Конференция Zeronights 2017 - Главная

Zeronights 2017 -ppt Download

  • Date:28 Nov 2020
  • Views:1
  • Downloads:0
  • Size:4.92 MB

Share Presentation : Zeronights 2017

Download and Preview : Zeronights 2017

Report CopyRight/DMCA Form For : Zeronights 2017


Transcription:

Silver bulletvulnerabilities andbackdoor Hunting 30Kvendors using tiny licenseVladimir Dashchenko.
Sergey TemnikovKaspersky Lab The story What are those tokens Strange behavior.
Reaction Conclusion The beginning hasplms exe everywhere USB tokens.
The beginning Gemalto License tokens behaviorUsed for licensingNeeded every time when software in useSpoiler Gathers info about other licenses in.
Gemalto License tokens Worth of it In 2011 SafeNet Setinel owned by Gemalto in 2014 accounted for more than40 percent market share by revenue in North America and more than 60 percent in Europe c Frost and Sullivan Gemalto Euronext NL0000400653 GTO is the global leader in digital security with 2016.
annual revenues of 3 1 billion and customers in over 180 countries We bring trust to anincreasingly connected world c GemaltoApproximately 30 40K Vendors using such solution Gemalto License tokens Research Gemalto License tokens in a nutshell.
Gemalto sHardware SoftwareUSB token itself Driver Service Binaries.
Other stuff Gemalto License tokens behaviorDownloads Opens portPlug in USB Installationdriver 1947.
PC with internetOpens 1947 Adds toManual driverInstallation port firewallInstallation of Adds to.
Main software Main the driver 3rd Opens 1947 firewallpackage Installation party port whitelist Research ProtocolsHTTP Binary GET First 4 bytes .
POST binary size Research HTTP WebAvailable on 0 0 0 0403 by default from outsideBut there s a trick later on the slides .
Research hasplms exeVMProtect or alike packedGood botnetNo common security measures Research Shady features.
Undocumented API features and strange behavior First plug in USB token PC is locked and password protected if there s internet access automatically downloads driver installs opens 1947 TCP UDP portIf there s no internet access manual installation of the driver automaticallydownloads driver installs opens 1947 TCP UDP port port added to Windows Firewall.
white listThere s a hidden API function allowing to turn on turn off admin s web interface allows tochange configs of the Gemalto s SafeNet Sentinel Panel available on localhost by defaultUsing same hidden API it is possible to change configuration and set up malicious proxy server for package updates.
After setting a new malicious proxy it is possible using a strange build in logic to get aNTLM hash of a user who runs the hasplms exe SPOILER SYSTEM Research Total resultsCVE 2017 11496 Remote Code ExecutionCVE 2017 11497 Remote Code Execution.
CVE 2017 11498 Denial of ServiceCVE 2017 12818 Denial of ServiceCVE 2017 12819 NTLM hash capturingCVE 2017 12820 Denial of ServiceCVE 2017 12821 Remote Code Execution.
CVE 2017 12822 Remote manipulations with configuration filesRCE DEMO TIME Gemalto s reaction2016 05 12 Vulnerabilities reported2016 12 12 Reminder to vendor to provide feedback.
2017 03 01 First feedback from vendor2017 16 06 Vendor released private advisory2017 30 06 Vendor notified Kaspersky Lab ICS CERT2017 26 06 Vulnerabilities reported2017 26 06 First feedback from vendor.
2017 21 07 Vendor released security update2017 22 08 Vendor notified Kaspersky Lab ICS CERT Gemalto s reactionGemalto claims they notified all of their customers NotWe ve contacted several HUGE vendors They didn t get anything from Gemalto.
It kinda sucks you know Reaction time Q A TIME Sergey Temnikov Kaspersky comVladimir Dashchenko Kaspersky ... .
Gemalto License tokens in a nutshell . Gemalto’s USB License tokens. Hardware. Software. USB token itself. Driver. Web. Service. Binaries. Other stuff. Gemalto License tokens behavior. Plug-in USB . PC with internet access. Downloads driver. Installation. Opens port 1947. Adds to firewall whitelist . Manual driver download. Installation ...

Related Presentations

2013 zeronights ru

WTH is OLAP? Online analytical processing (OLAP) is an approach to formulate and answer multidimensional queries to . large. datasets. OLAP technologies developed by many software

4 Views0 Downloads

 ZeroNights

Web server . WebLogic /WebSphere. PS Servlets. Forwards request from a browser to an App Server. Application server . PS Services +Tuxedo + Jolt . Business logic, SQL transaction management, Transport. Database server. SystemTables, PeopleToolsmetadata, PeopleSoftapplicationdata. erpscan.com. ERPScan — invest in security to secure investments

0 Views0 Downloads

CIGFARO ANNUAL CONFERENCE 2017 09 11 OCTOBER 2017

Introduction and Background. Many definitions of IT governance are offered, with a focus on a number of objectives and principles. IT governance is the organised capacity to guide the formulation of IT strategy and plans, direct and/or control the development and implementation of initiative, and oversee IT operations in order to minimize risk, maximise return and build current and future value.

22 Views0 Downloads

SAP SICC Webinar Series 2017 18 October 11 2017 SAP and

SAP/SICC Webinar Series 2017-18October 11, 2017SAP and SICC as the Conduit to Stakeholder Groups. Presenters: Kansas Part C - Misty Goosen and Heather Staab

17 Views0 Downloads

Class of 2017 Orientation to 4th Year January 19 2017 Dr

Evaluation - Not a letter of recommendation. Font: size 12-18 for name, 12-14 for headings, 10-12 for text, choose a simple font and stick with it. Format: consistent, concise, reverse chronological order. ... scribe in an ER, and she put her experience to good use. She consistently did outstanding write-ups.

16 Views0 Downloads

NERAOC 2017 2017 National Extension amp Research

NERAOC 2017National Extension and Research Administrative OfficersWorking with people from other cultures: a challenge or an opportunity?Facing the new demographic of the United States . Maria G. Fabregas Janeiro, PhD. University of California. Assistant Director for 4-H Diversity and Expansion. NERAOC 2017. San Antonio, TX

12 Views0 Downloads

2017 All Personnel MeetingAugust 15 2017 my jessup edu

Fairness for All Legislation Framework: NAE & CCCU appear to be pushing. I am opposed and on the record against. CCCU likely split 2/3 to 1/3.

3 Views0 Downloads

2017 Arkansas AHRMM arkhospitals org

Society for Arkansas Healthcare Purchasing and Materials Management Capital Predictive Replacement PlanningECRI Institute April 27, 2017. Change system to Network ©2017 ECRI INSTITUTE

34 Views0 Downloads

CAQH General PPT 2017 NDEDIC Home

to collect and manage provider and member data. CAQH is a non-profit organization with the mission to streamline business processes in healthcare. CAQH is supported by its member plans and is driven by its collaboration with industry partners across various initiatives. This slide highlights the various undertaken by CAQH.

20 Views0 Downloads

Regulations July 2017

The CQF initiative is working to support semantically interoperable data exchange for (1) calling a service, sending patient data to a service for clinical decision support guidance and receiving clinical decision support guidance or quality measurement results in return, and (2) enabling a system to consume and internally execute decision ...

11 Views0 Downloads

2017 Global Radiology Services Market Trends Advisory

2017 Global Radiology Services Market Trends. Service Line Advisor. Presentation Title – Arial 24pt Regular, Title Case ... maintain quality. Global IR Drivers. Series 1 2016 2022 14800000 ... Algorithm segments image into various parts (e.g. bone vs. muscle) Key Takeaways.

27 Views0 Downloads

Department of Medicine Faculty Meeting February 28 2017

March 7th from 12-1pm in Wilkins. U. sing Your Time Wisely to Achieve Your Career Goals: Strategically saying yes and no. Josee Dupuis. March 23rd from 12-1pm in Evans 118. CV Boot Camp: Have your CV reviewed by members of the A&P Committee. March 23rd from 5-6pm in Evans Seminar Room (112A)

15 Views0 Downloads