Unless you live completely cut off from the rest of human civilization, chances are good you’ve heard about the WannaCry ransomware. However, so we’re all on the same page, I’ll go over the salient points of its history before discussing why it is still a threat. WannaCry - the first successful crypto-ransomware worm - started to spread on May 12th 2017 using the EternalBlue exploit and DoublePulsar backdoor implant (both courtesy of the Shadow Brokers and - by proxy - Equation Group/NSA) and supposedly hit more than 100 countries within the first 24 hours.
I’ve added a new page to the site with links to miscelaneous tools and materials useful for Incident Response, Malware Analysis, Penetration Testing, etc. It may be accessed here or through the easily remembered URL http://csirt.xyz.
Untrusted Network is back! I've managed to salvage most of the posts from old version of the site so you may find links to those on the main page. So far that's the only content but you may look forward to new posts in 2019!
ALEF NULA (in the interest of full disclosure, I’d like to mention that I am currently employed by AN) launched a new competition called ALEF Hacker Challenge last week. The intended aim is to compromise a specific system and gather data from it. Although not unique, it is an interesting competition and not only because the main price is 12 000 CZK.
Researchers from Google’s Project Zero have released information about a new attack based on flipping bits in DDR3 memory. The attack uses approach called Rowhammer which was devised last year by a team from Carnegie Mellon University and Intel Labs. It is based on repeated writing to and reading from a part of memory in a very short time which causes flipping values of bits in adjacent memory (the flipping is made possible by interaction between adjacent memory cells caused by their close proximity).
An international research team has devised attack called FREAK (Factoring attack on RSA Export Keys) with which it is possible to lower the level of encryption used in SSL connections. Attack is based on forcing server and client to use legacy (the vulnerability has been present for a long time) weak cryptographic suites which are still supported by some of the mainstream browsers (Safari and OpenSSL-based Android browser among others) and servers.