Presentation on “interesting” features of the Intel x86[_64] platform (as given at 44CON 2017).
A lot of recent work has gone into the discovery, analysis, and (on occasion) marketing of hardware weaknesses in the Intel x86[_64] platform particularly with respect to how it is often implemented as part of specific motherboard designs. Some, such as the recent speculative execution borne attacks, are issues in the architecture itself. Other issues, however, affect individual implementations. This talk will take a wide-coverage “state of play” look at x86[_64] platform security covering:
- Architectural failings in hardware design
- Identifying security issues with modern computer hardware (treat it just like IoT devices!)
- Attempts at restoring privacy, ownership, and security
- Code and data persistence
- How secure hardware can be re-used
If BuzzFeed ran an article titled “26 Security Features You Probably Shouldn’t Enforce From Usermode”, this one would almost certainly make the list. But, for whatever reason, I thought it would be a fun learning experience to try to enforce a W^X memory policy from usermode. Some of you are probably asking what the heck a W^X policy is in the first place, and I’m terrible at thinking of ways to start blog posts (case in point: this paragraph), so I guess we’ll start out there. Continue reading
Presentation on finding implementation* bugs outside the mainstream (as given at Securi-Tay 2017). Continue reading
Last night, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has been assigned CVE-2014-3566.
The summary is, essentially, that SSLv3 uses a MAC-then-encrypt construction, which doesn’t authenticate the padding as it is applied on the plaintext message before padding or encryption are applied. This gives rise to a padding oracle bug, which is how BEAST worked too. Continue reading
Windows system objects are one of the interesting areas of binary application assessments that are often ignored or misunderstood. Many people don’t realise that abstract Windows application programming concepts such as mutexes, events, semaphores, shared memory sections, and jobs all come together under the purview of the Windows Object Manager. These objects, like those in the filesystem and registry namespaces, have all sorts of interesting security impacts when not properly managed. Continue reading
Of all the conferences I’ve been to, Securi-Tay has always been a favourite. I don’t know whether it’s the mix of security professionals and students, the relaxed atmosphere, or the balance between technical and non-technical talks, but it’s always a great time. For those of you that aren’t familiar with it, Securi-Tay is a student organised and lead conference, held annually by the Abertay Ethical Hacking Society at the University of Abertay, Dundee. This year’s event, held on January 15th (last week, at time of writing), marked the third instance of the conference. Continue reading