Dailydave mailing list archives
What has Fallen
From: Dave Aitel <dave.aitel () gmail com>
Date: Tue, 14 Mar 2017 16:04:49 +0000
No matter how "strategic" everyone says they are in our community, or in the NatSec policy community adjacent to it, people have the localized perspectives of a gecko, endlessly chasing moth after useless moth attracted to the laundry-room-light of Fail that is the software development world. If you're going to look even a tiny tiny bit into the future, you have to step back and say "This entire class of software is broken and we need another way." Put another way: If you have a small team of vulnerability researchers, what technology quadrants would you put them on, so in a couple years, you would be unstoppable. INFILTRATE is one way to view this, if you have the right eyes. People are well aware that every Java middleware is broken - Tomcat's latest Strut's issue is no surprise to people following along. But so are all the things similar to it: DCOM, for example. This is compounded by the overall destruction of the entire Active Directory security model <https://github.com/BloodHoundAD/BloodHound>. Some other bug classes that are being actively exploited in modern and interesting ways: - Timing attacks - MITM - especially non-traditional versions of this - State machine attacks (f.e. 1 <https://mitls.org/pages/attacks/SMACK>, 2 <http://2015.hackitoergosum.org/slides/HES2015-10-29%20Cracking%20Sendmail%20crackaddr.pdf> ) - Hardware flaw excitement (RowHammer, cache timing attacks, etc.) - Cloud-computer attacks - Cryptographic-protocol attacks - Binary Remoting Protocols (DCOM, JavaRMI, etc.) - People forgetting we are in a 64 bit world now and can send large amounts of data - Hypervisor escapes because those things are just Kernels - Modern heap overflows - Attacking that fancy security infrastructure you just installed (SIEMs, Breach Detection, etc.) - DoS attacks "WTF are you talking about?" I hear people asking. What I'm saying is "Name a binary remoting protocol popular in 2007 that hasn't been analysed yet, and it's going to have massive security issues if you have a year of resources to pour into it.". -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- What has Fallen Dave Aitel (Mar 14)
- Re: What has Fallen John Strand (Mar 16)