pl
en
Archive
Blog
Wireshark 0.8.20-1.28 vulnerabilities set
2010-07-30 15:01
Sometimes you can find really cool vulnerabilities – all http and smtp pre-authentication server vulnerabilities belong to this group definitively. The same class includes all vulnerabilities in popular network sniffers like Wireshark to name a few. After all how cool can be to break whole organization security thanks to vulnerable sniffer run by security department just before weekend starts. Also take a look at hoagie_openssl_record_of_death.c exploit for CVE-2010-0740 vulnerability. Can be useful as a base for further OpenSSL exploits.
Binding read() with threats
2010-07-21 16:55
During remediation workshops one topic is being brought back every time among programmers: "why should we fix this vulnerability – it’s only read() function, you can’t overwrite anything with it…" Now if you are tired of repeating the same line that just like any other reported problem, every vulnerability should be fixed, than this blog entry is for you. You can show it both to your management and software developers as validity proof of your approach.
First of all: every single vulnerability must be fixed. The end. Secondly it’s not really true that read() and similar calls are ...
AVET is hiring
2010-06-07 16:26
We would like to announce that we are currently looking for new emplyees.
More information is available here.
Is it easier to exploit open soucre?
2010-06-09 17:38
As soon as the term "open source" has been coined discussion regarding security of such solutions versus ones with closed source code started. When finally it seemed that this discussion is over (could computing is now cool topic) "An Empirical Analysis of Exploitation Attempts based on Vulnerabilities in Open Source Software" report has been published as part of "Workshop on the economic of information security". Obviously information security is tightly connected with economy. Perfect example of this is cryptography when one often assumes security level based on time, computing power and energy consumption estimation. All and every single one of ...
Vulnerability market
2010-05-24 12:21
An interesting study regarding value of 0-day vulnerability and exploits has been published. Read more at: unsecurityresearch.com
PPC shellcode wrapper
2010-05-20 11:12
Working at company like AVET INS allows to get involved with different interesting research projects. Lately we stumbled across writing completely new shellcode for PowerPC architecture. As shellcodes are not the nicest targets for debugging the best option is to place shellcode in some kind of wrapper for testing purposes. In case of Unix-like platforms C is a good choice for writing such wrapper. Here is the simplest wrapper for PCC shellocde compiling under GCC:
long shellcode[] ={
};
void main(void) {
__asm__("b shellcode");
}
ISMS certification
2010-05-18 15:17
From time to time even we are being audited. Recently our quality and information security management systems (ISO 9001, AQAP and ISO 27001) has been controlled. For audit house such project is an important cultural challenge within organization. After all most of are employees are auditors and are used to the situation when they are performing audit – not somebody else. This provides unique opportunity to not also check management systems but also provides great training to all employees. Additionally for fresh auditors it provides experience of being on the other side of projects they doing on a daily basis. The ...
python -c
2010-04-08 15:08
As Python fans and daily users it is hard for us to understand why people still use perl –e [perl code] oneliners. At the end of day all of us run IDA Pro and automatically load IDA Python module, ImmunityDebugger has great integration with Python too. So starting from today lets use python –c [python code] – for example: python –c "print 'A'*264".
OpenBSD 4.7: malloc’s s flag
2010-03-25 18:29
Buffer / heap overflow system protections in system functions responsible for memory management are constantly evolving. One of such examples is a recent change is S flag addition to malloc() function in OpenBSD 4.7 version. This functions has been modified few times before including intrudction of page address randomization.
Evolution of such safeguards is a very positive trend because vulnerabilities in operating system tend to be critical. Introducing new, more advanced protection mechanisms exploitation of such bugs becomes harder. On the other hand – as VDM vulnerability has shown – system architects have still long road ahead of them.
Speedup your (Pyhton based) fuzzer – part 1
2010-03-17 18:10
Fuzzers have a lot of advantages and disadvantages. One of disadvantages is long execution time. In order to provide most accurate results we need to cover as much code as possible with fuzzing. At the end of the day it means billions of request at worst case scenario. Add to it time required to complete each iteration including generating it.
In case of block fuzzers like SPIKE or Sulley it is common to generate sets of different iterations – for example:
Iteration set 1: / * n Iteration set 2: ../ * n Iteration set 3: .. * n
Where n is integer type. Generating such sets ...
Virtual PC: memory protection vulnerability
2010-03-17 18:03
CORE-2009-0803 advisory from Core Security Technology describes very interesting vulnerability in memory protection scheme enforced by Virtual PC hypervisor. This bug enables userland applications to access kernel memory. It is quite interesting to note – that just like recent VDM issue – this operating system / hypervisor level vulnerability brakes all security mechanism. By exploiting this issue attacker is able to bypass DEP or SafeSEH for example and therefore good old classic buffer overflows are exploitable too even on platforms that have protection against such attacks like Windows XP SP3.
The one positive thing in this story is a fact that there are ...
Time of change: SecurityFocus
2010-03-12 13:28
SecurityFocus announced that portal form will be changed due to reshaping of IT Security. AVET INS is couple of years older than SecurityFocus and such changes shows how dynamically whole sector is evolving, responding both to new security threats and business needs. We wish SecurityFocus further development as bugtraq list is still important resource for vulnerability management.
Do not forget about Weblogic patch
2010-02-11 10:41
Po prezentacji Davida Litchfielda na konferencji BlackHat wszyscy zaczeli mówić o nowym exploitcie zero-day dla Oracla. Tymczasem 10 lutego Oracle wysłał przypomnienie o konieczności jak najszybszej instalacji poprawki dla Node Managera będącego komponentem WebLogic Server. Poprawka adresuje podatność CVE-2010-0073 (http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html ); alert został opublikowany 4 lutego 2010.
Oczywiście każdej podatności przypisuje się poziom krytyczności. Oracle poszedł nawet krok dalej i w swoich alertach używa klasyfikacji CVSS (http://www.first.org/cvss/ ) co w znaczy sposób ułatwia klasyfikację poprawek po stronie klientów. Jednak gdy media opisują konkretną podatność łatwiej jest zignorować inne. I ...
Address changed
2010-02-09 18:41
New address
ul. Belgijska 11
02-511 Warszawa
Tel. (+48 22) 542 82 77
Fax. (+48 22) 542 82 78
Role of threat modeling at design time
2010-02-09 17:35
Threat modeling is a formalized analysis of a given system/applications from the attacker's point of view and the result is identification of higher risk areas. Thus it is possible to apply adequate security and the appropriate allocation of financial resources needed for this purpose.
Threat modeling process is based on identification of all possible entry points of the system and applications and then examining what methods can be used to break or bypassing the safeguards applied. The result of such analysis is needed not only the definition of security measures (including estimation of their levels) but also the ...