DeepSec 2017 Training: The ARM IoT Exploit Laboratory

René Pfeiffer/ August 29, 2017/ Conference, Security, Training

If the Internet of Things (IoT) will ever leave puberty, it has to deal with the real world. This means dealing with lies, fraud, abuse, exploits, overload, bad tempered clients (and servers), and much more. Analysing applications is best done by looking at what’s behind the scenes. IoT devices, their infrastructure, billions of mobile devices, and servers are powered by processors using the Advanced RISC Machine (ARM) architecture. This design is different from the (still?) widespread Intel® x86 or the AMD™ AMD64 architecture. For security researchers dealing with exploits the change of design means that the assembly language and the behaviour of the processor is different. Developing ways to inject and modify code requires knowledge. Now for everyone who has dealt with opcodes, registers and oddities of CPUs, this is nothing new. Grab the

Read More

Disclosures, Jenkins, Conferences, and the Joys of 0Days

René Pfeiffer/ November 17, 2016/ Conference, Discussion, High Entropy

DeepSec 2016 was great. We have slightly recovered and deal with the aftermath in terms of administrivia. As announced on Twitter, we would like to publish a few thoughts on the remote code execution issue found by Matthias Kaiser. He mentioned the possibility in this presentation titled Java Deserialization Vulnerabilities – The Forgotten Bug Class. First let’s explain some things about how DeepSec runs the Call for Papers, the submissions, and the conference. During the Call for Papers process our speakers send us title, abstract, and mostly an in-depth description of the presentation’s content. This means that we usually know what’s going to happen, except for the things that are actually said and shown during the presentation slot. Since we do not offer any live video streams and publish all presentation slides after we

Read More

DeepSec2016 Workshop: Offensive iOS Exploitation – Marco Lancini

Sanna/ September 4, 2016/ Conference, Training

If an iPhone gets exploited in the forest and no one is around to 0wn it, does it worry you? This philosophical question has been answered sufficiently by the latest Pegasus incident. All smartphone should worry you. The iPhone and its operating system is no exception. Actually breaking a smartphone give an attacker a lot of advantages. Chances are that you carry the exploited device with you all the time. At last the Age of Mobility has reached information security! In order to develop exploits you need a healthy dose of software development and a (deep) knowledge of the platform being attacked. For those of you who do a lot of penetratoion testing, security analysis, or plain software quality management, we have a shortcut for you: the iOS exploitation workshop. This is an exercise-driven

Read More

Thoughts on Lawful Malicious Software and its Impact on IT Infrastructure

Sanna/ April 14, 2016/ Interview, Press, Security

During the premiere of „A Good American“ we had a chat with journalists. Markus Sulzbacher of Der Standard wanted to know what the implication of the so-called Bundestrojaner (litterally federal trojan, the colloquial German term for the concept of inserting government malware in order to extract information from a suspect’s computer and telephone devices). The idea is to infect a computer system with malicious software that sits in the background and to siphon off the hard-to-get data connected to communication (i.e. messengers, Skype, emails, etc.). We have translated the interview from German to English for you. You can find the original on Der Standard web site. Der Standard 12.04.2016 “The federal Trojan is governmental malware” Police praise the software as a “wonder weapon against terror”. But for IT expert René Pfeiffer the planned introduction

Read More

DeepSec 2014 Workshop: Understanding x86-64 Assembly for Reverse Engineering and Exploits

René Pfeiffer/ October 14, 2014/ Training

Assembly language is still a vital tool for software projects. While you can do a lot much easier with all the high level languages, the most successful exploits still use carefully designed opcodes. It’s basically just bytes that run on your CPU. The trick is to get the code into position, and there are lots of ways to do this. In case you are interested, we can recommend the training at DeepSec held by Xeno Kovah, Lead InfoSec Engineer at The MITRE Corporation. Why should you be interested in assembly language? Well, doing reverse engineering and developing exploits is not all you can do with this knowledge. Inspecting code (or data that can be used to transport code in disguise) is part of information security. Everyone accepts a set of data from the outside

Read More

DeepSec 2013 Workshop: Hands On Exploit Development (Part 2)

René Pfeiffer/ October 21, 2013/ Conference, Stories

Unless you buy ready-made exploits or do security research (you know, the tedious task of testing systems and code, findings bugs and assessing their impact) you may wonder where they come from. To show you how to exploit a vulnerability and how to get to an exploit, we have asked Georgia Weidman for an example. She will be conducting the Hands On Exploit Development training. Early in my infosec education I took a class with a lab portion systems with known vulnerabilities. One system that I had difficulty exploiting was a Windows 7 host with HP Power Manager 4.2.6 which is subject to CVE-2009-2685. There is no Metasploit Module for this issue, but I was able to find some public exploit code on Exploit-db. The exploit calls out explicitly that it has been tested

Read More

DeepSec 2013 Workshop: Hands On Exploit Development (Part 1)

René Pfeiffer/ October 20, 2013/ Conference, Training

Software bugs evolve, just like their animal counterparts. Lesser bugs impact usability or are simple malfunctions. Once a bug impacts the security it is called a vulnerability. This means that something major is broken and that the internal logic can be manipulated to produce undesirable effects. Vulnerabilities can be exploited to create deterministic effects such as bypassing security checks, elevating privileges or other things. Exploits are the biggest bugs around. They have to work every time (at least with the software version affected by the bug/vulnerability), they need to insert specific code with a given purpose, and they should not compromise the functionality of the software (since you don’t want to be noticed) – So there is software development involved. Georgia Weidman will teach you how to get from a bug via a vulnerability

Read More

DeepSec 2012 Workshop: The Exploit Laboratory – Advanced Edition

René Pfeiffer/ September 30, 2012/ Conference

Offensive security is a term often used in combination with defence, attack (obviously), understanding how systems fail and the ever popular „cyberwar“. Exploiting operating systems and applications is the best way to illustrate security weaknesses (it doesn’t matter if your opponents or pentesters illustrate this, you have a problem either way, and you should know about it). So where do exploits come from? Well, you can buy them, you can download them somewhere, or you can develop them. This is where The Exploit Laboratory comes in. Saumil Shah will teach you how exploits work – even on modern operating systems! Exploit Development is one of the hottest topics in offensive security these days. The Exploit Laboratory, in its sixth year, brings advanced topics in exploit development to Vienna this year. Arm yourself with skills

Read More