DeepSec2020 Talk: Pivoting – As an Attack Weapon – Filipi Pires

Sanna/ October 27, 2020/ Conference

Demonstrating an exploit in a container environment (three dockers) across three different networks, I will demonstrate different pivot, vulnerability exploit, and privilege escalation techniques on all machines using Alpine linux, Gogs app, and other Linux platforms using Pentest methodologies such as recon, enumeration, exploitation, post exploitation. By the end of this presentation everyone will be able to see different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker. We asked Filipi a few more questions about his talk. Please tell us the top 5 facts about your talk. During this presentation, we are looking at some important facts such as: Observability in different environment, vulnerability exploit, use of privilege escalation techniques, some misconfigurations or maybe no good

Read More

ROOTS 2018 Talk: Kernel-Assisted Debugging of Linux Applications – Tobias Holl, Philipp Klocke, Fabian Franzen

Sanna/ November 22, 2018/ Conference, ROOTS

On Linux, most—if not all—debuggers use the ptrace debugging API to control their target processes. However, ptrace proves unsatisfactory for many malware analysis and reverse engineering tasks: So-called split-personality malware often adapts its behavior in the presence of a debugger, yet ptrace makes no attempt to hide from a target process. Furthermore, ptrace enforces a strict one-to-many relation meaning that while each tracer can trace many tracees, each tracee can only be controlled by at most one tracer. Simultaneously, the complex API and signal-based communications provide opportunities for erroneous usage. Previous works have identified the newer uprobes tracing API as a candidate for building a replacement for ptrace, but ultimately rejected it due to lack of practical use and documentation. Building upon uprobes, we introduce plutonium-dbg, a Linux kernel module providing debugging facilities independent

Read More

DeepSec 2018 Talk: Pure In-Memory (Shell)Code Injection in Linux Userland – reenz0h

Sanna/ September 18, 2018/ Conference, Security

A lot of research has been conducted in recent years on performing code injection in the Windows operating system without touching the disk. The same cannot be said about *NIX (and Linux specifically). Imagine yourself sitting in front of a blinking cursor, using a shell on a freshly compromised Linux server, and you want to move forward without leaving any trace behind. You need to run additional tools, but you don’t want to upload anything to the machine. Or, you simply cannot run anything because the noexec option is set on mounted partitions. What options remain? This talk will show how to bypass execution restrictions and run code on the machine, using only tools available on the system. It’s a bit challenging in an everything-is-a-file OS, but doable if you think outside the box

Read More

DeepSec 2018 Talk: Open Source Network Monitoring – Paula de la Hoz Garrido

Sanna/ August 31, 2018/ Conference, Security

“I’d like to offer an introduction into Network System Monitoring using different open tools available in Linux.”, says Paula. “The talk is a technical approach to identify the best sniffing points in a network and how to orchestrate a full analysis of the content to secure the network, as well as showing ideas of collaborative and distributed hacking. Also, for a better performance, the talk includes a brief guide into configuring a Raspberry Pi for creating a simple Network Capture Probe. The main point of the talk is to show how open source tools are a nice option for this kind of security assessment.” We asked Paula a few more questions about her topic of expertise: Please tell us the top 5 facts about your talk. First of all, this talk is not solely

Read More

DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco

Sanna/ October 21, 2016/ Conference, Interview

Please tell us the top facts about your talk. It discloses a vulnerability that affects Linux systems encrypted with Luks, and how it can be abused to escalate privileges: CVE-2016-4484 Includes a sketch of the boot sequence with a deeper insight into the initrd Linux process A brief discussion about why complexity is the enemy of security: The whole system needs to be observed. A practical real working demo attack will be presented. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? Well, this is a difficult question. Basically, it is an attitude in front of the computer. When we start a research line, we don’t stop digging until the ultimate doubt and question is addressed. After the GRUB 28 bug, we keep reviewing the rest of

Read More