Dragonblood new results
> August 2019 — During our initial disclosure, the Wi-Fi Alliance privately created security recommendations to mitigate our attacks. In these recommendations, they claim that Brainpool curves are safe to use, at least if products securely implement Dragonfly’s quadratic residue test (i.e. it must be implemented without side-channel leaks). However, we found that using Brainpool curves introduces a second class of side-channel leaks in the Dragonfly handshake of WPA3. In other words, even if the advice of the Wi-Fi Alliance is followed, implementations remain at risk of attacks. This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard. It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept.
That last line.
In-DRAM Bulk Bitwise Execution Engine
> Many applications heavily use bitwise operations on large bitvectors as part of their computation. In existing systems, performing such bulk bitwise operations requires the processor to transfer a large amount of data on the memory channel, thereby consuming high latency, memory bandwidth, and energy. In this paper, we describe Ambit, a recently-proposed mechanism to perform bulk bitwise operations completely inside main memory. Ambit exploits the internal organization and analog operation of DRAM-based memory to achieve low cost, high performance, and low energy. Ambit exposes a new bulk bitwise execution model to the host processor. Evaluations show that Ambit significantly improves the performance of several applications that use bulk bitwise operations, including databases.
The Return of the WIZard: RCE in Exim (CVE-2019-10149)
> In this particular case, RCE means Remote *Command* Execution, not Remote Code Execution: an attacker can execute arbitrary commands with execv(), as root; no memory corruption or ROP (Return-Oriented Programming) is involved.
> This vulnerability is exploitable instantly by a local attacker (and by a remote attacker in certain non-default configurations). To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes). However, because of the extreme complexity of Exim’s code, we cannot guarantee that this exploitation method is unique; faster methods may exist.
Looking inside the box
> This blog post talks about reverse engineering the Dropbox client, breaking its obfuscation mechanisms, de-compiling it to Python code as well as modifying the client in order to use debug features which are normally hidden from view. If you’re just interested in relevant code and notes please scroll to the end. As of this writing it is up to date with the current versions of Dropbox which are based on the CPython 3.6 interpreter.
John the Ripper 1.9.0-jumbo-1
> It’s been 4.5 years and 6000+ jumbo tree commits (not counting JtR core tree commits, nor merge commits) since we released 1.8.0-jumbo-1:
> Proof of work algorithm based on random code execution
> A major and the most significant approach to UEFI BIOS security is to prevent it from being illegitimately modified and the SPI flash memory from being overwritten. Modern vendors use a wide range of security mechanisms to ensure that (SMM BLE / SMM BWP / PRx / Intel BIOS Guard) and hardware-supported verification technologies (Intel Boot Guard). In other words, they do everything just not to let an attacker place a rootkit into a system.
> In this talk, there were some thoughts on how vendors manage to throw all those security flaws together in one system using Intel NUC, a small home PC, as an example. Besides, researchers demonstrated how an adversary can compromise BIOS from the userland.
Archives of POC2018
> Denis Kolegov, Oleg Broslavsky, “WebGoat.SDWAN.Net in Depth”
> En He, Jiashui Wang “Hacking Android VoIP for Fun and Profit!”
> Gmliu, “Windows Kernel Fuzzing”
> Jaanus Kääp, “Document parsers “research” as passive income”
> Jiafeng Li, Zuotong Feng, “How to Exploit Blockchain Public Chain and Smart Contract Vulnerability”
> Jin Liu & Chong Xu, “Pwning Microsoft Edge Browser: From Memory Safety Vulnerability to Remote Code Execution”
> Kang Li, “Practical evading attacks on commercial AI image recognition services”
> Liang Chen, “Era of iOS 12 with A12: End of iOS War?”
> Lidong LI & Naijie XU, “802.11 Smart Fuzzing”
> Ned Williamson, “Exploiting Chrome IPC”
> Nikita Tarakanov, “Automating Windows Kernel Pool Overflow/Corruption Exploits Development”
> Samuel Groß, “IPC MitM: Exploiting a Fun Logic Bug for Kernel-Mode Code Execution on MacOS”
> Tielei Wang, Hao Xu, “IOService Becomes a Grandpa”
> WYP, “Vulnerability analysis of Z-wave products used in Korea”
> Yannay Livneh, “Baby I can drive your car: remotely hacking Telematics CAN-connected devices”
> Yongtao Wang, Sai Cheng, Jie Fu, “SSRF To RCE In Java ”
> Yunhai Zhang, “Diving into Windows Defender Application Guard”
Turning your BMC into a revolving door
> Baseboard Management Controller (BMC) embedded in most of HP servers for more than 10 years. Chipset directly integrated on the server’s motherboard.
There’s a computer inside your computer.
Cuckoo Breeding Ground - A Better Cuckoo Hash Table
> Perhaps the most significant downside of cuckoo hashing, however, is that it potentially requires checking multiple memory regions randomly distributed throughout the table. In many settings, such random access lookups are expensive, making cuckoo hashing a less compelling alternative. We design a variant of cuckoo hashing that reduces the number of memory regions accessed, increase the load threshold and remains relatively simple. We do this by choosing some less popular options for cuckoo hashing with a couple of novel ideas.
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All
> Where many people thought that high-end servers were safe from the (unpatchable) Rowhammer bitflip vulnerability in memory chips, new research from VUSec, the security group at Vrije Universiteit Amsterdam, shows that this is not the case. Since prominent security researchers and companies have suggested that ECC provides pretty good protection [1,2,3], and exploitable bitflips on ECC memory are seen by many as the “unholy grail” for Rowhammer attacks, the new attack to reliably flip bits that completely bypass ECC protection is a major step forward in Rowhammer research.
> To answer the research question above, we first needed to fully understand how ECC is implemented. Unfortunately, this is not trivial. In general, CPU manufacturers omit details of ECC implementation. In addition, the closed nature of hardware makes our task even more difficult. Thus, we first reverse engineered several ECC implementations and showed their guarantees. This part of the work was pretty crazy and involved freezing memory chips and transplanting them (“cold boot attack”), sticking syringe needles into the sockets of memory modules to inject errors, and many other techniques besides. Long story short, after a year of probing and analyzing, we finally understood how ECC memory worked in detail.
Static Program Analysis
> These notes present principles and applications of static analysis of programs. We cover basic type analysis, lattice theory, control flow graphs, dataflow analysis, fixed-point algorithms, widening and narrowing, path sensitivity, relational analysis, interprocedural analysis, context sensitivity, control-flow analysis, several flavors of pointer analysis, and key concepts of semantics-based abstract interpretation. A tiny imperative programming language with pointers and first-class functions is subjected to numerous different static analyses illustrating the techniques that are presented.
MicroWalk: A Framework for Finding Side Channels in Binaries
> In this work, we propose a novel technique based on Dynamic Binary Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory based and control-flow based microarchitectural leakages. We develop a software framework named MicroWalk for side-channel analysis of binaries which can be extended to support new classes of leakage. For the first time, by utilizing MicroWalk, we perform rigorous leakage analysis of two widely-used closed-source cryptographic libraries: Intel IPP and Microsoft CNG. We analyze 15 different cryptographic implementations consisting of 112 million instructions in about 105 minutes of CPU time. By locating previously unknown leakages in hardened implementations, our results suggest that MicroWalk can efficiently find microarchitectural leakages in software binaries.
Gigatron TTL microcomputer
> The Gigatron TTL microcomputer is a minimalistic retro computer. It is special in its own oddball way, because it has absolutely no complex logic chips in it, not even a microprocessor! Instead, its CPU is built out of a handful of classic 7400-series chips, also known as the TTL logic series. In the Gigatron these simple ICs not only form a CPU, but this CPU in turn also performs tasks that normally need dedicated peripheral chips. Despite its simple and compact design, the Gigatron works as an 8-bit single-board microcomputer that you can play video games with.
Vectorized Emulation: Hardware accelerated taint tracking at 2 trillion instructions per second
> In this blog I’m going to introduce you to a concept I’ve been working on for almost 2 years now. Vectorized emulation. The goal is to take standard applications and JIT them to their AVX-512 equivalent such that we can fuzz 16 VMs at a time per thread. The net result of this work allows for high performance fuzzing (approx 40 billion to 120 billion instructions per second [the 2 trillion clickbait number is theoretical maximum]) depending on the target, while gathering differential coverage on code, register, and memory state.
> Further since we’re running emulated code we are able to run a soft MMU implementation which has byte-level permissions. This gives us stronger-than-ASAN memory protections, making bugs fail faster and cleaner.
Didn't know double frees are back.
> Turns out new versions of Ubuntu use tcache, which means there’s a fast path for malloc/free without any safety checks. Pretty cool and trivially exploitable in many cases.
Turing completeness, weird machines, Twitter, and muddled terminology
> The point of weird machine research is *not* about showing that everything is Turing complete. The point of weird machine research is that when any finite state automaton is simulated, and when that simulation gets corrupted, a new machine emerges, with it’s own instruction set. It is this instruction set that gets programmed in attacks. Constraining the state transitions (and hence the reachable states) of a weird machine is what makes exploitation impossible. The computational power (in the TC sense) is secondary.
MAC Address Age Tracking
> This repository is used to determine an approximate issuance date for IEEE allocated hardware address ranges. The dataset was bootstrapped using a combination of the DeepMAC and Wireshark archives and maintained via daily pulls from the IEEE website.
GPU & FPGA cracking speeds for bcrypt, sha512crypt, sha256crypt, bsdicrypt scaled for same running time on CPU
Other comments in the discussion are also interesting.
CC3000 Smart Config - transmitting SSID and keyphrase
> So let’s start at the start - we have a problem - we want to send two pieces of information, an SSID and the keyphrase, from one party that is already a member of the wifi network to an external party who can monitor all the encrypted wifi traffic but who cannot decrypt it.
> So the solution to our problem is to encode the information in the size of the packets sent (the actual content is irrelevant). The party on the secured network just sends UDP packets with particular lengths to another party on the network. That the other party is not interested in receiving the packets is not important.
I believe this is possible. I am amazed it’s actually done.