[Dailydave] Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides

Kristian Erik Hermansen kristian.hermansen at gmail.com
Mon Apr 11 11:12:37 EDT 2016

Interesting. But hundreds of connections to random Chinese computers should
have also been a tip off, regardless of protocols used. Still good work
overall. The Jenkins vulns are concerning because Cyanogenmod, TeamWin /
TWRP, openstack, and tons of other projects depend on the security of
Jenkins project build systems not being compromised. To know how bad
Jenkins is, I found more 0day in Jenkins recently in 5 minutes of just
skimming and used it to PoC hack one of the main developers of Jenkins,
which I could have used to own millions of mobile phones and openstack
servers by committing a simple backdoor upstream. I'm a whitehat though.
But you should really fear Jenkins because surely the Chinese / NSA and
others have owned numerous projects with it. Here is a screenshot of me
popping a remote shell on a Jenkins core developer with commit access...yes


I have not shared the numerous 0day with anyone but a small select group of
people and only one of the vulns to the Jenkins team. This is a big hint
for Google Project Zero to invest some effort there if they haven't already
;) Jenkins team says they will make "big changes" when v2.0 is released,
but I can smell backdoors already have been added upstream and other
exploitable vectors will be around even if they really do enable "security
by default" in the next major release..


Possibly relevant to discussion :)

Dailydave mailing list
Dailydave at lists.immunityinc.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160411/57ffe471/attachment.html>

More information about the Dailydave mailing list