Archive for category Defense
This past weekend I gave a talk at BSides San Antonio titled “Pigs Don’t Fly – Why owning a typical network is so easy, and how to build a secure one.” I took a top-down look at the security barriers in a typical organizational network, the many techniques attackers use to break them, and how [...]
All of the below are supported ways of remotely executing code that are built-in to Windows. If psexec isn’t working since a service is not running or ports are blocked, you can try all these other options; defenders who want to detect intruders moving through the network need to detect all of these; incident responders might want to look for evidence of these…
Well, the Mayan Apocalypse came and went, and since we’re all still here, it’s time to get back to computer security. It shouldn’t be a surprise that the most likely way you’ll get exploited is through your browser, so you should routinely check for vulnerabilities there. I was inspired by some of the free browser [...]
I gave an updated Ambush Presentation at Derbycon today… On the attack side, I demonstrated Hoarder, which is a proof of concept to bypass standard hook-based host intrusion prevention systems by avoiding making any calls to OS DLLs at all, and only making raw syscalls to the kernel. It works in two steps. First, the getdlls program opens the target executable and recursively reads it and all of its required DLLs into C language byte arrays.
At BSides Las Vegas, I just released Ambush, an open-source Host Intrusion Prevention System that I have been developing for the past few months. See my talk at http://www.youtube.com/watch?v=kzgBcSHQDAs for the full motivation, description, and demonstration. In summary, after all of my offensive research, Ambush is my effort to arm the defense. I wrote Ambush [...]