| Tweetovi |
|
clem
@clavoillotte
|
5. velj |
|
Mitigations for path redirection attacks: hardlinks will require write access to target file, junctions created from medium IL will be marked and not followed by privileged processes, SYSTEM will get its own %TEMP% twitter.com/dwizzzleMSFT/s…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Dave dwizzzle Weston
@dwizzzleMSFT
|
5. velj |
|
Just posted my talk "Keeping Windows Secure" touching on security assurance process and vuln research in Windows from @BlueHatIL 2019: github.com/dwizzzle/Prese…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Yarden Shafir
@yarden_shafir
|
2. velj |
|
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't.
@aionescu and I wrote about these!
windows-internals.com/dkom-now-with-…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Check Point Research
@_CPResearch_
|
30. sij |
|
|
||
| clem proslijedio/la je tweet | ||
|
isis agora lovecruft (they/them)
@isislovecruft
|
30. sij |
|
i believe i just did something no one has ever done before: i wrote a constant-time galois field implementation on a 6502 chipset, which not only does not have a constant-time hardware multiply instruction, but does not have a multiply instruction at all
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
James Forshaw
@tiraniddo
|
30. sij |
|
A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is). tiraniddo.dev/2020/01/dont-u…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Walied Assar
@waleedassar
|
27. sij |
|
Windows Kernel _IMAGE_DOS_HEADER::e_lfanew Denial Of Service/Memory Corruption
waleedassar.blogspot.com/2020/01/malfor…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Hector Martin
@marcan42
|
16. sij |
|
To clarify the Windows crypto fail: The problem isn't in signature validation. The problem is the *root store/cache*. CryptoAPI considers an (attacker-supplied) root CA to be in the trust store if its public key and serial match a cert in the root store, Ignoring curve params.
|
||
|
|
||
|
clem
@clavoillotte
|
17. sij |
|
Congrats! You’re gonna rock & inspire as usual :)
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Yarden Shafir
@yarden_shafir
|
16. sij |
|
After a lot of work and some crypto-related delays, I couldn't be more proud to publish @aionescu's and mine latest research - The complete overview of CET internals on Windows (so far!):
windows-internals.com/cet-on-windows/
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Saleem Rashid
@saleemrash1d
|
15. sij |
|
CVE-2020-0601 pic.twitter.com/8tJsJqvnHj
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Matt Graeber
@mattifestation
|
15. sij |
|
God forbid the Audit-CVE event fires for CVE-2020-0601 but if it does and the "para" field starts with 30, it's a good chance you have a cert with custom ECC curve params. Here's how you can parse them to make sense of them.
gist.github.com/mattifestation…
twitter.com/mattifestation… pic.twitter.com/4dgB8swWDV
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Matt Nelson
@enigma0x3
|
15. sij |
|
[Blog] Avira VPN Local Privilege Escalation enigma0x3.net/2020/01/15/avi…
Uses some fun tricks to circumvent service DACL and integrity checks.
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Tavis Ormandy
@taviso
|
14. sij |
|
The NSA advisory is much more helpful than Microsoft's. twitter.com/DAlperovitch/s…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Siguza
@s1guza
|
7. sij |
|
New blog post. ARM hardware bug. In the specification.
siguza.github.io/PAN/
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Samuel Groß
@5aelo
|
9. sij |
|
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage: googleprojectzero.blogspot.com/2020/01/remote…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Vincent Le Toux (Paris)
@mysmartlogon
|
30. pro |
|
Found this gem from @SteveSyfuhs about kerberos in .net
github.com/SteveSyfuhs/Ke…
Bonus: the KerbDump Tool to view the ticket and even decrypt its encrypted part.
From what I understand from the code, Windows only - to confirm. pic.twitter.com/GRlPNgse0A
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Blue Frost Security
@bluefrostsec
|
7. sij |
|
Full analysis and exploit for Windows kernel ws2ifsl use-after-free (CVE-2019-1215) by our researcher @flxflndy labs.bluefrostsecurity.de/blog/2020/01/0…
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
James Forshaw
@tiraniddo
|
2. sij |
|
To bring in the new year here's a new blog post about empirically testing Windows Service Hardening to see if it is really not a security boundary even on Windows 10. tyranidslair.blogspot.com/2020/01/empiri… h/t @cesarcer
|
||
|
|
||
| clem proslijedio/la je tweet | ||
|
Samuel Groß
@5aelo
|
27. pro |
|
Slides + recording of my #36c3 talk: saelo.github.io/presentations/… media.ccc.de/v/36c3-10497-m… had to omit many details, but blogpost coming soon!
|
||
|
|
||