Latest Articles
LAYER 8 – Patching the un-patchable….
Computer systems and software have been continually evolving year upon year. Faster processing and data transfer coupled with more accessible storage have made crunching vast amounts of data possible in mere nanoseconds. Computer security and controls have improved as well, we now have intelligent firewalls, web proxies, file integrity monitoring, DLP, IAM and all sorts of amazing new technologies and emerging acronyms to help busy IT departments maintain the confidentiality, integrity and availability of their data and systems.
November 10, 2014,st
Playing with MS14-060 and MS14-058 [CVE-2014-4113 CVE-2014-4114] : Attacks and Defenses
Recently two 0-day exploits were revealed. The first one was given the name Sandworm, however, the name convention was mistakenly including the “worm” term as we will see. The second one CVE-2014-4113 is a privilege escalation local exploit for Windows. Sandworm as said includes the word “worm” most likely for making the situation more dramatic. A worm is a self-propagating piece of code that does not take human intervention. It is said that Sandworm was used in cyber espionage operations from Russians against NATO, European Union, and also against specific industries such as the energy sector (by targeting SCADA systems). Vulnerable targets are Windows Office 2010 and 2013. In order to have a successful attack, someone naive (or convinced!) to execute (open) a PowerPoint show file is needed. It is said that CVE 4113 strikes win32k.sys which is the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014. Win32k.sys is responsible for window management, and any GUI process/thread that will use it. Its related user-mode modules are user32.dll and GDI32.dll. Due to the complex interaction with user-mode applications, there are many problems in Win32k.sys. The exploit was acquired in the wild, and a hacking team called HURRICANE PANDA created it. A null pointer de-reference in win32k.sys is the vulnerability and by abusing the xxxSendMessageTimeout function it is possible to execute arbitrary code.
November 10, 2014
GPU Password Cracking Hype
Ditch the CPU for password cracking even if you have an overclocked Extreme Intel Core i7, they just aren’t made for password cracking since they only contain a small number of cores. Instead set your sights on a high powered graphics cards with with the primary aim of finding cards with a high number of cores, for instance the GeForce GTX TITAN Z features a whopping 5760 cores. Imagine the insane speeds of password cracking with all those cores working harmoniously in parallel to crack a password. A professional setup might include a few graphics cards per rig or if you are really serious you might want to branch out into a distributed cracking network using multiple machines.
November 7, 2014,rw