[Dailydave] SWORDFISH THE EXPLOIT VIDEO SERIES! :>
Dave Aitel
dave at immunityinc.com
Mon Jan 27 16:39:35 EST 2014
So over the past few months we've been writing up an exploit for SILICA
that we think will make a big impact on our users. It's an Android
vulnerability, and some background on it is below. But we've also been
videoing various parts of how this exploit comes together. One thing we
always ask people to do at INFILTRATE <http://www.infiltratecon.com/>is
to show some of the things they tried that failed - but most people
can't really even remember their process, let alone document it for the
viewers.
And, of course, popular media implies you can write remote exploits with
a gun to your head <http://www.youtube.com/watch?v=zfy5dFhw3ik>in sixty
seconds or less.
So we decided to change that. Each video is a small snapshot of how this
exploit comes together bit by bit. It's interesting if you want to know
more about the exploit, of course, but it's also interesting if you want
to learn about the kind of work and process that goes into an exploit of
this nature. These are unedited videos (as you can tell) and sometimes
you'll have to turn your sound all the way up to hear Mark, but I
promise it is worth it. Deep down, the vulnerability is just the
beginning, as anyone who has written an exploit can tell you.
Background:
https://labs.mwrinfosecurity.com/advisories/2013/09/24/webview-addjavascriptinterface-remote-code-execution/
Initial vulnerability exploration and optimism:
Swordfish 0 - http://www.youtube.com/watch?v=yUx3RsTud1Q
Swordfish 0.5 - http://www.youtube.com/watch?v=qpaOQK6VjLg
Swordfish 1 - http://www.youtube.com/watch?v=37jseVURfNA
Swordfish 2 - http://www.youtube.com/watch?v=kpsudceBElc
Swordfish 2.5 - http://www.youtube.com/watch?v=TAxrrsJPUqw
Trying to make the exploit universal (against all vulnerable apps) so it
has a hope of working IRL:
Swordfish 3 - http://www.youtube.com/watch?v=VEkXSy7YGLo
Swordfish 4 - http://www.youtube.com/watch?v=83h8AHBPP_s
Just basically running into unseen issues
Swordfish 5 - http://www.youtube.com/watch?v=8PnNX7XyE8c
Solving some of these issues, but running into more issues trying to get
it to work on all Android versions:
(this one is longer than most - turn your sound up as it's a phone video
unfortunately)
Swordfish 6 - http://www.youtube.com/watch?v=TNNtFCl-NEI
A brief interlude:
Swordfish 7 part 1 - http://www.youtube.com/watch?v=xaPd1DK8-ws
There are more, of course. . . if you sign up to INFILTRATE will send
them to you. :>
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140127/6581875d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140127/6581875d/attachment.sig>
More information about the Dailydave
mailing list