I’ve recently had some time on my hands (knee injury), so I decided to implement a couple of Metasploit modules. This first module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write… Read more »
Posts Categorized: Hacks
Video – Hacking OS X FileVault2 over Thunderbolt with Inception
I’ve created a short video showing how to attack OS X Lion with FileVault2 enabled using my tool, Inception. In the video, I attack a fully patched Mac OS X Lion machine with full-disk encryption enabled (FileVault2), while the machine is powered on and a user is logged in. Using Inception, I am able to dump… Read more »
Adventures with Daisy in Thunderbolt-DMA-land: Hacking Macs through the Thunderbolt interface
We security folks often feel like we are regurgitating the same type of security issues over and over again, just in new contexts. So depending on how you look at it, this is “old new” or “new old” news. Nevertheless, I thought it would be a good idea to take it down from speculation to… Read more »
Openness and disclosure may be the only remedy against operations like the “Shady RAT”
McAfee recently disclosed the result of five years of investigation of a threat actor that have compromised 72 targeted organizations. While the sheer number and time span of the attacks, not to mention the compromised parties’ identities (for instance, the United Nations was hacked) are enough to raise an eyebrow or two, two paragraphs in the article particularly caught my… Read more »
Download winlockpwn
Update: I’ve coded a replacement for winlockpwn (Inception) and released the tool here. In case someone is looking for the winlockpwn source code, it is available for download here, complete with signatures for Windows 7.
Alternative to winlockpwn: libforensic1394
A couple of days after demonstrating winlockpwn I came over libforensic1394, a full C library with full Python bindings for leveraging the SBP2 FireWire (IEE1394) DMA feature to perform memory dumps and live patching of physical memory. It works like a charm, and it is much more stable than the old winlockpwn hack. This is… Read more »
winlockpwn on Ubuntu
Update: I’ve released a tool at github called Inception, which uses libforensic1394 to unlock Windows XP, Vista and Windows 7 boxes. IMNSHO, it is much more stable than winlockpwn, easier to use and works against a wider spectrum of target operating systems. Quite regularly I’m being asked to demonstrate the FireWire attack made by MetlStorm aka… Read more »
Poor man’s VMware Infrastructure Client for OS X
VMware has for a long time shown a blatant disrespect for its Mac customer base by not providing a decent method of accessing Virtual Machines (VMs) from OS X. The VMware Infrastructure (VI) Client is .Net-based and cannot easily be run from OS X, and the browser plugins does not work with Safari or Firefox (on OS… Read more »
The rise and fall of HBGary Federal
Wired‘s Threat Level blog has a very good article on how not to run a professional information security services firm. HBGary Federal, that was recently hacked by the loosely attached group of hacktivists called Anonymous (press release here), has, it seems, fallen ill to some unknown spy movie virus when trying to unmask the group… Read more »
Gawker hacked, LinkedIn responds promptly
Gawker has been hacked, and their whole user database was just leaked at The Pirate Bay, containing over 500 megs of usernames and passwords to Gawker, Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9 and Fleshbot. A couple of minutes ago I noticed an email from LinkedIn, stating: Dear X, In order to ensure that you… Read more »