Dragos Ruiu
Dragos Ruiu
5 days ago
Happy Canada Day. (Or what's left of it and our rights after our current governing party get done with it.)
In other news the newest 801.11n WiFi standard has some seriously broken bits in the standard. They introduced a new packet coalescing and aggregation protocol that leaves the chipsets vulnerable to Packet-in-Packet injection. I.e. You can abuse the protocol to include spoofed low level MAC packets in HTTP frames from any web server and other similar fun. An attacker can leverage this technique to deauthenticate clients, inject malicious beacon frames, perform host and port scans, bypass firewall rules, and conduct Address Resolution Protocol (ARP) spoofing. So, not so good, especially since this is a chipset level issue and the chipsets are just behaving as the ill-conceived standard specifies for Aggregated-MAC Protocol Data Units (A-MPDU) handling. Being hardware/firmware, it's not easily changed.
Paper and PoC at link below.

aggr-inject/ampdu_inj_wisec2015.pdf at master · rpp0/aggr-inject · GitHub
goo.gl
7
1
Bill Beers Was your image for this post laced with aggr-inject frames? :-)
15
6
Bert Knabe +Howard C. Shaw III I think the problem is that some providers are running traffic across both IPv4 and IPv6 simultaneously. When that happens, you're vulnerable.
Dragos Ruiu
1 week ago
Seems to me that lot of fun could be had with a little pattern of small "donuts" that makes a document unprintable and uncopyable. But I've always had a weird sense of "fun." http://goo.gl/FjWi37

The secret codes of British banknotes
goo.gl
4
3
Elias Pinto I'm in the US, I need to find me some cash to check this out. Hey anyone willing to make a copy for me? :D
Dragos Ruiu
1 week ago
5 axis CNC less than 5k http://goo.gl/NBc31q 

A 5 Axis CNC Mill For Under $5,000
goo.gl
Dragos Ruiu
2 weeks ago

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
goo.gl
15
2
wilson benoit M

Dragos Ruiu
2 weeks ago
Keychain cracked on OSX and IOS. Ruh-Roh. https://goo.gl/MpJU07

report.pdf - Google Drive
goo.gl
Dragos Ruiu
1 month ago
Sleep mode end run on EFI protections on all pre mid2014 MacBooks leaves EFI vulnerable to unremovable bios rootkits.
I wouldn't bet that EFI is untouchable from user land on later model MacBooks either, though not necessarily with this bug. Apple might someday learn more eyes on security is better than their silent march of obscurity and planned obsolescence.
Wish there was some nonEFI dependent way to verify EFI - the architecture is broken.


Firmware Bug in OSX Could Allow Installation of Low-Level Rootkits
goo.gl
Dragos Ruiu
1 month ago
Nice Windows Kernel Exploitation tutorial http://goo.gl/N3iaje

Windows Kernel Exploitation Humla Mumbai by Ashfaq Ansari
goo.gl
7
1
Gustav Hartvigsson Would be interesting to see someone have a look at ReactOS's kernel and subsystems for bugs like these.
It is an NT like OS, so...
Dragos Ruiu
2 months ago
Good enumeration of Windows persistence methods. http://goo.gl/kMnbho 

Many ways of malware persistence (that you were always afraid to ask)
goo.gl
8
2
Jackie Moon Haven´t touch that OS for so long. Now you brought all the bad memories back.
Thx a lot +Dragos Ruiu.
Dragos Ruiu
2 months ago
HD firmware hacking (part3): reversing the boot loader http://goo.gl/fmaFjc

Hard Disk Firmware Hacking (Part 3)
goo.gl
Dragos Ruiu
2 months ago
Fox-IT publishes open source tools to detect duplicate sequence numbers of QUANTUM INSERT style NSA attacks http://goo.gl/sGy2k2

Deep dive into QUANTUM INSERT
goo.gl
48
4
Greg A. Woods What do you want to bet that all they did to "fix" it was invent a deeper and more obscure back door?

OS X has been an excellent example of very bad security design from day one.  Of course it's really not any worse than most any other desktop system, including all Linux systems.
More posts