how can i have 100 0 day for just 1 day
play

How can I have 100 0-day for just 1-day Version : Draft Speak by - PDF document

Oct 16, 2022 •1.13k likes •1.38k views

HITCON 2013 : CYBERWAR, IN HACK WE TRUST JUL. 19-20, 2013 How can I have 100 0-day for just 1-day Version : Draft Speak by R3d4l3rt Outline I. Introduction Introduction of speaker II. Project Overview I just want to find a lot

  1. HITCON 2013 : CYBERWAR, IN HACK WE TRUST JUL. 19-20, 2013 How can I have 100 0-day for just 1-day Version : Draft Speak by R3d4l3rt Outline I. Introduction • Introduction of speaker II. Project Overview • I just want to find a lot of vulnerability • Think it easier and Change one’s way of thinking • How can we found vulnerabilities • About ActiveX • APT Attacks via Active-X (Cases Study) III. How can I found bug easily? • Introduction Automatic sample collections tool (Demo) Introduction Auto Install sample tool (Demo) • Introductions Fuzzer • Introductions Exploit IV. How can I have about one hundred vulnerability for just 1 days • Result of Tested • Examples (Active X Vulnerability) HITCON 2013 1

  2. Outline I. Introduction • Introduction of speaker II. Project Overview I just want to find a lot of vulnerability • Think it easier and Change one’s way of thinking • How can we found vulnerabilities • About ActiveX • APT Attacks via Active-X (Cases Study) • III. How can I found bug easily? • Introduction Automatic sample collections tool (Demo) Introduction Auto Install sample tool (Demo) • Introductions Fuzzer • Introductions Exploit IV. How can I have about one hundred vulnerability for just 1 days • Result of Tested • Examples (Active X Vulnerability) HITCON 2013 2 Introduction Who… Speaker Introduction Louis Hur is corporate president and Chief Executive Officer (CEO) of NSHC Corporation. He co- founded NSHC with four Hackers in 2003 while studying at the University, and was the first CEO until now Mr. Louis brings more than 15 years of field-proven experience security and bug hunting businesses that help clients reduce their enterprise-wide IT security risk. Prior to starting NSHC, He is a frequent speaker on Internet security issues and has appeared as an expert on various media outlets, including HK TV and MBC, KBS. • Experience (2010 ~ 2013) - 2013 Vulnerability Analysis of NSHC’s R3d4l3rt Teams. (Discovered 0-day many times. ) - 2011 Black-Hat Abu Dhabi Speaker - 2010 CSO Conference Speaker He is working the new vulnerability analysis and bug hunting, mobile security research in NSHC Red Alert Team. Also He is currently serving for Security Response Center at NSHC Company and responsible for malicious code analysis and anti-virus products. He is a frequent speaker on Internet security issues and has appeared as an expert on various media outlets, including MBC, KBS, JTBC. • Experience (2010 ~ 2013) - 2013 Vulnerability Analysis of NSHC’s R3d4l3rt Teams. (Discovered 0-day many times. ) - 2012 CSO Conference Speaker in KOREA - 2011 Army Investigation Division served as an instructor HITCON 2013 3

  3. Outline I. Introduction • Introduction of speaker II. Project Overview I just want to find a lot of vulnerability • Think it easier and Change one’s way of thinking • How can we found vulnerabilities • About ActiveX • APT Attacks via Active-X (Cases Study) • III. How can I found bug easily? • Introduction Automatic sample collections tool (Demo) Introduction Auto Install sample tool (Demo) • Introductions Fuzzer • Introductions Exploit IV. How can I have about one hundred vulnerability for just 1 days • Result of Tested • Examples (Active X Vulnerability) HITCON 2013 4 Project Overview I just want to find a lot of vulnerability • I just want to find a lot of vulnerability. But, It’s hard to find vulnerabilities. • What is the Vulnerability ? Vulnerability is Weakness, Flaw From Hardware or software of computer Weakness, Flaw There are key to our Red Alert Project. Again and Again Remember This Key Word is Weakness, Flaw HITCON 2013 5

  4. Project Overview Think it easier and Change one’s way of thinking • In a short time, it's hard to find many vulnerabilities in just one applications. HITCON 2013 6 Project Overview Think it easier and Change one’s way of thinking • In a short time, it's hard to find many vulnerabilities in just one applications. • But, If there are many target software … HITCON 2013 7

  5. Project Overview Think it easier and Change one’s way of thinking • In a short time, it's hard to find many vulnerabilities in just one applications. If you can fuzz many applications? - The net of the sleeper catches fish • Change one’s way of thinking HITCON 2013 8 Project Overview How can we find vulnerabilities • One of Answers this question, It’s Fuzzing • Throw random bits at the program and see if it handles them Popular robust testing mechanism for software • • Fast and effective, easy to implement • I think that there are best solution which can found many vulnerability in the short time. HITCON 2013 9

  6. Project Overview How can we find vulnerabilities • Almost all of the software is intended to find vulnerabilities.  File Format  Network Protocol  ActiveX  Browser  Etc Why did we  Each module’s size is Small decide to fuzz  Easy to collect ActiveX Active-X?  There are exist so many vulnerability  The extend of damage is huge HITCON 2013 10 Project Overview About Active X Microsoft technology introduced in 1996 and based on the Component Object Model (COM) and Object Linking and Embedding (OLE) technologies. Object Function calls Client to object interfaces Object Component Server The intention of COM has been to create easily reusable pieces of code by creating objects that o ff er interfaces which can be called by other COM objects or programs. But ActiveX controls, like any other browser plugin, provide a ripe attack surface for the malicious. Finding an exploitable flaw in a popular control gets MSRC attention at Microsoft, and similar attention at other large companies. HITCON 2013 11

  7. Project Overview About Active X ActiveX controls are typically native code (e.g. C++) compiled binaries registered with the Windows operating system. Through a registration process the ActiveX control is considered scriptable, meaning that Internet Explorer can load the control and HTML or JavaScript can interact with it. Because ActiveX controls run native code in the browser, they can serve as an extension to the browser. This can lead to numerous security threats not the least of which being that the control can bypass Internet Explorer’s most precious security defenses Security issues seems to be a constant problem with ActiveX controls. In fact, it seems most vulnerabilities in Windows nowadays are actually due to poorly written third-party controls which allow malicious websites to exploit bu ff er over fl ows or abuse command injection vulnerabilities. Quite often these controls make the impression of their authors not having realized their code can be instantiated from a remote website. The following chapters will describe methods to fi nd, analyze, and exploit bugs in ActiveX controls will be presented to the reader. HITCON 2013 12 Project Overview APT Attacks via Active X(3.20 Cyber Terror from Active-X) 2013.03.20 large-scale cyber attacks occurred in the Republic of Korea. Target for the financial institutions and the media, they suffered a lot of damage. North Korea has a cyber terrorist attacks and ActiveX vulnerability was used. Attack is prepared a long period of time and we think that attacks of similar form will continue to occur. HITCON 2013 13

  8. Outline I. Introduction • Introduction of speaker II. Project Overview I just want to find a lot of vulnerability • Think it easier and Change one’s way of thinking • How can we found vulnerabilities • About ActiveX • APT Attacks via Active-X (Cases Study) • III. How can I found bug easily? • Introduction Automatic sample collections tool (Demo) Introduction Auto Install sample tool (Demo) • Introductions Fuzzer • Introductions Exploit IV. How can I have about one hundred vulnerability for just 1 days • Result of Tested • Examples (Active X Vulnerability) HITCON 2013 14 How can I found bug easily? Active X install Setup for automatic Proxy IP Information Automatic installation Address Gathering and Install Gathering Install Script Generation Fuzzing Test No Normal Exploitable Program ? YES Separation of Install Script for easily Make a Exploit Code HITCON 2013 15

  9. How can I found bug easily? STEP 1-2 STEP 1-1 Active X install Setup for automatic Proxy IP Information Automatic installation Address Gathering and Install Gathering Install Script Generation Fuzzing Test No Normal Exploitable ? Program YES Separation of Install Script for easily Make a Exploit Code HITCON 2013 16 How can I found bug easily? Introduction Automatic sample collections tool STEP 1-1 : For collect the active-x applications, Our tools gets on the internet and search the site that include active-x application. at this moment, Our Search Engine uses to many kind of IP Address to evasion auto detect search engine. Proxy Grabber For collect proxy ip address list, We can use ‘Proxy Grabber’. This program can help you scan any range of addresses on present Proxy list. This tool made by Hidemyass and this is python script language. ‘Proxy Grabber’ is also open source, so everyone can use that. We can collect many ip address via Proxy Grabber” Proxy IP Address list HITCON 2013 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1. REVIEWMODULE 2. VISUALBASICISFEATURES 3. ALTERINGPROPERTIES AT RUNTIME 4. ADDITIONALFEATURES

1. REVIEWMODULE 2. VISUALBASICISFEATURES 3. ALTERINGPROPERTIES AT RUNTIME 4. ADDITIONALFEATURES

SAULT COLLEGE OF APPLIED ARTS & TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE Course Title: System Prototvpina and Presentation I Course No.: CSD300 Program: Computer Proarammer/Analyst Semester: Five Author(s): Willem de Bruyne

432 views • 8 slides
Release 7.5 Webcast Richard Schneider, WIC System Management Specialist Data and System Management

Release 7.5 Webcast Richard Schneider, WIC System Management Specialist Data and System Management

10/13/2016 Release 7.5 Webcast Richard Schneider, WIC System Management Specialist Data and System Management Section Dr. Kobra Eghtedary, Director Michigan WIC Program Michigan Department of Health & Human Services Overview Internet

677 views • 19 slides
Software components software re-use libraries, etc. inter-language linkage the

Software components software re-use libraries, etc. inter-language linkage the

Software components software re-use libraries, etc. inter-language linkage the Microsoft way COM: the Component Object Model Visual Basic: scripting, embedding, viruses .NET C# other approaches to components

442 views • 5 slides
Capital Markets Day 2019 Z AL A N D O . T H E S T AR T I N G P O I N T F O R F AS H I O N F

Capital Markets Day 2019 Z AL A N D O . T H E S T AR T I N G P O I N T F O R F AS H I O N F

Capital Markets Day 2019 Z AL A N D O . T H E S T AR T I N G P O I N T F O R F AS H I O N F E B R U A R Y 2 8 , 2 0 1 9 HIGHLIGHTS AND BUSINESS UPDATE HIGHLIGHTS AND LOWLIGHTS Q4/18 HIGHLIGHTS LOWLIGHTS +25% -5.0% Strong growth at

319 views • 27 slides
Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1

Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1

Remote Vehicle Interface (RVI) Remote Vehicle Interface (RVI) Travis Johnson Ben Moon 1 Project Goals Project Goals Interface with vehicle using phone or WWW Start / Kill engine Lock / Unlock doors Pop trunk Must provide

396 views • 20 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
Windows Presentation Foundation (WPF) Gumundur Bjargmundsson gummudu03@ru.is Reykjavik

Windows Presentation Foundation (WPF) Gumundur Bjargmundsson gummudu03@ru.is Reykjavik

Reykjavik University New Technology, T-611-NYTI, 2006-1 Teacher: lafur Andri Ragnarsson Windows Presentation Foundation (WPF) Gumundur Bjargmundsson gummudu03@ru.is Reykjavik University Gumundur Bjargmundsson T-611-NYTI, 2006-1

368 views • 15 slides
AN AUTOMATED TESTING PROCEDURE TO EVALUATE INDUSTRIAL DEVICES COMMUNICATION ROBUSTNESS Author:

AN AUTOMATED TESTING PROCEDURE TO EVALUATE INDUSTRIAL DEVICES COMMUNICATION ROBUSTNESS Author:

AN AUTOMATED TESTING PROCEDURE TO EVALUATE INDUSTRIAL DEVICES COMMUNICATION ROBUSTNESS Author: Filippo Tilaro Supervised by: Brice Copy Overview Scope & Objectives IT & Industrial Security Model Security Metrics & Testing

327 views • 15 slides
Embedded PC The modular Industrial PC for mid-range control Stefan Hoppe 14.09.2007 1 Embedded

Embedded PC The modular Industrial PC for mid-range control Stefan Hoppe 14.09.2007 1 Embedded

Embedded PC The modular Industrial PC for mid-range control Stefan Hoppe 14.09.2007 1 Embedded Software - TwinCAT on embedded Systems - HMI solutions on embedded systems Software TwinCAT TwinCAT System TwinCAT in embedded Systemen

290 views • 26 slides
Microsoft Powerpoint Presentation 2010 For Windows 7 microsoft powerpoint windows 7 free download

Microsoft Powerpoint Presentation 2010 For Windows 7 microsoft powerpoint windows 7 free download

Microsoft Powerpoint Presentation 2010 For Windows 7 microsoft powerpoint windows 7 free download - Microsoft PowerPoint 2013 Microsoft PowerPoint 2013 15.0.4420.1017 PowerPoint Viewer 2010 1.0 received a PowerPoint presentation (in PPT format)

282 views • 4 slides
Change Management Board Meeting Bridgeline # 850-414-1711 December 1, 2006 SunGuide Change

Change Management Board Meeting Bridgeline # 850-414-1711 December 1, 2006 SunGuide Change

Change Management Board Meeting Bridgeline # 850-414-1711 December 1, 2006 SunGuide Change Management Board Meeting 1 Welcome and Introductions Steve Corbin, CMB Chairman December 1, 2006 SunGuide Change Management Board Meeting 2 Change

734 views • 57 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Residue Objects: A Challenge to Web Browser Security Robert Rosolek University of Warsaw

Residue Objects: A Challenge to Web Browser Security Robert Rosolek University of Warsaw

Residue Objects: A Challenge to Web Browser Security Robert Rosolek University of Warsaw Agenda Introduction Background for object management in Internet Explorer Testing and studying residue objects Conclusions and Future Work Part 1

1.38k views • 49 slides
GUI for Operator Control camila lima, 2009 november december january paper mill visit

GUI for Operator Control camila lima, 2009 november december january paper mill visit

Mid-Presentation | Project 1: Professional Product Project GUI for Operator Control camila lima, 2009 november december january paper mill visit introduction research - existing products user analysis brainstorm tutoring group research

444 views • 20 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
SOFTWARE SERIES OF LECTURES EFIMOV S.V. ACS CONCEPT Automatic Control System (ACS) is a set

SOFTWARE SERIES OF LECTURES EFIMOV S.V. ACS CONCEPT Automatic Control System (ACS) is a set

COMPUTER-AIDED SYSTEM SOFTWARE SERIES OF LECTURES EFIMOV S.V. ACS CONCEPT Automatic Control System (ACS) is a set of hardware and software tools that provide an automated collection, processing, transmission and storage of data necessary

1.47k views • 117 slides
SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance Lab Centrally manage browsers & mobile devices (physical/emulated), and allow your team to remotely access them from anywhere at anytime Run

534 views • 17 slides
Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan Evaluation Section, Pharmacovigilance and Special Access Branch Why does RMP compliance matter? RMPs aim to ensure that the benefits of a

732 views • 22 slides
SPOR Programme Update on change management activities March 2017 An agency of the European Union

SPOR Programme Update on change management activities March 2017 An agency of the European Union

SPOR Programme Update on change management activities March 2017 An agency of the European Union Update on change management activities Highlight of activities from 2017 Update does not cover communication activities / recommendations

154 views • 12 slides
Introduction Overview Effective teaching depends on effective planning. Teachers need to devote

Introduction Overview Effective teaching depends on effective planning. Teachers need to devote

ETA4 - Effective Teaching Practices: Instructional Presentation and Follow-Up Course of Study This course supports the assessment for ETA4. The course covers 19 competencies and represents 3 competency units. Introduction Overview Effective

511 views • 27 slides
Presentation Transcript Presentation Transcript - CEIS and Monitoring Use of Funds IFF 2018

Presentation Transcript Presentation Transcript - CEIS and Monitoring Use of Funds IFF 2018

Presentation Transcript Presentation Transcript - CEIS and Monitoring Use of Funds IFF 2018 On-Demand Webinar, January 28, 2019 Welcome and Presentation Introduction 0:00 Sara Doutre Welcome everyone. My name is Sara Doutre, and I am with the

537 views • 16 slides
Digital Therapeutics for Complex Care Rini Gahir, Co-Founder / Chief Business Development Officer

Digital Therapeutics for Complex Care Rini Gahir, Co-Founder / Chief Business Development Officer

Digital Therapeutics for Complex Care Rini Gahir, Co-Founder / Chief Business Development Officer rini@mozzaz.com Mozzaz Corporation www.mozzaz.com Were a digital health company delivering perso son-center centered ed connected

950 views • 29 slides
\ii Const ruct ion & Inspec tions Public Comment Meeting on the Major Public Project

\ii Const ruct ion & Inspec tions Public Comment Meeting on the Major Public Project

~ ~ ~ Seattle Department of \ii Const ruct ion & Inspec tions Public Comment Meeting on the Major Public Project Construction Noise Variance Application for the WSDOT SR 520/ 1-5 Express Lanes Connection Project. Thursday, August 1, 2019 5:30

603 views • 25 slides
WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable

WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable

WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable Messaging Distributed Message Brokers WSO2 MB Architecture o Distributed Pub/sub architecture o Distributed Queues architecture User Story

1.12k views • 33 slides

More recommend