Three ways to protect yourself
If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.
Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details.
For the purposes of this blog, I am... read more >
Hack the vote blog series: part 3
We reiterate that there have been no known malicious attacks against voting machines actively being used in an election in the United States. This doesn’t mean that such attacks aren’t possible, but simply that it hasn’t happened yet (or if it has happened nobody has noticed). Still, we should take the attacks against political parties and the voter rolls as a warning that somebody is interested in affecting U.S. elections.
As long as electronic voting machines have been around there have been security researchers finding vulnerabilities in them including one disclosed yesterday, the day before the election. The primary concern is that with the move to electronic voting systems the votes and even the ballots themselves are just bits in a database that can be easily flipped. It has become much more feasible for a malicious actor to have a large impact than in the days of paper ballots. While these technical vulnerabilities are a threat and should be... read more >
Configuring Triage and Uploading Samples
CRITs (Collaborative Research Into Threats) is a threat analysis platform that helps manage and track malicious actors, campaigns, and samples. Getting everything installed for CRITs can be a bit of a task, but the process is getting better. NTT Security has recently been using CRITs to aid in the analysis process. Setting up CRITs for triage is fairly straightforward. Today, I’m going to walk you through the configuration process.Configure for Triage
Malware triage is the assessment of malware to determine severity and priority. Triage generally entails basic analysis of a sample in order to ascertain its nature and intent.
To configure triage in CRITs, access the Settings menu from the gear in the top left corner of the screen, and select Services under the CRITs Control Panel drop down.
... read more >
Earlier this year, a friend (5tubb0rn) and I toyed around with some ideas at a local hacker workspace. I had been using a Proxmark/BishopFox build to steal proximity badges during some of our Professional Security Services on-site Social Engineering Assessments and covert Physical Security Assessments. The Proxmark/BishopFox build was handy in that I didn’t have to bump into anyone in order to snag their badge for replication. The only problem I’ve had with this device is the size – it is a garage badge reader after all, and about the size of a laptop. There are smaller devices out there but we wanted to create something from scratch, utilizing a Raspberry Pi and some plug-and-play sensors that could be easily hidden by someone in the guise of a contractor. So, the two of us came up with a... read more >
To UPnP or not to UPnP
As the internet has changed, so have our lives. We no longer just dial up to find that “you’ve got mail,” instead we stay constantly connected through our phones, tablets, and computers. We are now in the age of never leaving home without a device, and being connected to the internet at all times. Some can’t even imagine going out of range.
These devices that are with us at all times are our own personal Internet of Things (IoT). IoT devices can be baby monitors, home entertainments systems, home security systems, or even a refrigerator fully equipped with a video camera so we can check whether we have milk or not.
Vance Baker presented us with Introduction to Internet of Things (IoT) Security earlier this year that provides some really good advice for creating a safe IoT environment. I know what you may be saying: “If I follow the advice given,... read more >
Hack the vote blog series: part 2
At first glance, the hacks targeting voter registration databases are a bit confusing: the voter rolls are considered a public record in many states, often obtainable by paying a fee of a few hundred dollars. Websites can and have legally republished this data. Records are also available to political campaigns, even in states where the records are not otherwise publicly available, and these lists can be bought online. It raises the question: why hack into a database that can be had just by politely asking for it?
So far the conversation around the voter database hacks has focused on the confidentiality of these records, as if the exposure of this data presents some sort of increased risk. Illinois, a... read more >
Ransomware in the health care industry, the ‘direct cash-back’ revenue model, targeting the Internet of Things (IoT), securing SWIFT networks, and a notable decrease in reconnaissance activity.
During Q3 ’16, NTT Security researchers observed attacks which exhibited the same characteristics as those a year ago in Q3 ’15 – a notable decrease in reconnaissance and an increase in application attacks, with attackers likely maintaining a persistent presence in the target environment.
NTT Security observed a 38 percent drop in security-related events from Q2 ’16 to Q3 ’16. While that seems like an amazing statistic, it included a dramatic 91 percent decrease in reconnaissance and a 64 percent decrease in suspicious activity, which may indicate more of a change in focus than a dramatic fall off in attack volume.
... read more >