Press "Enter" to skip to content

Wednesday, May 22nd, 2019

Chris Adkins Chris Adkins
May 22, 2019
Leave a Comment

Subscribe: Apple Podcasts | Google Podcasts | Spotify | Stitcher | Email | TuneIn | RSS

PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online

https://github.com/SandboxEscaper/polarbearrepo

Learn to Hack Non-Competes & Sell 0-Days at Black Hat USA

Consumer IoT Devices Are Compromising Enterprise Networks

Transcripts:

Hello folks it is Wednesday May 22nd twenty nineteen and this security on the bayou. security news and why it matters to you. Happy hump day. It’s almost Friday that three day weekend is calling my name I can hear it now.

All right we’ve got a couple three articles today two from Dark Reading one from the hacker news from the Hacker News dot.com. If this is something you don’t follow Hacker News You should title the article PSC exploit for unpacked Windows 10 zero day flaw. Published online. This one was fun I enjoyed it and an anonymous hacker named sandbox escapes or released a posse of new zero day vulnerability affecting Windows 10. This is his slash her fifth publicly disclosed windows zero day exploit. In less than a year. That’s impressive. Five windows explains pieces. This newest one takes advantage of the task scheduler in Windows essentially based on some permissions for some DL ls they’re able to write a new task to the task scheduler to execute with system level permissions. Obviously this is bad so you do have to have physical not physically but you have to have access to the machine. So at some point you already have to have owned this machine or have physical access but this is something that it looks like probably could be used for persistence fairly easily. It’s a this is fairly significant task scheduler or something I use all the time on Windows Server. It looks like its effects Windows 10. Where was that list 10 32 bit 64 bit along with Server 2016 and 2019. So if your enterprise is up to date you’re most likely using all of these things. If you’re somehow behind this works out for you which which is rare. I mean there’s a lot of other things that don’t work out for you if you’re that far behind. So this person also claims to have four additional zero day bugs in Windows. So three of which lead to local privilege escalation and a fourth one lets attackers back bipod excuse me lets attackers bypass sandbox security. So if you’re not familiar with San boxing essentially applications are allowed to run in their own little sandbox just like when you’re a little kid and their parents would hover around you and you say no don’t come out of the sandbox. So that is what a sandbox is for applications like Google Chrome is sandbox. It’s a lot of things their sandbox is a great technology so anything that can circumvent sandbox thing is a pretty damn big deal because it’s used very very widely. This is a this is a fun one. This is kind of stuff I get giddy over I’ll also post the link to the get hub of this person. I was digging around in the get hub and I found something sort of interesting so there is a nother repo in here that is only two hours old and it is called Angry polar bear bug too so I haven’t had a chance to dig in or read all of it yet but it seems to me there might be a can I. I perused it really quickly. It seems to me that this might be an additional zero day so I’ll dig into that some more but interesting they may have released to within the span of Lucy less than 24 hours. The one this one we’re talking about now was released 19 hours ago. So big day there. Interesting especially since everything that’s going on with the windows update patches and all the Eevee. I mean this is you know is sort of the perfect storm here. All right let’s move on. I’ve already spent enough time on that so we’ll we’ll move these next to pretty quick next from Dark Reading dot com by the Black Hat event staff. I’m not a huge black hat guy. It’s it’s fun it’s enjoyable. I’m probably not going this sharply going to def comment not black. But here’s the article title of the article. Learn to hack non competes and sell 0 days at Black Hat USA. So essentially black out is there pushing all the ones have sound really really interesting which good for them they should be. This is what the this is their job. Also the first one is titled selling 0 days to governments and offensive security companies. Hey we just talked about zero days. I don’t know what that. I don’t know what the value of that window’s zero day. This guy dropped it but my guess is that it’s worth a lot of money probably more than a lot of people make in a year. So next how to hack your non compete. Ah excuse me hacking your non compete. Yeah. Non compete sock right. So anyway you can get around those. You know I think there’s a certain level of people that pay should not have non competes actually read an article the other day at 1 in 7 people that make less than forty thousand dollars a year have a non compete which is ridiculous if you ask me. And that’s not just information security that’s nationwide. In the United States the next one making big things better the Dead Cow way. So if you attended Def Con last year the CDC got up and you know they had a whole board and it was a lot of fun it was a really good time. It’s fun to ask these guys some questions some you know the original sort of hacker group a lot of it inspired a lot of people over the years so it looks like they’re making a comeback of it at Black Hat. I bet you’d probably be a little bit more organized this time. Not that it wasn’t last time but once again that should be that should be a fun one. What’s this in the current oh so as you may know Betto O’Rourke the presidential candidate was part of the cult of the Dead Cow back in the day so I’m sure that will come up now because that wasn’t public information last year next. Also from Dark Reading by Erica Chico Tchaikovsky Erica. Welcome back to the podcast. Consumer I.T. devices are compromising enterprise networks. Yeah no kidding. Yep. All joking aside yes they are. They’re everywhere everywhere you look there’s IO T devices right. And you know try not to get too focused on the on the term IO T right Internet of Things is something that is small not well not necessarily something that is plugged into your network that has a specific purpose that has an internet connection that’s been around for years. Right we’ve just branded it IO T. But here’s what they found. Researchers from Z killer Z scalar and threat labs. Ninety one and a half percent of IO T transactions are conducted over plain text bad no good bad. Stop it. Next 18 percent of IO T devices running that use SSL exclusively communicate. This is terribly sentence terribly written 18 percent of devices use SSL within an enterprise environment. That is also bad. That should be way higher. Those numbers should be flipped that should be the end goal here. Let’s flip those numbers and we’re in good shape. If you want some more details on this study she starts to break it down a little bit more. Forty nine percent of enterprises do not regularly scan for IO T devices bad once again only 8 percent say have the capability to do so. That’s somewhat understandable I get that this is still new. How are you scanning for it. That’s an interesting question. I’ll do some research on myself because I don’t know that I have the answer for that although I would think a lot of your vulnerability scanners would be able to pick a lot of that up anyway. So there’s some good information in here about this report. I recommend you go over there and read it. All right. What a day. No easy news today sort of disappointing Baltimore. No no update on Baltimore either. We’ll get there. We’ll find something something new will come out on that. Anyways it’s Wednesday May 22nd twenty nineteen and this has been security on the bayou. Thank you for joining me. And we will talk again tomorrow. Everybody have a wonderful week.

Categories:April 2019

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *