Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019]

•

3 likes•921 views

The document discusses various techniques for achieving persistence on a Windows system without administrator privileges. These include hijacking shell extensions and COM objects by modifying registry keys, taking advantage of globally unique identifiers (GUIDs) and paths stored in the registry. The document recommends hijacking extension handlers and using PowerShell to bypass restrictions when writing to the registry for stealthier persistence.

The Art of Persistence:
Mr. Windows… I don’t wanna go
:(
Sheila Ayelen Berta (@UnaPibaGeek)

@UnaPibaGeek
Sheila A. Berta - @UnaPibaGeek
Offensive Security Researcher
A little bit more:
Developer ASM (Microcontrollers & Microprocessors x86/x64), C/C++, Go & Python.
Speaker at Black Hat Briefings, DEFCON, Ekoparty, HITB, etc ….. and RootedCon! :D

@UnaPibaGeek
“run keys” since long time ago…
HKCUSoftwareMicrosoftWindowsCurrentVersionRun

@UnaPibaGeek
“run keys” since long time ago…
…CurrentVersionPoliciesExplorerRun
…CurrentVersionExplorerShell Folders

@UnaPibaGeek
The Art of Persistence
Welcome to…

@UnaPibaGeek
COM Objects…
- C++ class
- Out of Process / In-Process
In-Process

@UnaPibaGeek
Globally Universal Identifier (GUID)…
16bytes array (GUID)- CLSID

@UnaPibaGeek
Windows Registry…
HKLMSoftwareClassesCLSID<GUID>
HKCUSoftwareClassesCLSID<GUID>

@UnaPibaGeek
Windows Registry…
InprocServer32 / InprocServer / InprocHandler32 / InprocHandler

@UnaPibaGeek
Persistence
via
Shell Extensions

@UnaPibaGeek
Shell Extension Handlers… (registry)
- System-wide (HKLMSoftwareClasses*shellex)

@UnaPibaGeek
Shell Extension Handlers… (registry)
- Current User (HKCUSoftwareClasses*shellex)
NO ADMIN PRIVILEGES REQUIRED

@UnaPibaGeek
Registering our own Shell Extension

@UnaPibaGeek
Malicious Shell Extension to persist
Registry Key 1
Registry Key 2
Malware downloader

@UnaPibaGeekSheila A. Berta - @UnaPibaGeek

@UnaPibaGeek
To sum up…
- Shell Extensions can be used to malware persistence.
- Attacker does not need admin privileges.
- Stealthy method!
Recommendation…
- Use PowerShell. Because it’s a trust binary for Windows. So, it let
you write the registry without restrictions.

@UnaPibaGeek
NO ADMIN PRIVILEGES REQUIRED
COM Hijack fundamentals…
HKLMSoftwareClassesCLSID
<GUID>
InprocServer32
(Default) = C:PathToDLL
HKCUSoftwareClassesCLSID
<GUID>
InprocServer32
(Default) = C:PathToDLL
Right COM Path:
First search:
POSSIBLE HIJACK
NOT FOUND

@UnaPibaGeek
HKCR Poisoning…
HKLMSoftwareClasses HKCUSoftwareClasses
HKEY_CLASSES_ROOT
NO ADMIN PRIVILEGES REQUIRED

@UnaPibaGeek
“Native” COM hijack…
(Windows 10)

@UnaPibaGeek
To sum up…
- Apps and native COM objects vulnerable to COM hijack
can be used to malware persistence.
- Attacker does not need admin privileges.
- Super Stealthy method!!
Remember…
- Use PowerShell to bypass restrictions :-)

@UnaPibaGeek
Persistence
via
Extension Handler
Hijack

@UnaPibaGeek
Extension Handler Hijack… with proxy!

@UnaPibaGeek
To sum up…
- Extension Handlers can be hijacked to malware persistence.
- Attacker does not need admin privileges.
- Super Stealthy method!!
- Powershell is not necessary, HKU registry can be edited
without restrictions :-)

@UnaPibaGeek
Conclusions…
Features of Windows can be
abused to make malware
persistence stealthier

Thank you!
Sheila Ayelen Berta (@UnaPibaGeek)

This document discusses how software developers can be deceived through malicious software libraries uploaded to package managers. It describes how the researchers generated homograph variants of popular library names and uploaded them to PyPI and npm. Within a few hours hundreds of developers had installed the malicious libraries, demonstrating vulnerabilities in how developers and package managers prevent homograph attacks. The researchers then analyzed the results and issues recommendations to package managers on additional controls like rate limiting and mandatory user identification that could help prevent such attacks.

Seccomp Profiles and you: A practical guide.

Duffie Cooley

Have you wondered what a seccomp security profile is, and how it relates to Linux Capabilities? Folks often dismiss seccomp profiles and Capabilities as a way of hardening applications as it is too difficult to determine what syscalls are in use by a given application. In this session we will explore a couple of tools designed to make this more approachable. Come learn about these super powers!

Gerrit Code Review

Luca Milanesio

The document discusses the use of Gerrit for code review in agile workflows. It begins by explaining some of the challenges of continuous integration, including broken builds that can occur when developers push untested code. It then discusses how Git addresses this issue by enabling early code integration through topic branches. However, it notes that Git alone does not enforce policy. Gerrit is introduced as a tool that builds upon Git to enable code review and enforce access controls and policies. It provides an overview of key Gerrit features like automatic topic branches, trigger builds, and democratic voting processes.

Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019

Steve Wong

DevSecOps The Evolution of DevOps

Michael Man

Full Isolation in Multi-Tenant SAAS with Kubernetes & Istio

DevOps Indonesia

Splunking the JVM

Damien Dallimore

The document discusses the Java Virtual Machine (JVM) and ways to monitor and analyze JVM performance using Splunk. It provides an overview of the history and evolution of the JVM. It then details various sources of machine data from the JVM, such as application logs, JMX, garbage collection logs, and HPROF profiling dumps, that can be ingested into Splunk. It describes how to correlate this JVM data with operating system metrics and custom instrumentation to gain insights into application performance and issues. Finally, it presents a vision of fully instrumenting the JVM and applications with Splunk for comprehensive monitoring and troubleshooting.

A Very Atlassian Journey Through SOX Compliance

Atlassian

In 2014, Atlassian's Finance team was suffering from stale finance documentation, disjointed remediation efforts, and an overall lack of accountability. That's when Rich Woodson joined as a compliance manager and began to create a SOX compliance program. The first iteration used Microsoft Office and resulted in out of date information, which lead to control failures. Plus, it didn't reflect how Atlassian had evolved. They needed to find a better tool that would improve accountability and reflect the dynamic nature of the business. Before long, the team realized the tool they needed had been right under their noses all along: Jira! This is the story of what they built and how they built it.

DevOps is a software engineering culture and practice that aims to unify software development (Dev) and software operation (Ops) teams. The main goals of DevOps are to achieve shorter development cycles, increased deployment frequency, and more dependable releases that are closely aligned with business objectives. DevOps advocates for the automation and monitoring of all steps in the software development process, from integration and testing through release, deployment, and infrastructure management.

Testing with JUnit 5 and Spring

VMware Tanzu

Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...

Edureka!

** DevOps Training: https://www.edureka.co/devops ** This Edureka tutorial on "Jenkins pipeline Tutorial" will help you understand the basic concepts of a Jenkins pipeline. Below are the topics covered in the tutorial: 1. The need for Continuous Delivery 2. What is Continuous Delivery? 3. Features before the Jenkins Pipeline 4. What is a Jenkins Pipeline? 5. What is a Jenkinsfile? 6. Pipeline Concepts 7. Hands-On Check our complete DevOps playlist here (includes all the videos mentioned in the video): http://goo.gl/O2vo13

Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague

Roman Pickl

Continuous Code Quality with the SonarEcosystem SonarQube is the leading platform for static code analysis and Continuous Code Quality. In this talk we will look into all three lines of defense of the SonarEcosystem and how they can help to find bugs before they enter your codebase (or at least go into production). After this talk, you’ll have a good overview of the SonarEcosystem as well as actionable starting points for increasing your code quality. Furthermore, we will share learnings from using SonarQube for more than 4 years and pointers to additional resources. Roman Pickl As Chief Technical Officer, Roman is in charge of the technical development at Fluidtime. He has comprehensive experience in project management, the technical coordination of national and international mobility projects and the optimisation of business and development processes. Roman Pickl studied business management and commercial information technology at the Vienna University of Economics and Business and the University of Technology, Sydney, as well as software engineering at the University of Applied Sciences Technikum Wien. There he specialised in the fields of entrepreneurship & innovation management, project & process management and information management as well as software evolution and mobile computing.

Practical DevSecOps Course - Part 1

Mohammed A. Imran

Docker networking Tutorial 101

LorisPack Project

The document provides an overview of Docker networking options and access control. It discusses the default Linux bridge networking (Docker0), port mapping to access containers externally, using the host's network, and connecting containers via their networks. It also covers more advanced options like Open vSwitch for encapsulation and programmable networking. The document recommends using iptables and the --icc and --link flags for access control between containers and only allowing connected containers to communicate.

DevSecOps - The big picture

Stefan Streichsbier

This document discusses the concepts of DevSecOps at a high level. It begins with a brief history of development methodologies, from Waterfall to Agile, and how Ops became a bottleneck. This led to trends in Agile Operations and collaboration between Dev and Ops, known as DevOps. DevSecOps expands this to incorporate security. It discusses the importance of culture, processes, and technologies for effective communication, automation, and collaboration across Dev, Ops, and Security. The goal is to enable organizations to deliver inherently secure software at DevOps speed through a high-trust environment and automated security pipelines integrated into the software development lifecycle.

Automated Malware Analysis and Cyber Security Intelligence

Jason Choi

Targeting the iOS kernel

Seguridad Apple

DevOps overview 2019-04-13 Nelkinda April Meetup

Shweta Sadawarte

This document provides an overview of DevOps, including: - Defining DevOps as unifying software development and operations through automation and monitoring. - Tracing the history from waterfall to agile/DevOps approaches. - Describing the DevOps lifecycle including continuous development, testing, integration, delivery, and monitoring. - Explaining concepts like continuous integration, continuous delivery, and emphasizing culture changes like collaboration over silos.

10+ Deploys Per Day: Dev and Ops Cooperation at Flickr

John Allspaw

DevOps concepts, tools, and technologies v1.0

Mohamed Taman

DevOps is not a tool or technology; it is an approach or culture that makes things better. This session describes in detail how DevOps solves different problems of the traditional application delivery cycle. It also describes how it can be used to make development and operations teams efficient and effective in order to make time to market faster by improving culture. It also explains key concepts essential for evolving DevOps culture. In this session, we will cover the following topics: 1- Understanding the DevOps movement 2- The DevOps lifecycle—it's all about “continuous” 3- Continuous integration 4- Configuration management 5- Continuous delivery/continuous deployment 6- Continuous monitoring 7- Continuous feedback 8- Tools and technologies

What is Jenkins | Jenkins Tutorial for Beginners | Edureka

Edureka!

****** DevOps Training : https://www.edureka.co/devops ****** This DevOps Jenkins Tutorial on what is Jenkins ( Jenkins Tutorial Blog Series: https://goo.gl/JebmnW ) will help you understand what is Continuous Integration and why it was introduced. This tutorial also explains how Jenkins achieves Continuous Integration in detail and includes a Hands-On session around Jenkins by the end of which you will learn how to compile a code that is present in GitHub, Review that code and Analyse the test cases present in the GitHub repository. The Hands-On session also explains how to create a build pipeline using Jenkins and how to add Jenkins Slaves. The Hands-On session is performed on an Ubuntu-64bit machine in which Jenkins is installed. To learn how Jenkins can be used to integrate multiple DevOps tools, watch the video titled 'DevOps Tools', by clicking this link: https://goo.gl/up9iwd Check our complete DevOps playlist here: http://goo.gl/O2vo13 Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

SonarQube Presentation.pptx

Satwik Bhupathi Raju

Service Mesh on Kubernetes with Istio

Michelle Holley

This document provides an overview of service mesh and Istio on Kubernetes. It discusses microservices and the need for visibility, monitoring, and traffic management which a service mesh can provide. It then describes Kubernetes, Istio architecture including Pilot, Envoy proxy, and Mixer components. It covers how Istio provides mutual TLS, ingress/egress traffic routing, request routing to service versions, observability with metrics and tracing, and application resilience through features like timeouts and retries. The document concludes with instructions for deploying Kubernetes and getting started with Istio.

DevSecOps 101

Narudom Roongsiriwong, CISSP

Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations. This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.

Jenkins

penetration Tester

Jenkins is an open-source tool for continuous integration that was originally developed as the Hudson project. It allows developers to commit code frequently to a shared repository, where Jenkins will automatically build and test the code. Jenkins is now the leading replacement for Hudson since Oracle stopped maintaining Hudson. It helps teams catch issues early and deliver software more rapidly through continuous integration and deployment.

Track code quality with SonarQube - short version

Dmytro Patserkovskyi

SonarQube is an open source platform for continuously monitoring code quality. It detects bugs, vulnerabilities, and code smells based on configured quality rules and profiles. Projects can define quality gates that check thresholds for metrics like issues, coverage, and duplications to flag the quality status as passed, warning, or failed. SonarQube allows comparing metrics across versions to track quality over time and supports code processes like nightly and pull request analysis. A community provides support through rule and profile updates, new plugins, and biweekly meetings to discuss quality concerns.

Jenkins Overview

Ahmed M. Gomaa

Jenkins Introduction

Pavan Gupta

This document provides an introduction to continuous integration with Jenkins. It discusses what continuous integration is and why Jenkins is commonly used for CI. Jenkins allows for easy installation and configuration, extensive extensibility through plugins, and distributed builds across multiple nodes. The document outlines common CI workflows and components like version control, automated building and testing. It also covers Jenkins' major functionalities, platforms supported, notifications, advanced configuration options and principles of continuous delivery.

EMBA - Firmware analysis - Black Hat Arsenal USA 2022

MichaelM85042

IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area, the used operating systems are summarized with the term firmware. The devices themselves, also called embedded devices, are essential in the private and industrial environments as well as in the so-called critical infrastructure. Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection: With EMBA you always know which public exploits are available for the target firmware. Besides the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this, EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more. EMBA is the open-source firmware scanner, created by penetration testers for penetration testers. Project page: https://github.com/e-m-b-a/emba Conference page: https://www.blackhat.com/us-22/arsenal/schedule/index.html#emba--open-source-firmware-security-testing-26596

Taking the hard out of hardware

Ronald McCollam

Software geeks fear hardware. It's a fact of life: code is easy to write and easy to change, but hardware catches on fire if you put it together wrong. But this is changing! Hardware is becoming cheaper and easier to work with every day and can often be managed with the same tools you use to deploy code to the cloud. Join self-described software guy and hardware-phobe Ronald McCollam for a guided trip from the safe world of web development to the scary lands of hardware and back again. We'll see how easy it can be to make the leap from managed code to microprocessors!

What's hot

DevOps introduction

Mettje Heegstra

Testing with JUnit 5 and Spring

VMware Tanzu

Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...

Edureka!

Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague

Roman Pickl

Practical DevSecOps Course - Part 1

Mohammed A. Imran

Docker networking Tutorial 101

LorisPack Project

DevSecOps - The big picture

Stefan Streichsbier

Automated Malware Analysis and Cyber Security Intelligence

Jason Choi

Targeting the iOS kernel

Seguridad Apple

DevOps overview 2019-04-13 Nelkinda April Meetup

Shweta Sadawarte

10+ Deploys Per Day: Dev and Ops Cooperation at Flickr

John Allspaw

DevOps concepts, tools, and technologies v1.0

Mohamed Taman

What is Jenkins | Jenkins Tutorial for Beginners | Edureka

Edureka!

SonarQube Presentation.pptx

Satwik Bhupathi Raju

Service Mesh on Kubernetes with Istio

Michelle Holley

DevSecOps 101

Narudom Roongsiriwong, CISSP

Jenkins

penetration Tester

Track code quality with SonarQube - short version

Dmytro Patserkovskyi

Jenkins Overview

Ahmed M. Gomaa

Jenkins Introduction

Pavan Gupta

What's hot (20)

DevOps introduction

Testing with JUnit 5 and Spring

Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...

Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague

Practical DevSecOps Course - Part 1

Docker networking Tutorial 101

DevSecOps - The big picture

Automated Malware Analysis and Cyber Security Intelligence

Targeting the iOS kernel

DevOps overview 2019-04-13 Nelkinda April Meetup

10+ Deploys Per Day: Dev and Ops Cooperation at Flickr

DevOps concepts, tools, and technologies v1.0

What is Jenkins | Jenkins Tutorial for Beginners | Edureka

SonarQube Presentation.pptx

Service Mesh on Kubernetes with Istio

DevSecOps 101

Jenkins

Track code quality with SonarQube - short version

Jenkins Overview

Jenkins Introduction

Similar to Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019]

EMBA - Firmware analysis - Black Hat Arsenal USA 2022

MichaelM85042

Taking the hard out of hardware

Ronald McCollam

OSX/Pirrit: The blue balls of OS X adware

Amit Serper

Not a lot was said about adware, especially not about adware for Mac. Adware is usually dismissed for being too benign and not interesting. After all – it just displays ads. But what if you were hit with an aggressive variant with malware-like features that has root access to your machine and has the ability to do what ever its creators wanted it to do? A Mac OS X port of the Pirrit adware includes properties like hidden users, traffic redirection, persistence, and weird DGA-looking domains, all showing that an aggressive malvertiser is now targeting Macs. In the case of OSX.Pirrit, it uses simple social engineering to escalate its privileges and eventually take total control of your Mac. And with control of your machine, Pirrit’s creators could have done pretty much anything, like stolen your company’s secret sauce or installed a keylogger to capture the log-in credentials for your bank account. The creators of Pirrit were trying very hard to avoid being detected by antiviruses, personal firewalls and even from some advanced users. In this talk, we’ll review OSX/Pirrit, dissect its methods and show it could have carried out much more sinister activities besides bombard a browser with ads.

Porting your favourite cmdline tool to Android

Vlatko Kosturjak

Porting a command line tool to Android involves cross-compiling the code using the Android NDK toolchain, which may require patching the code to address issues like different file paths, endianness, and library dependencies. While compiling and running static binaries is straightforward, dynamic binaries require position-independent executable (PIE) support added in Android 5. Calling native executables from Android code requires using Runtime.exec() or ProcessBuilder and parsing output streams. Special care needs to be taken to avoid security issues like command injection when passing untrusted inputs to native programs run as root on Android.

Understand study

Antonio Costa aka Cooler_

The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense. "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War

Cracking Into Embedded Devices - HACK.LU 2K8

guest441c58b71

The document discusses offensive techniques for compromising embedded devices, focusing on exploiting vulnerabilities in HTTP, UPnP, SNMP, and Wi-Fi to gain remote access. Many examples are provided of specific devices that were compromised through bugs like cross-site request forgery, privilege escalation flaws, and password leaks. The goal of the research is to show how embedded devices are easier to hack than general purpose systems and can be used as stepping stones into internal corporate networks.

EMBA - Firmware analysis DEFCON30 demolabs USA 2022

MichaelM85042

Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis. Project page: https://github.com/e-m-b-a/emba Conference page: https://forum.defcon.org/node/242109

Advances in Open Source Password Cracking

n|u - The Open Security Community

This document summarizes recent advances in open-source password cracking tools. It discusses John the Ripper, a password cracking tool that now supports cracking passwords and hashes for many formats through community patches. It also discusses Ettercap, a tool for man-in-the-middle attacks that can intercept passwords on networks. Specific techniques are described for cracking passwords for protocols like Kerberos and attacking Microsoft Active Directory infrastructure through password cracking and decrypting encrypted files like PDFs. Future work is planned to expand password cracking abilities and create fake servers to enable additional attacks.

KeyLoggers - beating the shit out of keyboard since quite a long time

n|u - The Open Security Community

This document discusses different types of keyloggers and provides an overview of how to create a basic keylogger program. It begins by describing hardware, kernel/driver, and software keyloggers that use hooking techniques. It then provides examples of Windows API functions and DirectX that could be used to log keyboard input. The document cautions that while discussing programming techniques, the intent is not to enable illegal behavior.

DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...

Felipe Prado

White Lightning Sept 2014

Bryce Kunz

The document discusses a tool called White Lightning, which is a platform for browser exploitation. It uses surveys and exploits delivered over HTTP to compromise endpoints without requiring any downloads. The tool integrates with Metasploit to select and run exploits, reusing ports and protocols to maintain communication. Details are provided on its architecture, exploitation process, and supported exploits. A demo is shown and future development plans outlined.

Protect Your Payloads: Modern Keying Techniques

Leo Loobeek

The document discusses keying techniques for encrypting payloads in a way that only allows decryption on specific target systems. It covers using local system resources like environment variables or file paths to derive encryption keys. It also introduces using remote resources like web pages or DNS records hosted by the attacker to control when payloads execute. Tools like Ebowla, KeyRing, and KeyServer are presented as ways to implement these keying techniques for various scripting languages and to automate controlling remote keys. The goal is to make payloads only executable on intended targets and to maintain control over payload execution.

Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly

Eric Larcheveque

Cryptocurrency hardware wallets provide a secure way to store private keys by protecting them in a dedicated device. They address risks of online attacks, malware, and phishing by requiring confirmation on the hardware device. A new class of devices was needed that makes private key storage easy to use, recoverable, auditable, and adaptable while protecting against creative malware and side channel attacks through techniques like deterministic signing, constant time crypto, and isolation between trusted and non-trusted components. Popular implementations take different approaches by being fully open source versus using a secure element, but aim to balance security, auditability and ease of use.

Hacking - high school intro

Peter Hlavaty

This document provides an overview of hacking and computer security concepts such as programming, hacking, vulnerabilities, exploitation, tools, and competitions. It defines key terms like hacking, vulnerability, and exploitation. It recommends programming languages and tools for reversing like Visual Studio, Vim, and Bokken. It also lists computer security competitions and references for learning more. The document aims to introduce someone new to computer security and provide resources to progress their skills.

Basic presentation of cryptography mechanisms

Marian Marinov

This document summarizes Marian Marinov's presentation on cryptography. It discusses password cracking using John the Ripper, analyzing languages using frequency analysis to crack codes like the Enigma machine. It also covers chosen plaintext/ciphertext attacks, known plaintext attacks, and how these were used to crack protocols like SSL. Common attacks on SSL like BEAST, CRIME, and POODLE are outlined. Finally, cracking WiFi passwords using tools like Aircrack-ng is briefly discussed.

OSX Pirrit : Why you should care about malicious mac adware

Priyanka Aash

Adware isn’t taken seriously, especially threats targeting Macs. But OSX Pirrit, which can obtain root access and has components found in malware, shows that adware can become a huge security issue. Amit Serper will explain how OSX Pirrit works, why security professionals may want to rethink how commodity threats are handled and why Macs aren’t as secure as people think. (Source : RSA Conference USA 2017)

Breaking Smart Speakers: We are Listening to You.

Priyanka Aash

"In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary. In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice."

Eight Rules for Making Your First Great Game

Nick Pruehs

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...

CODE BLUE

This document discusses techniques used by threat actors to move laterally within corporate networks. It begins with an introduction and covers post-exploitation techniques including Mimikatz for credential theft, Skeleton Key and Wdigest for password dumping, webshell deployment on IIS and Exchange servers, and other miscellaneous techniques such as abusing VPNs and using rootkits. Precautions are provided for each technique discussed.

groovy & grails - lecture 6

Alexandre Masselot

Similar to Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019] (20)

EMBA - Firmware analysis - Black Hat Arsenal USA 2022

Taking the hard out of hardware

OSX/Pirrit: The blue balls of OS X adware

Porting your favourite cmdline tool to Android

Understand study

Cracking Into Embedded Devices - HACK.LU 2K8

EMBA - Firmware analysis DEFCON30 demolabs USA 2022

Advances in Open Source Password Cracking

KeyLoggers - beating the shit out of keyboard since quite a long time

DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...

White Lightning Sept 2014

Protect Your Payloads: Modern Keying Techniques

Cryptocurrencies Hardware Wallets - 33C3 Bitcoin Assembly

Hacking - high school intro

Basic presentation of cryptography mechanisms

OSX Pirrit : Why you should care about malicious mac adware

Breaking Smart Speakers: We are Listening to You.

Eight Rules for Making Your First Great Game

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...

groovy & grails - lecture 6

More from RootedCON

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde

Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019]

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019]

Similar to Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019] (20)

More from RootedCON

More from RootedCON (20)

Recently uploaded

Recently uploaded (20)

Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019]