Announcing the pre-release (v0.9) of “AaronLocker:” robust and practical application whitelisting for Windows.

June 26, 2018 ~ hucktech ~ Leave a comment

Announcing the pre-release (v0.9) of "AaronLocker:" robust and practical application whitelisting for Windows: https://t.co/MYtLH0j8Nn

— Aaron Margosis (@AaronMargosis) June 26, 2018

AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize rules for your specific requirements with simple text-file edits. AaronLocker includes scripts that document AppLocker policies and capture event data into Excel workbooks that facilitate analysis and policy maintenance.[…]

https://msdnshared.blob.core.windows.net/media/2018/06/AaronLocker-v0.9.zip

Howard Oakley: Hidden caches in macOS: where your private data gets stored

June 26, 2018 ~ hucktech ~ Leave a comment

Hidden caches in macOS: where your private data gets stored https://t.co/dUHlayhl70

— Howard Oakley, Eclectic Light Co (@howardnoakley) June 26, 2018

Some time ago, I proposed that macOS 10.14 should be named Gormenghast, to reflect its many concealed and neglected features. These can trip up its own security and the protection of privacy when an old system within macOS is quietly storing sensitive data in an unprotected location. A good example is the latest vulnerability in QuickLook (or Quick Look, as Apple uses both forms). Here is a brief overview of some of the potentially sensitive information which macOS secretes away in unexpected places. If you’re concerned about protecting the security of your data, these should be places to watch; if you’re a forensic analyst, these are often rewarding places to look.[…]

Hidden caches in macOS: where your private data gets stored

Aleph Security: Overcoming (some) Spectre browser mitigations

June 26, 2018 ~ hucktech ~ Leave a comment

We looked into the Spectre browser mitigations and this is what we found.https://t.co/Sn2cGcZNzo

— Aleph Research (@alephsecurity) June 26, 2018

https://github.com/alephsecurity/spectreBrowserResearch

https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/

Heather Mahalik: Android and iIOS smartphone acquisition techniques

June 26, 2018 ~ hucktech ~ Leave a comment

https://t.co/OXLVeHwmL2 The students asked, so I delivered. I hope this helps summarize the many options we have when acquiring Android and iOS devices.

— Heather Mahalik Barnhart (@HeatherMahalik) June 26, 2018

Smartphone Acquisition: Adapt, Adjust and Get Smarter!
June 25, 2018 Heather Mahalik Leave a comment

June 25, 2018

I have been recently asked by students for a summary on how to handle smartphone acquisition of iOS and Android devices. I have avoided writing it down, like I would avoid the Plague, because mobile changes so quickly and I don’t want people to read something and live by it. I wrote this on my plane ride to Vancouver, so forgive any typos or briefness in this blog.[…]

https://smarterforensics.com/2018/06/smartphone-acquisition-adapt-adjust-and-get-smarter/

CVE-2018-1000205: U-Boot

June 26, 2018 ~ hucktech ~ 1 Comment

“This vulnerability has been received by the NVD and has not been analyzed.”

https://nvd.nist.gov/vuln/detail/CVE-2018-1000205

Two more BadUSB-related articles

June 25, 2018 ~ hucktech ~ Leave a comment

How to create "trojanized" USB key for redteam/social engineering using ADS, shortcuts, HTA, macro_pack, etc. Drop DLL payload with stealth, no knowledge of target file-system, and no Internet connection.https://t.co/oyVOlCxhmB

— Emeric Nasi (@EmericNasi) June 23, 2018

http://blog.sevagas.com/?Advanced-USB-key-phishing

#ICYMI Unit 42 looked into the Tick group's tactic of weaponizing secure USB drives to target air-gapped critical systems. Get the full report https://t.co/ld3i87vdql

— Palo Alto Networks (@PaloAltoNtwks) June 24, 2018

https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/

RISC-V implementations filled with blobs

June 25, 2018 ~ hucktech ~ 2 Comments

Intel, ARM, and especially POWER will be loving this moment:

Blobs everywhere. https://t.co/YImMrx1qXj Currently the SoC vendors and OEM tend to lockdown and throw out more binary blobs thank you think. Since 2010 it increased drastically. So be prepared for more #blobs in "open" systems #firmware

— Zaolin (@_zaolin_) June 25, 2018

All this said, note that the HiFive is no more open, today, than your average ARM SOC; and it is much less open than, e.g., Power. I realize there was a lot of hope in the early days that RISC-V implied “openness” but as we can see that is not so. There’s blobs in HiFive.

https://www.phoronix.com/scan.php?page=news_item&px=RISC-V-Not-All-Open-Yet

c2rust.com: C to Rust translator

June 25, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2017/04/08/corrode-rust-to-c-translator/

There’s another C to Rust translator:

I've been working on a translator for turning C code into Rust code. Try it out! https://t.co/tqFhNDyAx2

— Eric Mertens (@glguy) June 23, 2018

https://c2rust.com/

We've been trying to translate a handful of different open-source projects along the way to guide and test our work. Check out https://t.co/48XBB6tSoG for more details.

— Eric Mertens (@glguy) June 23, 2018

https://github.com/immunant/c2rust/tree/master/examples

WiFi HID Injector – An USB Rubberducky / BadUSB On Steroids

June 25, 2018 ~ hucktech ~ 1 Comment

WHID –#WiFi HID Injector – An USB #Rubberducky / #BadUSB On Steroids
Author: @LucaBongiorni
cc @WHID_Injector #BlackHatArsenal https://t.co/47DB5bo4Cz

— Hack with GitHub (@HackwithGithub) June 25, 2018

https://github.com/whid-injector/WHID

Network kernel debugging of virtual Windows via KDNET

June 25, 2018 ~ hucktech ~ Leave a comment

Debug Hyper-V VMs with KDNET – https://t.co/VvlUET8xUP

— Andy Luhrs (@aluhrs13) June 22, 2018

Setting Up Network Debugging of a Virtual Machine – KDNET
This topic describes how to configure a kernel debugging connection to a Hyper-V virtual machine (VM).[…]

https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-network-debugging-of-a-virtual-machine-host

International Journal of Proof-of-Concept or Get The F**k Out (PoC||GTFO) issue 0x18 released

June 25, 2018 ~ hucktech ~ Leave a comment

https://www.alchemistowl.org/pocorgtfo/

I made a mirror of PoC||GTFO and added PDF contents as standard files, as some of them are troublesome to open on some readers nowadays.https://t.co/7YWwQaDgV7

— Ange (@angealbertini) June 24, 2018

PoC||GTFO 0x18 is now available on the EU #IPv6-connected mirror!

Come claim your copy and check one of the two valid MD5s…https://t.co/qD2iVPJ0x6

— Arrigo Triulzi (@cynicalsecurity) June 25, 2018

Well, something I would have never expected: the @britishlibrary crawls & archives my PoC||GTFO mirror. They also do so with a perfectly clear User-Agent!

They link to PoC||GTFO 0x7 in the contest of file formats and preservation.

This is beautiful.https://t.co/F4Ni4mY1Yb

— Arrigo Triulzi (@cynicalsecurity) June 25, 2018

shimdemo: UEFI PXE + shim transparent loader demo

June 25, 2018 ~ hucktech ~ Leave a comment

This is a simple proof of concept illustrating the use of shim (with the transparent loader enhancements) to load iPXE, which in turn boots an operating system.

https://github.com/ipxe/shimdemo

Two articles on how to update your platform firmware

June 24, 2018 ~ hucktech ~ Leave a comment

Mac and Windows uses:

https://lifehacker.com/how-to-update-your-bios-to-protect-against-vulnerabilit-1826423812

Ubuntu Linux users:

https://help.ubuntu.com/community/BIOSUpdate

NVIDIA Graphics Firmware Update Tool for DisplayPort Displays

June 24, 2018 ~ hucktech ~ Leave a comment

This appears to be a new public tool, 1.0 release out this month.

I hope NVIDIA also makes a release for Linux, not just Windows.

To enable the latest DisplayPort 1.3 / 1.4 features, your graphics card may require a firmware update. Without the update, systems that are connected to a DisplayPort 1.3 / 1.4 monitor could experience blank screens on boot until the OS loads, or could experience a hang on boot. The NVIDIA Firmware Updater will detect whether the firmware update is needed, and if needed, will give the user the option to update it. […]

http://www.nvidia.com/object/nv-uefi-update-x86.html

Two Peerlyst firmware security resources

June 24, 2018 ~ hucktech ~ Leave a comment

Help us build out a career guide for learning #firmwaresecurity https://t.co/027sFCsRGg

— Claus Cramon Houmann (@ClausHoumann) March 17, 2018

https://www.peerlyst.com/posts/friday-career-how-to-become-a-firmware-security-specialist-peerlys

A new @Peerlyst wiki on #hardwaresecurity and #firmwaresecurity for you to enjoy or add more to. #cybersecurity https://t.co/duprFrdZin

— Peerlyst (@Peerlyst) June 18, 2018

https://www.peerlyst.com/posts/the-hardware-security-and-firmware-security-wiki-peerlyst

Mr. Crowbar – framework to reverse binary file formats

June 24, 2018 ~ hucktech ~ Leave a comment

Kindof reminds me of Scapy for binary file formats!

If you don't mind Python I made a toolkit which might be close to what you're after https://t.co/o1gfLTVuBx

— @moralrecordings@digipres.club (@moralrecordings) June 22, 2018

Mr. Crowbar is a Django-esque model framework that makes it super easy to work with proprietary binary formats while reverse engineering. File formats are described with Python classes that allow ORM-like free modification of structures and properties, which in turn can be validated and converted back to the binary equivalent at any time. The eventual goal is to provide a library for storing file format information that retains the readability of a text file, while providing instant read/write support for almost no cost.[…]

doc/source/_static/mrcrowbar.png

arm_now: QEMU-based tool to setup VMs for security research

June 24, 2018 ~ hucktech ~ Leave a comment

arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose. https://t.co/03mmx9G4YM

— Frank ⚡ (@jedisct1) June 23, 2018

arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose.

https://github.com/nongiach/arm_now

Alt Text

RE-Canary: Detecting Reverse Engineering with Canary Tokens

June 23, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/qrs/status/1010259931373633538

https://twitter.com/qrs/status/1010541545638985729

Uploaded slides for my RE-Canary talks https://t.co/ubAYFS1LKf was submitted to black hat but got rejected so here it is (for free)

— Collin Mulliner (@collinrm) June 22, 2018

Click to access Detecting_Reverse_Engineering_with_Canaries_CanSecWest2018.pdf

https://www.mulliner.org/blog/blosxom.cgi/security/re_canary.html

http://www.mulliner.org/collin/

hwloc – tool to discover hardware resources

June 23, 2018 ~ hucktech ~ Leave a comment

The OpenMPI project has a tool called hwloc that helps identify hardware, useful beyond parallel/high-performance computing. It even generates ASCII artwork!

Re: Intel hyper-threading security issues: Posted by Peter Kjellström on Jun 23… … This is sliding OT a bit I guess, but may I suggest the fairly mature hwloc (used by many projects in need of numa/core/smt topology): https://t.co/4JxQGotTuM $ lstopo… https://t.co/B8DIRbXlym

— Open Source Security mailing list (@oss_security) June 23, 2018

#hwloc 2.0.0 released, brings better support for hybrid and non-volatile memories, as well as lots of API cleanups. Lots of goodies for improved #hardware #locality on your #HPC platforms. https://t.co/xuFPE0cAnL https://t.co/SdZIMzG3cq

— Brice Goglin (@bgoglin) February 5, 2018

Did you know #hwloc may export #topology in #ASCII art?
$ lstopo -.txthttp://t.co/5F6ryskaRJ pic.twitter.com/S78aneXmGv #HPC via @bgoglin

— HPC Guru (@HPC_Guru) April 21, 2015

Great article from @daschl describes how to discover hardware architecture in Rust (@rustlang) using hwloc library: https://t.co/L2rZjmj1v0

— David Beck (@dbeck74) May 7, 2016

http://nitschinger.at/Discovering-Hardware-Topology-in-Rust/

The Hardware Locality (hwloc) software project aims at easing the process of discovering hardware resources in parallel architectures. It offers command-line tools and a C API for consulting these resources, their locality, attributes, and interconnection. hwloc primarily aims at helping high-performance computing (HPC) applications, but is also applicable to any project seeking to exploit code and/or data locality on modern computing platforms.

https://www.open-mpi.org/projects/hwloc/

https://github.com/open-mpi/hwloc

https://www.open-mpi.org/projects/hwloc/doc/v2.0.1/

Sample hwloc output

Quarks In The Shell – Episode IV

June 22, 2018 ~ hucktech ~ Leave a comment

[BLOG] Quarks In The Shell – Episode IV https://t.co/fKgmripWuk About obfuscation and Epona, IRMA and malware analysis at scale, automation and tooling in vulnerability research, hardware attacks on IoT devices, "computers" hiding under the hood of cars.

— quarkslab (@quarkslab) June 22, 2018

[…]One may need dedicated tools, like a debugger for a firmware or a baseband, or a disassembler to be able to read the instructions properly.[…]

https://blog.quarkslab.com/quarks-in-the-shell-episode-iv.html