Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

...more

Introducing post-quantum Cloudflare Tunnel

Published: 2022-10-03 13:00:00

Popularity: 2

Author: Bas Westerbaan

Keywords:

Every connection we make post-quantum secure, we remove one opportunity for compromise: that's why we are announcing post-quantum Cloudflare Tunnel to help you secure every connection to our network

...more

CVE-2021-41577: MITM to RCE in EVGA Precision X1

Published: 2022-01-11 16:30:37

Popularity: None

Author: Hunter Stanton

Keywords:

Research

The post CVE-2021-41577: MITM to RCE in EVGA Precision X1 appeared first on Rhino Security Labs.

...more

Tool Release – insject: A Linux Namespace Injector

Published: 2022-01-08 05:20:06

Popularity: None

Author: Jeff Dileo

Keywords:

Research

Tool Release

Virtualization, Emulation, & Containerization

LLM Says: "Linux namespace party"

tl;dr Grab the release binary from our repo and have fun. Also, happy new year; 2021 couldn’t end soon enough. Background A while back, I was asked by one of my coworkers on the PSC team about ways in which to make their custom credit card data scanner cloud native to assess Kubernetes clusters. While … Continue reading Tool Release – insject: A Linux Namespace Injector →

...more

Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches

Published: 2021-12-29 22:38:00

Popularity: None

Author: Jeff Dileo

Keywords:

Research

Tool Release

LLM Says: "Java crashes again"

Background Java Virtual Machines (JVMs) provide a number of mechanisms to inspect and modify the Java applications and the runtime they stand on. These include Java agents, JARs that are capable of modifying Java class files at runtime; and JVMTI agents, native libraries that can perform deep hooking into the innards of the JVM itself. … Continue reading Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches →

...more

Some Musings on Common (eBPF) Linux Tracing Bugs

Published: 2021-08-06 04:54:28

Popularity: None

Author: Jeff Dileo

Keywords:

Having been in the game of auditing kprobe-based tracers for the past couple of years, and in light of this upcoming DEF CON on eBPF tracer race conditions (which you should go watch) being given by a friend of mine from the NYU(-Poly) (OSIR)IS(IS) lab, I figured I would wax poetic on some of the … Continue reading Some Musings on Common (eBPF) Linux Tracing Bugs →

...more

ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again

Published: 2020-12-10 15:00:00

Popularity: 4

Author: Jeff Dileo

Keywords:

Cloud & Containerization

Research

Virtualization, Emulation, & Containerization

This post is a technical discussion of the underlying vulnerability of CVE-2020-15257, and how it can be exploited. Our technical advisory on this issue is available here, but this post goes much further into the process that led to finding the issue, the practicalities of exploiting the vulnerability itself, various complications around fixing the issue, … Continue reading ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again →

...more

Tool Release: Sinking U-Boots with Depthcharge

Published: 2020-07-22 16:00:49

Popularity: 1

Author: Jon Szymaniak

Keywords:

Hardware & Embedded Systems

Depthcharge is an extensible Python 3 toolkit designed to aid security researchers when analyzing a customized, product-specific build of the U-Boot bootloader. This blog post details the motivations for Depthcharge’s creation, highlights some key features, and exemplifies its use in a “tethered jailbreak” of a smart speaker that leverages secure boot functionality. I boot, you … Continue reading Tool Release: Sinking U-Boots with Depthcharge →

...more

An offensive guide to the Authorization Code grant

Published: 2020-07-07 11:00:01

Popularity: 17

Author: Rami McCarthy

Keywords:

OAuth 2.0 Authorization Code

Pentesting

OAuth is the widely used standard for access delegation, enabling many of the “Sign in with X” buttons and “Connect your Calendar” features of modern Internet software. OAuth 2.0 is the most common and recent version of this specification, which defines four grant types (as well as various extensions), specifically suited for different use cases. … Continue reading An offensive guide to the Authorization Code grant →

...more

LDAPFragger: Bypassing network restrictions using LDAP attributes

Published: 2020-03-19 10:00:00

Popularity: 4

Author: Rindert Kramer

Keywords:

Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to the same Active Directory domain, however only one network segment could connect to the internet. To control workstations in both segments remotely with Cobalt Strike, we built a tool that uses the … Continue reading LDAPFragger: Bypassing network restrictions using LDAP attributes →

...more

A Survey of Istio's Network Security Features

Published: 2020-03-04 12:00:00

Popularity: 12

Author: jleadfordncc

Keywords:

Cloud & Containerization

North American Research

LLM Says: "Secure network gates"

Istio is a service mesh, which, in general, exist as a compliment to container orchestrators (e.g. Kubernetes) in order to provide additional, service-centric features surrounding traffic management, security, and observability. Istio is arguably the most popular service mesh (using GitHub stars as a metric). This blog post assumes working familiarity with Kubernetes and microservices, but … Continue reading A Survey of Istio's Network Security Features →

...more

Deep Dive into Real-World Kubernetes Threats

Published: 2020-02-12 12:00:00

Popularity: 8

Author: nccmanning

Keywords:

Cloud & Containerization

Conferences

North American Research

On Saturday, February 1st, I gave my talk titled “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” at Shmoocon 2020. I’m following up with this post that goes into more details than I could cover in 50 minutes. This will re-iterate the points I attempted to make, walk through the demo, and provide resources for … Continue reading Deep Dive into Real-World Kubernetes Threats →

...more

Properly Signed Certificates on CPE Devices

Published: 2020-02-04 09:04:08

Popularity: None

Author: m4ttlewis

Keywords:

Cryptography

Hardware & Embedded Systems

CPE

LLM Says: ""Secure Certs Only""

During late January 2020, a hot topic surfaced between security professionals on an issue that has historically had different proposed solutions. This blog post seeks to explore these solutions and identify pragmatic approaches to risk reduction on this specific issue concerning Customer Premises Equipment (CPE) security. Two security researchers (Tom Pohl and Nick Starke) analysed … Continue reading Properly Signed Certificates on CPE Devices →

...more

Tool Release – Enumerating Docker Registries with go-pillage-registries

Published: 2020-01-24 13:15:00

Popularity: 42

Author: jmakinenncc

Keywords:

Cloud & Containerization

North American Research

LLM Says: "docker hack!"

Introduction Containerization solutions are becoming increasingly common throughout the industry due to their vast applications in logically separating and packaging processes to run consistently across environments. Docker represents these processes as images by packaging a base filesystem and initialization instructions for the runtime environment. Developers can use common base images and instruct Docker to execute … Continue reading Tool Release – Enumerating Docker Registries with go-pillage-registries →

...more