Post on 08-Jun-2015
description
The Dynamite of Next Generation (Y) Attack
Prathan Phongthiproek (Lucifer@CITEC)Senior Information Security Consultant
ACIS Professional Center
Who am I ?
CITEC Evolution Code Name “Lucifer”, Moderator, Speaker Instructor: Web Application (In) Security 101 Instructor: Mastering in Exploitation
ACIS Professional Center Red Team : Penetration Tester Instructor / Speaker Security Consultant / Researcher
Founder of CWH Underground Hacker Exploits, Vulnerabilities, Papers Disclosure
Milw0rm, Exploit-db, Security Focus, Secunia, Zeroday, etc http://www.exploit-db.com/author/?a=1275
Let’s Talk !?
Next Generation (Y) Attack from Software holes
Latest Microsoft Windows system vulnerabilities
Stuxnet Worm From USB
Next Generation (Y) Attack from Software holes
Malicious PDF
Still Hot !!!
Malicious PDF
Adobe Collect Email Info
Adobe GetIcon
Adobe Jbig2Decode
Adobe UtilPrintf
Adobe U3D Mesh Declaration
Adobe PDF Embedded EXE (Affect Adobe Reader < 9.4 and Foxit )
Adobe Cooltype Sing (Affect Adobe Reader < 9.4)
Adobe to implement Reader Sandbox on version 9.4+
Malicious PDF – Attack via MetaData
Malicious PDF – Open PDF file
Malicious PDF – Bypass Antivirus
Malicious PDF File
Malicious PDF – Disable JavaScript
PDF Embedded EXE Exploit
Web Browser Vulnerabilities
Web Browser Vulnerabilities
Google Chrome still secure !!
IE / Firefox / Safari still PWNED !!
ActiveX Control and Java Applet still TOP Hit for Attack!!
Web Browser Toolbar coming with other software
Using Heap Spraying via JavaScript
Focus on Client-Side Exploitation
Web Browser Vulnerabilities - IE
IE DHTML Behaviours User After Free
IE Tabular Data Control ActiveX Memory Corruption
IE Winhlp32.exe MsgBox Code Execution
Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption (mshtml.dll) – No DEP/ASLR
Web Browser Vulnerabilities - Toolbars
Web Browser Vulnerabilities – Drive By Download Attack
Web Browser Vulnerabilities – Drive By Download Attack
Web Browser Vulnerabilities – Drive By Download Attack
Web Browser Vulnerabilities – Drive By Download Attack
Web Browser Vulnerabilities – Drive By Download Attack
All IE versionsActivex and
Add-ons
Web Browser Vulnerabilities – Drive By Download Attack
Affect All Browser
W00T W00T !!
Drive By Download Attack via JavaApplet
Latest Microsoft Windows system vulnerabilities + Stuxnet Worm From USB
MS Shortcut (LNK) Exploit
MS Windows Shell Could Allow Remote Code Execution
Use DLL Hijacking Techniques for exploitation
Affect every release of the Windows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)
Patch release MS10-046 on August 24 2010
Attack Layer 8 – Client-Side Exploitation
New Generation of Targeted Attacks – Stuxnet Worm
Stuxnet Worm – First Attack SCADA System and Iran nuclear reactor via USB and Fileshares with Zero-day Windows vulnerabilities
Stuxnet abused Auto-Run feature to spread (Just open it)
Stuxnet Worms
MS Server Service Code Execution MS08-067 (Conficker worms)
MS SMBv2 Remote Code Execution MS09-050
MS Shortcut (LNK) Vulnerability MS10-046
MS Print Spooler Service Code Execution MS10-061
MS Local Ring0 Kernel Exploit MS10-015
MS Keyboard Layout File MS10-073
Zero Day – MS Task Scheduler
Latest Zero Day – MS Local Kernel Exploit (Win32k.sys)
MS Windows Local Kernel Exploit
Zero Day until Now !! – Still No Patch…
Affect every release of the Windows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)
Elevate Privilege from USER to SYSTEM
The Exploit takes advantage of a bug in Win32k.sys
Bypass User Account Control (UAC)
Get The Hell Outta
Here !!
Latest Attack Methodology
MS Shortcut (LNK) Exploit
Thank you
It’s not the END !!
See you tmr in “Rock'n Roll in Database Security”