[Dailydave] Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides

[Kristian Erik Hermansen]

Interesting. But hundreds of connections to random Chinese computers should
have also been a tip off, regardless of protocols used. Still good work
overall. The Jenkins vulns are concerning because Cyanogenmod, TeamWin /
TWRP, openstack, and tons of other projects depend on the security of
Jenkins project build systems not being compromised. To know how bad
Jenkins is, I found more 0day in Jenkins recently in 5 minutes of just
skimming and used it to PoC hack one of the main developers of Jenkins,
which I could have used to own millions of mobile phones and openstack
servers by committing a simple backdoor upstream. I'm a whitehat though.
But you should really fear Jenkins because surely the Chinese / NSA and
others have owned numerous projects with it. Here is a screenshot of me
popping a remote shell on a Jenkins core developer with commit access...yes
really...

https://s23.postimg.org/6qnenzbbv/tmp_20410_Screenshot_from_2016_03_10_12_13_17119.png

I have not shared the numerous 0day with anyone but a small select group of
people and only one of the vulns to the Jenkins team. This is a big hint
for Google Project Zero to invest some effort there if they haven't already
;) Jenkins team says they will make "big changes" when v2.0 is released,
but I can smell backdoors already have been added upstream and other
exploitable vectors will be around even if they really do enable "security
by default" in the next major release..

http://slides.com/eldraco/robots-vs-robots

Possibly relevant to discussion :)

_______________________________________________
Dailydave mailing list
Dailydave at lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160411/57ffe471/attachment.html>