Showing posts with label exploit. Show all posts
Showing posts with label exploit. Show all posts

Tuesday, February 26, 2013

Securing Windows with EMET


The enhanced Mitigation Experience Toolkit (EMET) is designed to
 help prevent hackers from gaining access to your system. 

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc. 

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:
Posted by at No comments:
Labels: , , ,

Wednesday, February 20, 2013

VMware DLL Injection




VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation system authentication screen.
VMware handles the resources allocated to guest operating systems, including RAM memory. VMInjector injects a DLL library into the VMWare process to gain access to the mapped resources. The DLL library works by parsing memory space owned by the VMware process and locating the memory-mapped RAM file, which corresponds to the guest’s RAM image. By manipulating the allocated RAM file and patching the function in charge of the authentication, an attacker gains unauthorised access to the underlying virtual host.
VMInjector can currently bypass locked Windows, Ubuntu and Mac OS X operation systems. The in-memory patching is non-persistent, and rebooting the guest virtual machine will restore the normal password functionality


Posted by at No comments:
Labels: , , ,

Tuesday, February 19, 2013

Windows ASLR Analysis



Abstract: Address space layout randomization (ASLR) is a prophylactic security technology aimed at reducing the effectiveness of exploit attempts. With the advent of the Microsoft® Windows Vista operating system, ASLR has been integrated into the default configuration of the Windows® operating system for the first time. We measure the behavior of the ASLR implementation in the Windows Vista RTM release. Our analysis of the results uncovers predictability in the implementation that reduces its effectiveness.

Written by Ollie Whitehouse, Architect,
Symantec Advanced Threat Research

 Download as PDF

Posted by at No comments:
Labels: , , , , ,

Thursday, January 10, 2013

Android kernel rootkit 




This paper covers rootkit techniques that can be used in linux kernel based on Android platform using ARM(Advanced RISC Machine) process. All the tests in this paper were performed in Motoroi XT720 model(2.6.29-omap1 kernel) and Galaxy S SHW-M110S model(2.6.32.9 kernel). Note that some contents may
not apply to all smart platform machines and there are some bugs you can
modify.

We have seen various linux kernel hooking techniques of some pioneers([1]
[2][3][4][5]). Especially, I appreciate to Silvio Cesare and sd who
introduced and developed the /dev/kmem technique. Read the references for
more information.

In this paper, we are going to discuss a few hooking techniques.

 1. Simple and traditional hooking technique using kmem device.
 2. Traditional hooking technique changing sys_call_table offset in
    vector_swi handler.
 3. Two newly developed hooking techniques changing interrupt
    service routine handler in exception vector table.




Read the full article









Posted by



at





No comments:
  



















Labels:
,
,
,
,
















        

      









Subscribe to:
Posts (Atom)