RSS feed

Downclimb: Summit Route's Weekly Cyber News Recap
2015.06.14 – 2015.06.21:


"I wish you were as strenuous and hard-working at keeping information out of the hands of hackers as you are keeping information out of the hands of Congress and federal employees." Rep. Stephen Lynch, D-Mass to the OPM director


"Bitcoin mining gives us a high-quality estimate of the costs to a well-funded password cracker." zooko


"I imagine myself in 20 years grepping code bases for // YOLO" Natalie Silvanovich


"The question was how do you handle the monitoring of the monitoring, known in the industry as the Yo Dawg problem" Roy Rapoport

Top stories

ASLR bypass using MemoryProtection

First there was a post from Ivan Fratric on abusing MemoryProtector to bypass High Entropy Bottom-Up Randomization[1]. Ivan publishes something about once a year, so when he does, you better believe it's awesome. He mentioned in his post a potential collision between his research and HP Research, and sure enough HP Research published their work[2], including exploit POC.


The Duqu 2.0 persistence module

Discussion from Kaspersky of Duqu 2's "organization-level persistence" where as long as one system is up and infected, the network remains under control of the Duqu 2 actors, because once a system reboots, it will be re-infected.

Owning Internet Printing - A Case Study in Modern Software Exploitation

This post from Neel Mehta shows how to chain a couple of vulnerabilities together (including an XSS and a reference counting issue) in order to exploit the open-source printing suite CUPS. In addition to being very detailed, my favorite part is he also discusses the mitigations that could have hindered this exploit.

Newspaper News

  • LastPass hacked: LastPass provides a service to act as a single master password for all your websites so that you can have unique, strong passwords for all the websites you use, but only need to remember one password. It's been hacked.
  • OPM director testimony: Regarding the OPM breach, it looks like yet another organization with gross negligence of it's security. A prior employee was interviewed who said:

"the Unix systems administrator for the project 'was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports.'"


Conference materials and publications


  • CodeReason: Semantic binary code analysis framework and toolset from Trail of Bits.
  • HashFilter: Sample Windows code for a WFP driver and control application to block Internet access for processes.

Other reads