I say more? Third, this man strapped himself to a balloon and jumped from nearly 136,000 feet.

Here's a picture of the suit, which is now on its way to the Smithsonian. Good luck, Alan, in your next adventure. I don't know how you're going to top this, but if anyone can, it's you.
Dragos Ruiu
2 months ago
Oops, I think I broke TrustZone. (Display processing DMA)
2
Nick Alcock What, TrustZone doesn't stop you getting the GPU to randomly DMA wherever you'd like it to? Oh dear oh dear oh dear.
.
Dragos Ruiu
2 months ago
This was BIOS obliteration morning at CanSecWest. The border guard BIOS attack requires 50 seconds of physical access to the laptop (as pictured below) - one screw, one button press, wait for green light. Not Nation-State difficult stuff to develop as as all the naysayers claim: development time 4 weeks for two guys. Rafal and Corey then showed us vulnerabilities to do this remotely via software only (#venamis #speedracer) And then the Intel folks showed us another new class of bios vulns using pointers. The BIOS vulnerability beatings will continue until security and morale improves.
22
4
Paul Harrington Smoked - 
Dragos Ruiu
2 months ago

New BIOS Implant, Vulnerability Discovery Tool to Debut at CanSecWest
goo.gl
8
3
Brian Bartlett Sadly, I expected as much. Some possible exploits aren't talked about, or believed for that matter, until someone demonstrates it publicly, then everyone and sundry jumps all over it while sweating bullets. That's what comes from not thinking security even before you specify the model for the code design.
Dragos Ruiu
2 months ago
Yay! New Sysinternals suite update, lots of goodies! http://goo.gl/OFXgIV

Sysinternals Suite
goo.gl
4
1
Jackie Moon Most useful MS software.
More posts