Articles on Infosec
Last updated: 2022/11/29
Top deep-dives on Infosec
A lot of applications fundamentally run on a state machine. When you get to building more complex systems, issues in the state machines can become difficult to manage. In this article, Natalie Silvanovich explores some of the vulnerabilities in state machines that run messaging applications like Signal, JioChat, Mocha, Google Duo, and Facebook Messenger.
The popularity of IoT devices, like smart lights, smart homes, or smart coffee makers, has been growing substantially in recent years. These devices can be fun to use (or frustrating), and convenient, but when they're not very well secured. In this instructional article, Martin Hron presents how he hacked his way into a popular smart coffee maker be reverse engineering and modifying its firmware. Martin covers all the important, and subtle points, making this a very well fleshed out article packed full of information.
Pretty interesting article by Dan Goodin on how favicons can be used to get around restrictions on cookies to track users in most major browsers.
Now you guys know I try to only have the newest content, but you also know I occasionally make exceptions to the rule. Well this is one of them, because honestly, I care about security and keeping people informed about it on the web. In this article, Martijn van Lambalgen explains how malicious parties can trick web users when opening a new link, how to prevent it as a developer, and the performance costs of doing so.
Following along on the topic of security, in this article Omkar Hiremath describes what cross-site scripting is, how it's used in real life, and three different types of XSS attacks including reflected, stored, and DOM-based.
In the theme of the intro, this post is about browser security, and specifically, Chrome on Windows. In this article, Dylan does a deep dive into how he was able to inject function hook into the Chrome network service to read in plain text all data that was passed to the SSL function. Dylan then takes this a step further, reading all data that is passed between Chrome services.
Nothing more nostalgic of highschool math for me than the clunky body of a TI graphing calculator and the fun that could be had with it. In this justifiably extensive article, George Hilliard breaks down the iconic TI-84 and explores everything it was never meant to do.
More security related than programming, but this in this article, Adam Weidemann brings to light how a "government-backed entity based in North Korea" is up to some shady shenanigans, in an attempt to build credibility with the CompSec community. Stay vigilant, stay safe.
Pretty big news about the Log4Shell vulnerability, mostly because it's so prevalent. If you haven't heard it, check out this article by Free Wortley, Forrest Allison, and Chris Thompson that aims to inform you on trusted sources for information regarding the exploit and how to determine if you're affected/mitigate the issue if you are.
Ok as a heads up, this article is definitely not super technical, but it is a deep-dive into some areas related to articles I featured before. Plus it's just a fascinating story. Ronan Farrow presents how governments purchase and use spyware from groups like the NSO.
Why all of the security articles lately? Don't know, just been feeling them. In this one, Samuel Groß summarizes the fruits of reverse engineering iOS 14 to look for any signs of previous vulnerabilities to "memory corruption based 0-click exploits".
New ransomware is released into the wild constantly, although a lot of it can be grouped into "family" structures, due to shared commonalities. In this extensive article, as the title suggests, the author undertakes a very detailed analysis of a specific set of ransomware that was "responsible for the Colonial Pipeline attack on May 7 2021". It's very thorough.
I'm always cautious about adding browser extensions because it feels like I'm always giving them too much data or control. Well in this article, Wladimir Palant presents a cross-site scripting vulnerability in a seemingly harmless, popular browser extension.
I don't know if you ever messed with your school's computer system, but I doubt it was to this extent. In this article, the author describes how they and a group of people broke into their school district's network and commenced a mass Rick Rolling.
We've had a couple of articles that presented security issues as result of integer overflow. None of them really looked at this issue as a whole across multiple languages. In this informative article, the author explores why multiple integer types are necessary and how they're handled in different languages, and then presents their own solution.
"The root cause of many vulnerabilities are from the mishandling of numbers". Understandably so; how many of you actively think about the vulnerabilities of your code as you write it (excluding the high level topics like user sessions, etc)? Maxwell Dulin's article explores the different issues that might arise from using numbers in C, how you can spot them before they become truly costly.
The first article of two about running stuff where it wasn't mean to be running, in this article Neil Bostian describes the five year journey it took to get DOOM running on a Polycom VXX600 telephone. Why? Because he could.
Security researcher Alex Ilgayev gives a brief background on Github Actions, then dives into the juicy details of how they can exploited.
You wanna buy some hack? No? Well you might want to read Stephen Tong's extensive article on a "real-world, modern binary exploitation" that is only relevant to ARM, and not x86 prcoessors. Why? Because it's interesting. Stephen breaks the lengthy article into three main sections; "walkthrough of the binary, and a peek into the mindset of a vulnerability researcher", "memory ordering, lock-free programming, and how this can lead to sneaky bugs", and "exploiting an object lifetime heap corruption bug. How to get arbitrary read and write and finally, a shell".
But Alex! This isn't a super technical topic! You violently scream at your screen as spittle flies from your mouth and your fist slams against the table. To be fair, Aaron Powell does go into the code behind the exploit, and I, dear reader, just want you to be informed on how sophisticated some of these malicious attempts can be.
Natalie Silvanovich describes two vulnerabilities she found while doing a security analysis of Zoom.
Addison Crump presents how he wrote a smart fuzzer to find vulnerabilities in rBPF, which is extensively used by the Solana blockchain.
Martin Chlumecký does a very thorough deep-dive on the DirtyMoe malware, including explaining what it is and how every part of it works.
Maxwell Dulin carries out an SQL injection attack on his own site and shares what he found.
The NSO group has been in the news a lot recently, for many reasons (mostly political) which we won't get into. Something we can get into though is how a specific part of one of their exploits work. In this thorough article, Ian Beer & Samuel Groß uncover how the company used fake gifs to exploit iMessage.
Vladimir Martyanov does a deep dive into the technical workings of the Zloader 2 malware suite used to break into online banking accounts.
Jann Horn does a very deep and technical dive on exploiting a garbage collection race condition in the Linux kernel.
The PDF for the research paper can be found in the 7th comment. I didn't link it directly because I found the comments to be fairly interesting on the website. In the paper Duy-Phuc Pham, Damien Marion, Mathieu Mastio, and Annelie Heuser present how electromagnetic wave patterns can be used to identify malware on IoT devices.
The lengths to which malicious actors go to in order to get remote code execution on a machine always facinate me. But I totally understand the drive; the rush must be like solving an extremely challenging puzzle. Fortunately David Wells isn't a malicious actor, and has his article depicts the attack vector, presents the penetration method, and walks through the process, giving us a taste of what it takes to crack into someone's server via a service like "ManageEngine ServiceDesk Plus".
Omri Ben-Eliezer, Rajesh Jayaram, David P. Woodruff, and Eylon Yogev present methods for making streaming algorithms robust against an adversary who can observe and manipulate the stream itself.
Often times the firewall might be the only thing between you and the big bad web. It's especially essential in Windows, the OS for which the most malicious code exists (by far). James Forshaw's spanning article dives explores the ins and outs of the Windows firewall, starting with a primer on its architecture, continuing onto rules, spelunking into configurations, and concluding with AppContainer network restrictions.
CyberMasterV wrote a series of articles as a technical deep-dive on the Pegasus spyware.
- The Pegasus spyware was developed by the NSO group and analyzed by Amnesty International and CitizenLab
- The spyware is pretty noisy and logs messages using the Log.i method
- It logs messages from Facebook, Kakao, Skype, Twitter, Viber, Gmail, Android native email, Android native browser, and the default calendar
Connor McGarr goes on a very deep technical dive on the topic of exploiting VMs.
Ian Beer and Samuel Groß dive into the technical workings of the second stage of NSO's iMessage exploit that allowed them escape the IMTranscoderAgent sandbox.
In this series, Serhack (literally) picks apart an IP camera and goes through all of the internals, from hardware to software.
- Analyzing firmware takes a lot of time
- The internet of things brings a lot of new challenges to embedded software designing
- Most embedded operating systems use U-Boot
Andreas Kellas shows how a signed integer overflow in certain versions of SQLite can enable arbitrary code execution and result in a denial of service.
- The compiler’s representation of an important integer variable is semantically different in different parts of the program, called "divergent representations"
- This can lead to inconsistent interpretations of the variable when it overflows
- Andreas used binary and source code analyses to find more divergent representations in existing open-source codebases
Matteo Favar and Tim Blazytko extensively cover methods and techniques for de-obfuscating malicious code.
Michael Orlitzky illuminates how hardlinks on UNIX systems can be exploited.