site: blog.trailofbits.com
Introducing iVerify, the security toolkit for iPhone users
https://blog.trailofbits.com/2019/11/14/introducing-iverify-the-security-toolkit-for-iphone-users/ [blog.trailofbits.com]
2019-11-15 22:56
tags:
iphone
security
swtools
Not only does iVerify help you keep your data confidential and limit data sharing, it helps protect the integrity of your device. It’s normally almost impossible to tell if your iPhone has been hacked, but our app gives you a heads-up. iVerify periodically scans your device for anomalies that might indicate it’s been compromised, gives you a detailed report on what was detected, and provides actionable advice on how to proceed.
source: grugq
Security assessment techniques for Go projects
https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ [blog.trailofbits.com]
2019-11-08 19:22
tags:
development
go
programming
security
With a better understanding of the root causes, we searched for existing tooling to help us quickly and effectively instrument client codebases. The result was a sample of static and dynamic open-source tools, including several that were Go-agnostic. To complement these tools, we also identified several compiler configurations that help with instrumentation.
Useful for developers who aren’t auditors as well.
source: L
Two New Tools that Tame the Treachery of Files
https://blog.trailofbits.com/2019/11/01/two-new-tools-that-tame-the-treachery-of-files/ [blog.trailofbits.com]
2019-11-04 07:25
tags:
defense
development
format
programming
release
security
swtools
turtles
Parsing is hard, even when a file format is well specified. But when the specification is ambiguous, it leads to unintended and strange parser and interpreter behaviors that make file formats susceptible to security vulnerabilities. What if we could automatically generate a “safe” subset of any file format, along with an associated, verified parser? That’s our collective goal in Dr. Sergey Bratus’s DARPA SafeDocs program.
We’ve developed two new tools that take the pain out of parsing and make file formats safer:
PolyFile: A polyglot-aware file identification utility with manually instrumented parsers that can semantically label the bytes of a file hierarchically; and
PolyTracker: An automated instrumentation framework that efficiently tracks input file taint through the execution of a program.
source: grugq
Tethered jailbreaks are back
https://blog.trailofbits.com/2019/09/27/tethered-jailbreaks-are-back/ [blog.trailofbits.com]
2019-09-28 20:00
tags:
bios
cpu
exploit
iphone
malloc
security
checkm8 exploits the Boot ROM to allow anyone with physical control of a phone to run arbitrary code. The Boot ROM, also called the Secure ROM, is the first code that executes when an iPhone is powered on and cannot be changed, because it’s “burned in” to the iPhone’s hardware. The Boot ROM initializes the system and eventually passes control to the kernel. It’s the root of trust for the trusted boot chain of iOS and verifies the integrity of the next stage of the boot process before passing execution control.
Detailed writeup: https://habr.com/en/company/dsec/blog/472762/
source: white
Binary symbolic execution with KLEE-Native
https://blog.trailofbits.com/2019/08/30/binary-symbolic-execution-with-klee-native/ [blog.trailofbits.com]
2019-08-30 18:25
tags:
best
development
fuzzing
linux
security
swtools
testing
KLEE is a symbolic execution tool that intelligently produces high-coverage test cases by emulating LLVM bitcode in a custom runtime environment. Yet, unlike simpler fuzzers, it’s not a go-to tool for automated bug discovery. Despite constant improvements by the academic community, KLEE remains difficult for bug hunters to adopt. We’re working to bridge this gap!
My internship produced KLEE-Native; a version of KLEE that can concretely and symbolically execute binaries, model heap memory, reproduce CVEs, and accurately classify different heap bugs. The project is now positioned to explore applications made possible by KLEE-Native’s unique approaches to symbolic execution. We will also be looking into potential execution time speed-ups from different lifting strategies. As with all articles on symbolic execution, KLEE is both the problem and the solution.
https://github.com/trailofbits/klee
source: HN
Better Encrypted Group Chat
https://blog.trailofbits.com/2019/08/06/better-encrypted-group-chat/ [blog.trailofbits.com]
2019-08-07 02:10
tags:
crypto
networking
security
social
standard
End-to-end encrypted group messaging is also a hard problem to solve. Existing solutions such as Signal, WhatsApp, and iMessage have inherent problems with scaling, which I’ll discuss in detail, that make it infeasible to conduct group chats of more than a few hundred people. The Message Layer Security (MLS) protocol aims to make end-to-end encrypted group chat more efficient while still providing security guarantees like forward secrecy and post-compromise security.
The primary contribution of molasses has been in detecting errors in the specification and other implementations through unit and interoperability testing. Molasses implements most of MLS draft 6. Why not all of draft 6? There was an error in the spec that made it impossible for members to be added to any group. This broke all the unit tests that create non-trivial groups. Errors like this are hard to catch just by reading the spec; they require some amount of automated digging. Once they are found, the necessary revisions tend to be pretty obvious, and they are swiftly incorporated into the subsequent draft.
Nice work and a very nice explanation of the protocol.
source: L
Fuck RSA
https://blog.trailofbits.com/2019/07/08/fuck-rsa/ [blog.trailofbits.com]
2019-07-08 15:50
tags:
crypto
development
programming
security
sidechannel
turtles
RSA is an intrinsically fragile cryptosystem containing countless foot-guns which the average software engineer cannot be expected to avoid. Weak parameters can be difficult, if not impossible, to check, and its poor performance compels developers to take risky shortcuts. Even worse, padding oracle attacks remain rampant 20 years after they were discovered. While it may be theoretically possible to implement RSA correctly, decades of devastating attacks have proven that such a feat may be unachievable in practice.
source: L
Getting 2FA Right in 2019
https://blog.trailofbits.com/2019/06/20/getting-2fa-right-in-2019/ [blog.trailofbits.com]
2019-06-20 14:49
tags:
auth
development
security
ux
web
All told, there’s never been a better time to add 2FA to your services. Keep reading to find out how you can do it right.
There’s a lot here and it’s all very good.
source: HN
What Application Developers Need To Know About TLS Early Data (0RTT)
https://blog.trailofbits.com/2019/03/25/what-application-developers-need-to-know-about-tls-early-data-0rtt/ [blog.trailofbits.com]
2019-04-01 05:07
tags:
networking
security
turtles
web
TLS 1.3 represents the culmination of over two decades of experience in deploying large-scale transport security. For the most part it simplifies and improves the security of TLS and can act as a drop-in replacement for TLS 1.2. However, one new feature in the protocol represents a significant security risk to some existing applications: TLS 0-RTT (also known as early data). This performance optimization can allow replay attacks in applications that don’t implement their own anti-replay defenses. In some cases, just upgrading your TLS dependencies can introduce application-level vulnerabilities.
source: L
How to write a rootkit without really trying
https://blog.trailofbits.com/2019/01/17/how-to-write-a-rootkit-without-really-trying/ [blog.trailofbits.com]
2019-01-18 02:14
tags:
fuzzing
linux
programming
release
systems
We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out!
This post covers intercepting system calls from within the Linux kernel, via a plain old kernel module. We’ll go through a quick refresher on syscalls and why we might want to intercept them and then demonstrate a bare-bones module that intercepts the read(2) syscall.
https://github.com/trailofbits/krf
source: L
A Guide to Post-Quantum Cryptography
https://blog.trailofbits.com/2018/10/22/a-guide-to-post-quantum-cryptography/ [blog.trailofbits.com]
2018-10-24 03:52
tags:
crypto
quantum
security
A taxonomy of candidates.
Post-quantum cryptography is the study of cryptosystems which can be run on a classical computer, but are secure even if an adversary possesses a quantum computer. Recently, NIST initiated a process for standardizing post-quantum cryptography and is currently reviewing first-round submissions. The most promising of these submissions included cryptosystems based on lattices, isogenies, hash functions, and codes.
source: green
Protecting Software Against Exploitation with DARPA’s CFAR
https://blog.trailofbits.com/2018/09/10/protecting-software-against-exploitation-with-darpas-cfar/ [blog.trailofbits.com]
2018-09-11 18:53
tags:
compiler
defense
security
systems
Fault Analysis on RSA Signing
https://blog.trailofbits.com/2018/08/14/fault-analysis-on-rsa-signing/ [blog.trailofbits.com]
2018-08-15 03:51
tags:
crypto
exploit
fuzzing
programming
security
This spring and summer, as an intern at Trail of Bits, I researched modeling fault attacks on RSA signatures. I looked at an optimization of RSA signing that uses the Chinese Remainder Theorem (CRT) and induced calculation faults that reveal private keys. I analyzed fault attacks at a low level rather than in a mathematical context. After analyzing both a toy program and the mbed TLS implementation of RSA, I identified bits in memory that leak private keys when flipped.
source: green
You could have invented that Bluetooth attack
https://blog.trailofbits.com/2018/08/01/bluetooth-invalid-curve-points/ [blog.trailofbits.com]
2018-08-13 00:59
tags:
crypto
math
security
Unlike many elliptic curve bugs, an average human can totally understand the bug and how it can be exploited. It’s a cool application of a conceptually approachable attack.
This post describes the bug, how to exploit them, and how that specifically happened with the bluetooth protocol. But first, let’s take a crash course in elliptic curves and invalid curve point attacks.
source: HN
Microsoft didn’t sandbox Windows Defender, so I did
https://blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/ [blog.trailofbits.com]
2017-08-02 19:35
tags:
defense
programming
rust
security
virtualization
windows
As a proof of concept, I sandboxed Windows Defender for them and, am now open sourcing my code as the Flying Sandbox Monster. The core of Flying Sandbox Monster is AppJailLauncher-rs, a Rust-based framework to contain untrustworthy apps in AppContainers. It also allows you to wrap the I/O of an application behind a TCP server, allowing the sandboxed application to run on a completely different machine, for an additional layer of isolation.
source: HN
Manticore: Symbolic execution for humans
https://blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/ [blog.trailofbits.com]
2017-04-27 19:26
tags:
compsci
fuzzing
release
security
swtools
Earlier this week, we open-sourced a tool we rely on for dynamic binary analysis: Manticore! Manticore helps us quickly take advantage of symbolic execution, taint analysis, and instrumentation to analyze binaries.
https://github.com/trailofbits/manticore/
McSema: I’m liftin’ it
https://blog.trailofbits.com/2017/03/14/mcsema-im-liftin-it/ [blog.trailofbits.com]
2017-03-27 02:31
tags:
c
compiler
programming
release
swtools
McSema, our x86 machine code to LLVM bitcode binary translator, just got a fresh coat of paint. Last week we held a successful hackathon that produced substantial improvements to McSema’s usability, documentation, and code quality. It’s now easier than ever to use McSema to analyze and reverse-engineer binaries.
The Challenges of Deploying Security Mitigations
https://blog.trailofbits.com/2017/02/20/the-challenges-of-deploying-security-mitigations/ [blog.trailofbits.com]
2017-02-22 15:44
tags:
c
compiler
defense
development
programming
security
Instead, this blog post is going to be about a very important but underappreciated aspect of security mitigations: development costs and ease of use. We will describe our adventures in applying control flow integrity protections to osquery, and how seemingly small tradeoffs in security mitigations have serious implications for usability.
In particular, clang ClangCFI.
The Smart Fuzzer Revolution
https://blog.trailofbits.com/2017/02/16/the-smart-fuzzer-revolution/ [blog.trailofbits.com]
2017-02-22 15:40
tags:
fuzzing
links
security
slides
swtools
video
I felt there was a need to put the recent advances in automated bug finding into context. The new developments of the Cyber Grand Challenge, AFL, and libFuzzer were easy to miss if you weren’t paying attention. However, the potential impact they have on our industry is dramatic.