Next Generation
- URL obfuscation (+ SSL encryption) [3]
- RPC fragmentation [4]
- HTML obfuscation [5] and JavaScript obfuscation [6]
- Etc...
Permutation Oriented Programming (formerly known as Exploit Next Generation) introduces a different and powerful approach, which can be applied to almost all vulnerability, which targets the vulnerability trigger - so far none, or just few, research has been conducted addressing the vulnerability trigger.
-=[ Approach
To circumvent or avoid a pattern-matching detection approach, there are two options:
1. Easier (or Harder): know how the vulnerability is detected (access to signature/vaccine [7]).
2. Harder (or Easier): know deeply how to trigger the vulnerability and how to exploit it (access to vulnerable ecosystem).
Polymorphic code means that a code will change every time it executes,
making it unpredictable. What we have, so far, are static codes, and I never
saw any “dynamic” code exploiting any vulnerability. That is the reason some
IPS/IDS can easily add signatures.
-[ ENG (Encore Next Generation) Techniques
First of all, to make a polymorphic code we have to be sure we have all the
requirements to achieve the concept that a polymorphic code must be
unpredictable, and it means random. I choose the MS02-039[1], because I have
all the requirements for this proof of concept:
Some of you already heard about the Exploit Next Generation® Methodology - or ENG++ (pronounced /ěn'jĭn/ incremented)... And some of you were in its very first appearance:
- The Departed: Exploit Next Generation @ H2HC 6th Edition
The ENG++ helps to create new exploit variants, maintaining the reliability and can be applied to:
1. Penetration test;
2. Exploit Development;
3. Security Solution Evasion Test;
4. Security Solution Quality Assurance;
5. Etc...
operating system designed for use in embedded systems. From QNX's
website:
"Companies worldwide like Cisco, Delphi, Siemens, Alcatel and Texaco
depend on
the QNX technology for network routers, medical devices, intelligent
transportation systems, safety and security systems, next-generation
robotics, and other mission-critical applications. In addition, QNX
forms the core for Ford Motor Co.'s Lincoln Aviator IAV, an
engineering concept vehicle. The new system supports the development
of next-generation in-car communications, infotainment, and
telematics applications." More information is available at
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each non-resident speaker will receive accommodation for 3 nights / 4
days at the Krasnapolsky. For each non-resident speaker, HITB will cover
travel expenses up to EUR1200.00.
17h00-18h00 ? Getting in the SS7 kingdom: hard technology and
disturbingly easy hacks to get entry points in the walled garden ?
Philippe Langlois (P1 Security)
Saturday 2010-04-10:
11h30-12h30 ? Turbot ? Next Generation Botnet ? Itzik Kotler (Radware),
Ziv Gadot (Radware)
14h00-15h00 ? Fingerprinting hardware devices using clock-skewing ?
Renaud Lifchitz
15h00-16h00 ? A5/1 application & crack via GPU ? Gloire Gwendal
As all of you already know the Exploit Next Generation® Compliance
Methodology is the only methodology able to apply the "Z-Day Attacks"
concepts.
Some examples demonstrated during its very first appearance are now
available at:
- http://code.google.com/p/exploit-ng/
To celebrate one year of its very first appearance, I will release two
example modules, applying ENG++ Methodology, late this year -
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each non-resident speaker will receive accommodation for 3 nights / 4
days. For each non-resident speaker, HITB will cover travel expenses up
to EUR1200.00.
Details
=======
The Cisco AnyConnect Secure Mobility Client is the Cisco
next-generation VPN client, which provides remote users with secure
IPsec (IKEv2) or SSL Virtual Private Network (VPN) connections to
Cisco 5500 Series Adaptive Security Appliances (ASA) and devices that
are running Cisco IOS Software.
The Cisco AnyConnect Secure Mobility Client is affected by the
Version Affected: 3.1.8.3 (newest)
Info:
LiveZilla, the Next Generation Live Help / Live Chat and Live
Support System connects you to your website visitors. Use
LiveZilla to provide Live Chats and monitor your website visitors
in real-time. Convert visitors to customers - with LiveZilla!
Credits: InterN0T
Vendor has been notified and the vulnerability has been fixed.
* Details
The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network. The server can be managed using a web
interface. It was found that the application does not properly sanitize
user input which results into multiple SQL injections.
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Windows / Linux / OS X / *NIX Security Vulnerabilities
# Next Generation Exploit and Exploit Mitigation Techniques
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Your submission will be reviewed by The HITB CFP Review Committee which
includes:
solutions", 1997.
[http://www.openbsd.org/advisories/res_random.txt]
[4] Sacramento, Vagner, "Vulnerability in the sending requests control
of Bind versions 4 and 8 allows DNS spoofing", 2002.
[http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html]
[5] Stewart, Joe, "DNS Cache Poisoning - The Next Generation", 2002.
[http://www.secureworks.com/research/articles/dns-cache-poisoning]
[6] Klein, Amit, "BIND 9 DNS cache poisoning", 2007.
[http://www.trusteer.com/files/BIND_9_DNS_Cache_Poisoning.pdf]
[7] Klein, Amit, "Windows DNS Server cache poisoning", 2007.
[http://www.trusteer.com/files/Windows_DNS_Cache_Poisoning.pdf]
version 1.02.1.
* Details
The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network. The server can be managed using a web
interface. It is possible for unauthenticated users to extract arbitrary
files from the hosting system due to inadequate file handling in cvs.php.
utilization, reduce latency, increase scalability, and enhance security
for Websites, server farms, cache clusters, and firewall systems."
From [2]:
"Cisco(R) ACE Application Control Engine application switches represent
the state of the art in next-generation application switches for
increasing the availability, performance, and security of data center
applications.
The Cisco ACE family of application switches includes the Cisco ACE
Service Module for the Cisco Catalyst(R) 6500 Series Switches and Cisco
7600 Series Routers, as well as the Cisco ACE 4710 Appliance in a
Info
----
Open Computer and Software (OCS) Inventory Next Generation (NG) is an
application designed to help a network or system administrator keep track
of the computers configuration and software that are installed on the network.
Details
Hi, everyone!
As so many highlights have been given on Intrusion Detection System and
Intrusion Prevention System evasions (?) last week, I decided to send this
message just to let you all know that I published a brand-new sample video,
demonstrating two Exploit Next GenerationR example modules, successfully
evading:
. SNORT 2.8.6 detection for MS02-056 vulnerability.
. SURICATA 0.9.0 detection for MS08-078 vulnerability.
Here is the YouTube video:
OCS Inventory NG Server 1.2.1
Details:
The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.
Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1
Found by : Guilherme Marinheiro
Refereed paper track
* Refereed paper track keynote
* Know Thyself! - Dieter Gollmann
* Refereed paper track selections:
* SWF and the Malware Tragedy - fukami and Ben Fuhrmannek
* Building and Stopping Next Generation XSS Worms - Arshan Dabirsiaghi
* Detecting Security Vulnerabilities in Web Applications Using Dynamic
Analysis with Penetration Testing - Andrew Petukhov and Dmitry Kozlov
* The Need for Fourth Generation Static Analysis Tools for Security: From
Bugs to Flaws - Evgeny Lebanidze
* Preventing SQL Injections in Online Applications: Study, Recommendations
Presentations:
- Pushing the Camel Through the Eye of a Needle
- An Effective Methodology to Enable Security Evaluation at RTL Level
- Remote Code Execution Through Intel CPU Bugs
- Next Generation Reverse Shell
- Build Your Own Password Cracker with a Disassembler and VM Magic
- Decompilers and Beyond
- Cracking into Embedded Devices and Beyond!
- Client-side Security
- Top 10 Web 2.0 Attacks
KEYNOTE 1 - John Viega - A/V Vendors Aren't As Dumb As They Look
D1 - Daniel Mende - Attacking Cisco WLAN Solutions
D1 - Laurent Oudot - Improving the Stealthiness of Web Hacking
D1 - Dimitri Petropoulos - Attacking ATMs and HSMs **
D1 - Dino Covotsos - Analysis of a Next Generation Botnet
D1 - The Grugq - Crime, Kung Fu and Rice ##
KEYNOTE 2 - Sourcefire - Near Real Time Detection
D2 - Mariano Di Croce - SAP Penetration Testing with Bizsploit
D2 - Fred Raynal + Sogeti - Gathering and Exploiting Information
Remote : Yes (No authentication is needed)
== Description ==
Open Computer and Software (OCS) Inventory Next Generation (NG) is an
application designed to help a network or system administrator keep track
of the computers configuration and software that are installed on the network.
The vulnerability is a sql injection which exists in header.php file.
Attacker could pass a special sql string which can used to create/modify
ICCC is divided into two tracks:
The Concepts, Strategy and Law track addresses the human component of Cyber Forces. This includes talks and discussion on how to best identify, recruit, train and retain the right people, and how to best organize their contribution to national security. The track will address both traditional state-centric concepts, such as specialized units in the active duty military, and more volunteer-based approaches, such as the Estonian Cyber Defence League and cyber security expertise in the reserve forces.
The Technical Challenges & Solutions track includes a significant number of world-renowned experts. Presentations will cover topics ranging from “next-generation” intrusion detection to covert channels, Advanced Persistent Threats, and a tutorial on VoIP exploitation. The cutting-edge nature of these talks will help security professionals to understand not only the current dangers in cyberspace, but also many cyber security challenges of the future.
Technical Track attendees will ideally have a solid computer science or information security background, in order to facilitate both an understanding of the material presented and to take part in subsequent discussion.
ICCC takes place in Tallinn at the same time as the NATO defence ministers’ meeting in Brussels, which will articulate a new NATO cyber defence policy. This policy is likely to be addressed on the last day of the conference.
ICCC 2011 is co-sponsored by IEEE, the world’s largest professional association for advancing technological innovation and excellence. The conference proceedings will be published in hard copy and made available digitally through IEEE Xplore.
- Ivan Krstić (http://radian.org/)
- Johnny Long (http://johnny.ihackstuff.com/)
- Gadi Evron (http://gadievron.blogspot.com/)
In addition Matt Jonkman will present a new project about the development of
a next-generation intrusion detection and prevention engine. Feedback of the
community is highly welcome!
Registration is open at: https://deepsec.net/register/
Please make sure to book your tickets in time, we have only a _limited_ number!
Side Channel Analysis of Hardware Devices
Analysis of Malicious Code / Viruses / Malware
Data Recovery, Forensics and Incident Response
Hardware based attacks and reverse engineering
Windows / Linux / OS X / *NIX Security Vulnerabilities
Next Generation Exploit and Exploit Mitigation Techniques
NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
Each accepted submission will entitle the speaker / speakers to
accommodation for 3 nights / 4 days and travel expense reimbursement up
to EUR1200.00 per speaking slot.
Keynote 1: John Viega (CTO, SaaS, McAfee Inc.) -- A/V Vendors Aren't As Dumb As They Look
Keynote 2: Matt Watchinski (Senior Director of Vulnerability Research, Sourcefire Inc.) -- TBA
1.) Daniel Mende (ERNW GmbH) with Oliver Roeschke (ERNW GmbH) -- Attacking CISCO WLAN Solutions
2) Dino Covotsos (Managing Director, Telspace Systems) -- Hiding a Giant: Analysis of a Next Generation Botnet
3.) Fredric Raynal (Head of Research, Sogeti/Cap Gemini) with Arnauld Mascret (Sogeti / Cap Gemini) & Christophe Devaux (Sogeti / Cap Gemini) -- Deception 2.0: Gathering and Exploiting Information
4.) Gynvael Coldwind (Researcher, Hispasec) -- A Case Study of Recent Windows Vulnerabilities
5.) Laurent Oudot (Founder, TEHTRI-Security) -- Silent Steps: Improving the Stealthiness of Web Hacking
6.) Marc Schoenefeld (Independent Network Security Specialist) -- Open Sesame: Examining Android Code with undx2
7.) Shawn Merdinger (Security Researcher) -- We Don't Need No Stinkin' Badges: Hacking Electronic Door Access Controllers
|
