[Dailydave] What has Fallen
Dave Aitel
dave.aitel at gmail.com
Tue Mar 14 12:04:49 EDT 2017
No matter how "strategic" everyone says they are in our community, or in
the NatSec policy community adjacent to it, people have the localized
perspectives of a gecko, endlessly chasing moth after useless moth
attracted to the laundry-room-light of Fail that is the software
development world.
If you're going to look even a tiny tiny bit into the future, you have to
step back and say "This entire class of software is broken and we need
another way." Put another way: If you have a small team of vulnerability
researchers, what technology quadrants would you put them on, so in a
couple years, you would be unstoppable.
INFILTRATE is one way to view this, if you have the right eyes.
People are well aware that every Java middleware is broken - Tomcat's
latest Strut's issue is no surprise to people following along. But so are
all the things similar to it: DCOM, for example. This is compounded by
the overall
destruction of the entire Active Directory security model
<https://github.com/BloodHoundAD/BloodHound>.
Some other bug classes that are being actively exploited in modern and
interesting ways:
- Timing attacks
- MITM - especially non-traditional versions of this
- State machine attacks (f.e. 1 <https://mitls.org/pages/attacks/SMACK>,
2
<http://2015.hackitoergosum.org/slides/HES2015-10-29%20Cracking%20Sendmail%20crackaddr.pdf>
)
- Hardware flaw excitement (RowHammer, cache timing attacks, etc.)
- Cloud-computer attacks
- Cryptographic-protocol attacks
- Binary Remoting Protocols (DCOM, JavaRMI, etc.)
- People forgetting we are in a 64 bit world now and can send large
amounts of data
- Hypervisor escapes because those things are just Kernels
- Modern heap overflows
- Attacking that fancy security infrastructure you just installed
(SIEMs, Breach Detection, etc.)
- DoS attacks
"WTF are you talking about?" I hear people asking. What I'm saying is "Name
a binary remoting protocol popular in 2007 that hasn't been analysed yet,
and it's going to have massive security issues if you have a year of
resources to pour into it.".
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20170314/7dcb09ef/attachment.html>
More information about the Dailydave
mailing list