Forwarded from TechToday News
#Vulnerability #Windows #Reverse_Engineering #Article #Malware
How a Microsoft icon-display bug in Windows allows attackers to masquerade PE files with special icons
An icon-display bug in Windows allows attackers to masquerade PE files with special icons by automatically “borrowing” other commonly used icons from the local machine, thus tricking users into clicking them. The bug behind this vulnerability lies deep inside the image-handling code of Windows. The bug has been present since at least Windows 7 and is still present in the most updated versions of Windows 10.
We discovered the bug while researching a recent batch of malicious PE files. After copying files from one directory to another, we noticed an odd behavior: some of the files’ icons changed. To rule out the possibility of a mistake (or a simple lack of caffeine), we copied the files to a different directory and again the icons of these files changed to a different commonly-used and completely unrelated icon. This piqued our interest and prompted an investigation into this strange phenomenon.
https://www.cybereason.com/labs-a-zebra-in-sheeps-clothing-how-a-microsoft-icon-display-bug-in-windows-allows-attackers-to-masquerade-pe-files-with-special-icons/
How a Microsoft icon-display bug in Windows allows attackers to masquerade PE files with special icons
An icon-display bug in Windows allows attackers to masquerade PE files with special icons by automatically “borrowing” other commonly used icons from the local machine, thus tricking users into clicking them. The bug behind this vulnerability lies deep inside the image-handling code of Windows. The bug has been present since at least Windows 7 and is still present in the most updated versions of Windows 10.
We discovered the bug while researching a recent batch of malicious PE files. After copying files from one directory to another, we noticed an odd behavior: some of the files’ icons changed. To rule out the possibility of a mistake (or a simple lack of caffeine), we copied the files to a different directory and again the icons of these files changed to a different commonly-used and completely unrelated icon. This piqued our interest and prompted an investigation into this strange phenomenon.
https://www.cybereason.com/labs-a-zebra-in-sheeps-clothing-how-a-microsoft-icon-display-bug-in-windows-allows-attackers-to-masquerade-pe-files-with-special-icons/
Forwarded from TechToday News
#Windows #Security #Exploit #Article
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
In this post I’m going to give a technique to go from an arbitrary directory creation vulnerability to arbitrary file read. Arbitrary direction creation vulnerabilities do exist - for example, here’s one that was in the Linux subsystem - but it’s not always obvious how you’d exploit such a bug in contrast to arbitrary file creation where a DLL is dropped somewhere. You could abuse DLL Redirection support where you create a directory calling program.exe.local to do DLL planting but that’s not always reliable as you’ll only be able to redirect DLLs not in the same directory (such as System32) and only ones which would normally go via Side-by-Side DLL loading.
https://googleprojectzero.blogspot.co.uk/2017/08/windows-exploitation-tricks-arbitrary.html
https://gist.github.com/tyranid/221bf08dd3ddb88ec33d2573a83482d0
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
In this post I’m going to give a technique to go from an arbitrary directory creation vulnerability to arbitrary file read. Arbitrary direction creation vulnerabilities do exist - for example, here’s one that was in the Linux subsystem - but it’s not always obvious how you’d exploit such a bug in contrast to arbitrary file creation where a DLL is dropped somewhere. You could abuse DLL Redirection support where you create a directory calling program.exe.local to do DLL planting but that’s not always reliable as you’ll only be able to redirect DLLs not in the same directory (such as System32) and only ones which would normally go via Side-by-Side DLL loading.
https://googleprojectzero.blogspot.co.uk/2017/08/windows-exploitation-tricks-arbitrary.html
final script on GITHUB :https://gist.github.com/tyranid/221bf08dd3ddb88ec33d2573a83482d0
googleprojectzero.blogspot.co.uk
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
Posted by James Forshaw, Project Zero For the past couple of months I’ve been presenting my “Introduction to Windows Logical Privilege ...
Forwarded from TechToday News
#Vulnerability #Exploit #Article
Exploiting the Magellan bug on 64-bit Chrome Desktop
In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure they state that they successfully exploited Google Home using this vulnerability. Despite several weeks having passed after the initial advisory, no public exploit was released. We were curious about how exploitable the bug was and whether it could be exploited on 64-bit desktop platforms. Therefore, we set out to create an exploit targeting Chrome on 64-bit Ubuntu.
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
Exploiting the Magellan bug on 64-bit Chrome Desktop
In December 2018, the Tencent Blade Team released an advisory for a bug they named “Magellan”, which affected all applications using sqlite versions prior to 2.5.3. In their public disclosure they state that they successfully exploited Google Home using this vulnerability. Despite several weeks having passed after the initial advisory, no public exploit was released. We were curious about how exploitable the bug was and whether it could be exploited on 64-bit desktop platforms. Therefore, we set out to create an exploit targeting Chrome on 64-bit Ubuntu.
https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
Exodus Intelligence
Exploiting the Magellan bug on 64-bit Chrome Desktop
In this post, we show how to reverse engineer the Magellan bug from the patch and exploit it on a 64bit desktop environment.
Forwarded from TechToday News
#Vulnerability #Hack #Hardware #Network #Article
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
With this research, I’m going to answer the question that has had to be answered for quite a time: to what extent is Marvell WiFi FullMAC SoC (not) secure. Since the wireless devices with the analyzed chip aren’t fully researched by the community yet, they may contain a tremendous volume of unaudited code, which may result in severe security issues swarming devices equipped with WLAN cards. At the outset, I should mention that this article is based on the info I presented during my ZeroNights 2018 talk. So, feel free to have a look at the original slides here There are also some notable researches on the subject of wireless SoC security. For example, Google Project Zero published a series of blog posts starting in April 2017 describing exploitation of Broadcom Wi-Fi stack on smartphones. This topic was also discussed at theBlackHat 2017 conference. Some smartphone baseband exploits write-ups might help understand the techniques used to reverse engineer firmware of wireless SoC.
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
With this research, I’m going to answer the question that has had to be answered for quite a time: to what extent is Marvell WiFi FullMAC SoC (not) secure. Since the wireless devices with the analyzed chip aren’t fully researched by the community yet, they may contain a tremendous volume of unaudited code, which may result in severe security issues swarming devices equipped with WLAN cards. At the outset, I should mention that this article is based on the info I presented during my ZeroNights 2018 talk. So, feel free to have a look at the original slides here There are also some notable researches on the subject of wireless SoC security. For example, Google Project Zero published a series of blog posts starting in April 2017 describing exploitation of Broadcom Wi-Fi stack on smartphones. This topic was also discussed at theBlackHat 2017 conference. Some smartphone baseband exploits write-ups might help understand the techniques used to reverse engineer firmware of wireless SoC.
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Forwarded from TechToday News
#Vulnerability #Router #Network #Article
UPnP, Vulnerability As A Feature That Just Won’t Die
UPnP — in a perfect world it would have been the answer to many connectivity headaches as we add more devices to our home networks. But in practice it the cause of a lot of headaches when it comes to keeping those networks secure.
It’s likely that many Hackaday readers provide some form of technical support to relatives or friends. We’ll help sort out Mom’s desktop and email gripes, and we’ll set up her new router and lock it down as best we can to minimise the chance of the bad guys causing her problems. Probably one of the first things we’ll have all done is something that’s old news in our community; to ensure that a notorious vulnerability exposed to the outside world is plugged, we disable UPnP on whatever cable modem or ADSL router her provider supplied.
https://hackaday.com/2019/01/14/upnp-vulnerability-as-a-feature-that-just-wont-die/
UPnP, Vulnerability As A Feature That Just Won’t Die
UPnP — in a perfect world it would have been the answer to many connectivity headaches as we add more devices to our home networks. But in practice it the cause of a lot of headaches when it comes to keeping those networks secure.
It’s likely that many Hackaday readers provide some form of technical support to relatives or friends. We’ll help sort out Mom’s desktop and email gripes, and we’ll set up her new router and lock it down as best we can to minimise the chance of the bad guys causing her problems. Probably one of the first things we’ll have all done is something that’s old news in our community; to ensure that a notorious vulnerability exposed to the outside world is plugged, we disable UPnP on whatever cable modem or ADSL router her provider supplied.
https://hackaday.com/2019/01/14/upnp-vulnerability-as-a-feature-that-just-wont-die/
Hackaday
UPnP, Vulnerability As A Feature That Just Won’t Die
UPnP — in a perfect world it would have been the answer to many connectivity headaches as we add more devices to our home networks. But in practice it the cause of a lot of headaches when it …
Forwarded from TechToday News
#AI #Article
Fast and accurate object detection in high resolution 4K and 8K video using GPUs
https://arxiv.org/abs/1810.10551
https://arxiv.org/pdf/1810.10551.pdf
Fast and accurate object detection in high resolution 4K and 8K video using GPUs
Abstract :Machine learning has celebrated a lot of achievements on computer vision tasks such as object detection, but the traditionally used models work with relatively low resolution images. The resolution of recording devices is gradually increasing and there is a rising need for new methods of processing high resolution data. We propose an attention pipeline method which uses two staged evaluation of each image or video frame under rough and refined resolution to limit the total number of necessary evaluations. For both stages, we make use of the fast object detection model YOLO v2. We have implemented our model in code, which distributes the work across GPUs. We maintain high accuracy while reaching the average performance of 3-6 fps on 4K video and 2 fps on 8K video.
https://arxiv.org/abs/1810.10551
https://arxiv.org/pdf/1810.10551.pdf
Forwarded from FLOWIN - Пересылка и копирование сообщений
#article
Добавили новую статью Настройка замен в пересылаемых сообщениях
В ней описали все возможности и нюансы по настройкам автоматических замен)
Добавили новую статью Настройка замен в пересылаемых сообщениях
В ней описали все возможности и нюансы по настройкам автоматических замен)
Forwarded from FLOWIN - Пересылка и копирование сообщений
#article
Новая статья на сайте про фильтры от А до Я
https://flowin.click/filtraciya-peresylaemyh-soobshchenii/
Новая статья на сайте про фильтры от А до Я
https://flowin.click/filtraciya-peresylaemyh-soobshchenii/