POPULARITY
In this episode of the mnemonic security podcast, Robby is joined by Dustin Childs, Head of Threat Awareness at Trend Micro's Zero Day Initiative (ZDI). Dustin explains the ZDI's role in purchasing and analysing vulnerabilities to provide early protection for customers and how zero days – previously unknown vulnerabilities – become "n-days" once disclosed or patched.The conversation highlights the critical importance of timely patching, the risks posed by bad patches, and the concept of virtual patching as a defence strategy. Dustin also delves into attack surface monitoring, the evolving threat landscape, and the ongoing challenges of balancing security and usability in modern networks.Send us a text
Podcast: Aperture: A Claroty PodcastEpisode: ZDI's Dustin Childs on Pwn2Own MiamiPub date: 2021-11-15Dustin Childs of the Zero Day Initiative (ZDI) joins Claroty's Aperture podcast to discuss the upcoming Pwn2Own Miami hacking contest. This is the only hacking contest focused on finding zero-day vulnerabilities in industrial control systems (ICS) and operational technology (OT), and it will be held during the S4 conference in January. Childs is a veteran of the security industry and Pwn2Own, which is 16 years old. Pwn2Own Miami will be the second such event with an ICS focus. Researchers will compete for a prize pool over more than $300,000; four technology categories are in scope at this year's event: control servers, OPC servers, data gateways, and HMIs. Childs explains Pwn2Own Miami's hybrid approach that will allow competitors to enter either virtually or on-site, how Pwn2Own works, and what the disclosure process is like with affected vendors once a zero-day is demonstrated. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Dustin Childs of the Zero Day Initiative (ZDI) joins Claroty's Aperture podcast to discuss the upcoming Pwn2Own Miami hacking contest. This is the only hacking contest focused on finding zero-day vulnerabilities in industrial control systems (ICS) and operational technology (OT), and it will be held during the S4 conference in January. Childs is a veteran of the security industry and Pwn2Own, which is 16 years old. Pwn2Own Miami will be the second such event with an ICS focus. Researchers will compete for a prize pool over more than $300,000; four technology categories are in scope at this year's event: control servers, OPC servers, data gateways, and HMIs. Childs explains Pwn2Own Miami's hybrid approach that will allow competitors to enter either virtually or on-site, how Pwn2Own works, and what the disclosure process is like with affected vendors once a zero-day is demonstrated.
Podcast: Aperture: A Claroty PodcastEpisode: Dustin Childs on Vulnerability Disclosure, Pwn2Own, ZDIPub date: 2020-11-18Dustin Childs, Communications Manager for the Zero Day Initiative (ZDI) joins the Aperture podcast to talk about vulnerability disclosure and its evolution since the early 2000s. Dustin also covers the legacy of ZDI as a vulnerability clearinghouse as it turns 15 this year, some milestones for bug-hunters, and the role of Pwn2Own in maturing disclosures for vendors and researchers alike. The conversation also includes the growing interest in uncovering vulnerabilities in industrial control systems and the very different patching dynamic for operational technology. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Dustin Childs, Communications Manager for the Zero Day Initiative (ZDI) joins the Aperture podcast to talk about vulnerability disclosure and its evolution since the early 2000s. Dustin also covers the legacy of ZDI as a vulnerability clearinghouse as it turns 15 this year, some milestones for bug-hunters, and the role of Pwn2Own in maturing disclosures for vendors and researchers alike. The conversation also includes the growing interest in uncovering vulnerabilities in industrial control systems and the very different patching dynamic for operational technology.
The SecureWorld Sessions is a new cybersecurity podcast that gives you access to people and ideas that impact your career and help you secure your organization. The featured interview is with Brian Gorenc who runs the Zero Day Initiative (ZDI), which is the largest vendor agnostic bug bounty program in the world. Why do white hats hack? How does a newly discovered security vulnerability become a patch? Has the bug bounty concept peaked? And more. Trend Micro is our exclusive podcast partner. LINKS: Zero Day Initiative: https://www.zerodayinitiative.com/ Brian Gorenc @MaliciousInput: https://twitter.com/maliciousinput SecureWorld conference calendar: https://www.secureworldexpo.com/events SecureWord web conferences: https://www.secureworldexpo.com/resources?cat=web-conferences
Microsoft Windows es el sistema operativo más utilizado por los usuarios a nivel mundial. Es por ello que cuando surge una vulnerabilidad afecta a mucha gente. Los ciberdelincuentes, de hecho, ponen sus miras en aquello que tiene más usuarios, ya que es aquí donde más éxito puede tener una hipotética explotación. Hoy nos hacemos eco de una nueva vulnerabilidad, un fallo de seguridad que afecta a Windows y para la que, al menos de momento, no existe parche. Un problema que pone en riesgo a quienes utilicen este sistema operativo. Concretamente se trata de un fallo de seguridad que afecta al componente JScript de Windows. Esto podría permitir a un atacante ejecutar código malicioso en el equipo de forma remota. Ha sido descubierto por Dmitri Kaslov, de Telspace Systems. Este investigador trasladó su descubrimiento a Zero-Day Initiative (ZDI), de Trend Micro. Los expertos de ZDI informaron de esta vulnerabilidad a los responsables de Microsoft. De momento el gigante del software no ha lanzado ningún parche que solucione este problema. Es por ello que desde ZDI no han querido dar un informe exhaustivo del problema y únicamente se han limitado a hacer un resumen de esta vulnerabilidad. Según este resumen que mencionamos, un atacante de forma remota podría introducir código malicioso en el equipo de la víctima. Esta vulnerabilidad afecta al componente JScript. Es por ello que la única condición es que el atacante logre engañar a la víctima y haga que acceda a una página configurada de forma maliciosa y ahí descargar e instalar un archivo JS modificado. Como hemos mencionado, desde Trend Micro no han querido detallar mucho más acerca de esta vulnerabilidad por la propia seguridad de los usuarios. Brian Gorenc, director de ZDI ha mencionado que, debido a la sensibilidad de este error, no quieren proporcionar demasiados detalles hasta que Microsoft saque un parche de seguridad que solucione la vulnerabilidad. Eso sí, los expertos han indicado que esta vulnerabilidad no tiene que ser tan peligrosa como pueda parecer en un principio. No permite un compromiso total del sistema. Esta vulnerabilidad ha recibido una puntuación de 6,8 sobre 10 en la escala de gravedad CVSSv2. Se trata, eso sí, de una puntuación bastante elevada si la comparamos con la mayoría de vulnerabilidades que se detectan. En definitiva, Microsoft Windows tiene una vulnerabilidad para la que todavía no hay solución. Este problema permitiría a un atacante de forma remota ejecutar código malicioso en el equipo de la víctima. A la espera de un parche definitivo por parte de Microsoft, nuestro consejo es mantener siempre nuestros sistemas actualizados. De esta manera podremos hacer frente a las amenazas más recientes y que puedan poner en riesgo el buen funcionamiento de nuestros dispositivos. También es importante contar con programas y herramientas de seguridad. Pero si hay algo que puede proteger al usuario en muchos casos es el sentido común. Hay que evitar caer en engaños, en links fraudulentos, por ejemplo, que puedan llegarnos a través de correos electrónicos y redes sociales.
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Joshua-Smith-High-Def-Fuzzing-Exploitation-Over-HDMI-CEC-UPDATED.pdf High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC Joshua Smith Senior Security Researcher, HP Zero Day Initiative The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece of modern home theater equipment has HDMI support and most modern mobile devices actually have HDMI-capable outputs, though it may not be obvious. Lurking inside most modern HDMI-compatible devices is something called HDMI-CEC, or Consumer Electronics Control. This is the functionality that allows a media device to, for example, turn on your TV and change the TV’s input. That doesn’t sound interesting, but as we'll see in this presentation, there are some very surprising things an attacker can do by exploiting CEC software implementations. Then there's something called HEC or HDMI Ethernet Connection, which allows devices to establish an Ethernet connection of up to 100Mbit/s over their HDMI connections (newer HDMI standards raise the speed to 1Gbit/s). Don't think your mobile phone implements CEC? You might be wrong. Most modern Android-based phones and tablets have a Slimport(r) connection that supports HDMI-CEC. Ever heard of MHL (Mobile High-Definition Link)? Think Samsung and HTC (among other) mobile devices, and many JVC, Kenwood, Panasonic, and Sony car stereos – as many as 750 million devices in the world so far. Guess what? MHL supports HDMI-CEC as well. Let's explore, and own, this attack space. Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program, which represents the world’s largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. Joshua is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force in various roles including as an Intercontinental Ballistic Missile (ICBM) Crew Commander and Instructor, but more relevantly as a penetration tester for the 92d Information Warfare Aggressor Squadron. Post-military, he became a security engineer at the John Hopkins University Applied Physics Lab, where he began contributing to the Metasploit Framework. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls. Smith was drawn to ZDI for the chance to work with a world-wide network of security researchers while continuing his own vulnerability research. When not researching software vulnerabilities, Josh enjoys raising his two young hackers-to-be and watching sci-fi since he can't play sports anymore (there's no tread left on his knees). Twitter: @kernelsmith, @thezdi
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Hariri-Spelman-Gorenc-Abusing-Adobe-Readers-JavaScript-APIs.pdf Abusing Adobe Reader’s JavaScript APIs Brian Gorenc Manager, HP’s Zero Day Initiative Abdul-Aziz Hariri Security Researcher, HP’s Zero Day Initiative Jasiel Spelman Security Researcher, HP’s Zero Day Initiative Adobe Reader’s JavaScript APIs offer a rich set of functionality for document authors. These APIs allow for processing forms, controlling multimedia events, and communicating with databases, all of which provide end-users the ability to create complex documents. This complexity provides a perfect avenue for attackers to take advantage of weaknesses that exist in Reader’s JavaScript APIs. In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We’ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we’ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption. Brian Gorenc is the manager of Vulnerability Research with Hewlett-Packard Security Research (HPSR). In this role, Gorenc leads the Zero Day Initiative (ZDI) program, which is the world’s largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world’s most popular software. Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions. Prior to joining HP, Gorenc worked for Lockheed Martin on the F-35 Joint Strike Fighter (JSF) program. In this role, he led the development effort on the Information Assurance (IA) products in the JSF’s mission planning environment. Twitter: @maliciousinput Abdul-Aziz Hariri is a security researcher with Hewlett-Packard Security Research (HPSR). In this role, Hariri analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero Day Initiative (ZDI) program, which is the world's largest vendor-agnostic bug bounty program. His focus includes performing root-cause analysis, fuzzing and exploit development. Prior to joining HP, Hariri worked as an independent security researcher and threat analyst for Morgan Stanley emergency response team. During his time as an independent researcher, he was profiled by Wired magazine in their 2012 article, “Portrait of a Full-Time Bug Hunter”. Twitter: @abdhariri Jasiel Spelman is a vulnerability analyst and exploit developer for the Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability, followed by developing exploits for accepted cases. Prior to being part of ZDI, Jasiel was a member of the Digital Vaccine team where he wrote exploits for ZDI submissions, and helped develop the ReputationDV service from TippingPoint. Jasiel's focus started off in the networking world but then shifted to development until transitioning to security. He has a BA in Computer Science from the University of Texas at Austin. Twitter: @wanderingglitch HP’s Zero Day Initiative, Twitter: @thezdi
Slides here; https://defcon.org/images/defcon-22/dc-22-presentations/Gorenc-Molinyawe/DEFCON-22-Brian-Gorenc-Matt-Molinyawe-Blowing-Up-The-Celly-UPDATED.pdf Blowing up the Celly - Building Your Own SMS/MMS Fuzzer Brian Gorenc ZERO DAY INITIATIVE, HP SECURITY RESEARCH Matt Molinyawe ZERO DAY INITIATIVE, HP SECURITY RESEARCH Every time you hand out your phone number you are giving adversaries access to an ever-increasing attack surface. Text messages and the protocols that support them offer attackers an unbelievable advantage. Mobile phones will typically process the data without user interaction, and (incorrectly) handle a large number of data types, including various picture, audio, and video formats. To make matters worse, you are relying on the carriers to be your front line of defense against these types of attacks. Honestly, the mobile device sounds like it was custom built for remote exploitation. The question you should be asking yourself is: How do I find weaknesses in this attack surface? This talk will focus on the "do-it-yourself" aspect of building your own SMS/MMS fuzzer. We will take an in-depth look at exercising this attack surface virtually, using emulators, and on the physical devices using OpenBTS and a USRP. To help ease your entry into researching mobile platforms, we will examine the messaging specifications along with the file formats that are available for testing. The value of vulnerabilities in mobile platforms has never been higher. Our goal is to ensure you have all the details you need to quickly find and profit from them. Brian Gorenc is the manager of Vulnerability Research in HP's Security Research organization where his primary responsibility is running the world’s largest vendor-agnostic bug bounty program, the Zero Day Initiative (ZDI). He’s analyzed and performed root cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions. Brian’s current research centers on discovering new vulnerabilities, analyzing attack techniques, and identifying vulnerability trends. His work has led to the discovery and remediation of numerous critical vulnerabilities in Microsoft, Oracle, Novell, HP, open-source software, SCADA systems, and embedded devices. He has also presented at numerous security conferences such as Black Hat, DEF CON, and RSA. Matt Molinyawe is a vulnerability analyst and exploit developer for HP’s Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability. He was also part of HP’s winning team at Pwn2Own/Pwn4Fun who exploited Internet Explorer 11 on Windows 8.1 x64. Prior to being part of ZDI, he worked at L-3 Communications, USAA, and General Dynamics – Advanced Information Systems. In his spare time, he was also a 2005 and 2007 US Finalist as a Scratch DJ. He also enjoys video games and has obtained National Hero status in QWOP and beat Contra using only the laser without dying a single time. Matt has a B.S. in Computer Science from the University of Texas at Austin.