[Dailydave] What has Fallen

Dave Aitel dave.aitel at gmail.com
Tue Mar 14 12:04:49 EDT 2017


No matter how "strategic" everyone says they are in our community, or in
the NatSec policy community adjacent to it, people have the localized
perspectives of a gecko, endlessly chasing moth after useless moth
attracted to the laundry-room-light of Fail that is the software
development world.

If you're going to look even a tiny tiny bit into the future, you have to
step back and say "This entire class of software is broken and we need
another way." Put another way: If you have a small team of vulnerability
researchers, what technology quadrants would you put them on, so in a
couple years, you would be unstoppable.

INFILTRATE is one way to view this, if you have the right eyes.

People are well aware that every Java middleware is broken - Tomcat's
latest Strut's issue is no surprise to people following along. But so are
all the things similar to it: DCOM, for example. This is compounded by
the overall
destruction of the entire Active Directory security model
<https://github.com/BloodHoundAD/BloodHound>.

Some other bug classes that are being actively exploited in modern and
interesting ways:

   - Timing attacks
   - MITM - especially non-traditional versions of this
   - State machine attacks (f.e. 1 <https://mitls.org/pages/attacks/SMACK>,
   2
   <http://2015.hackitoergosum.org/slides/HES2015-10-29%20Cracking%20Sendmail%20crackaddr.pdf>
   )
   - Hardware flaw excitement (RowHammer, cache timing attacks, etc.)
   - Cloud-computer attacks
   - Cryptographic-protocol attacks
   - Binary Remoting Protocols (DCOM, JavaRMI, etc.)
   - People forgetting we are in a 64 bit world now and can send large
   amounts of data
   - Hypervisor escapes because those things are just Kernels
   - Modern heap overflows
   - Attacking that fancy security infrastructure you just installed
   (SIEMs, Breach Detection, etc.)
   - DoS attacks

"WTF are you talking about?" I hear people asking. What I'm saying is "Name
a binary remoting protocol popular in 2007 that hasn't been analysed yet,
and it's going to have massive security issues if you have a year of
resources to pour into it.".

-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20170314/7dcb09ef/attachment.html>


More information about the Dailydave mailing list