%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
Strange security mitigations
1. Strange security mitigations
Tips and tricks from an attacker’s mind
Author: CoolerVoid
Tips and tricks to understand some typical vulnerabilities and how to mitigate them
following an untypical intelligent approach.
abr. 17, 2022
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
2. Summary
1 Whoamy
2 Depths of vulnerabilities (not all)
3 Always watch your home
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
4. Whoamy
Whoamy
Antonio Costa - CoolerVoid
Appsec tech leader
Cybersecurity engineer
Open-source programmer
Reverse engineer
github.com/CoolerVoid
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
5. Depths of vulnerabilities (not all)
Depths of vulnerabilities (not all)
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
6. Depths of vulnerabilities (not all)
Heap overflow
In late 2001, ”Vudo Malloc Tricks” by Michel ”MaXX” and ”Once
Upon A free()” defined the exploitation of overflowed dynamic
memory chunks on Linux.
late 2004, a series of patches to GNU libc malloc implemented over a
dozen mandatory integrity assertions, effectively rendering the existing
techniques to exploit obsolete.
Malloc Maleficarum by Phantasmal Phantasmagoria
dl.packetstormsecurity.net/papers/attack/MallocMaleficarum.txt
cwe.mitre.org/data/definitions/122.html
github.com/shellphish/how2heap
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
7. Depths of vulnerabilities (not all)
Heap overflow - Malloc resources
ptmalloc2 – glibc
jemalloc – FreeBSD and Firefox
tcmalloc – Google
libumem – Solaris
Hoard - CISCO, SAP and CreditSuisse
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
8. Depths of vulnerabilities (not all)
First rant, libraries alternatives
In late 2010
DieHard Allocator - DieHard: An error-resistant memory allocator for
Windows, Linux, and Mac OS X
microsoft.com/en-us/research/video/dieharder-securing-the-heap/
github.com/emeryberger/DieHard
In late 2017
FreeGuard: A Faster Secure Heap Allocator
https://arxiv.org/abs/1709.02746
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
9. Depths of vulnerabilities (not all)
Heart bleed in OpenSSL
OpenSSL library CVE-2014-0160
A missing bounds check in the handling of the TLS heartbeat
extension can be used to reveal up to 64k of memory to a connected
client or server.
https://www.openssl.org/news/secadv/20140407.txt
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
10. Depths of vulnerabilities (not all)
Second rant, libraries alternatives
OpenBSD’s LibreSSL
Memory sanitization is a central feature in LibreSSL that is lacking in
OpenSSL. Prior to the deallocation of objects, LibreSSL explicitly
zeros out memory using OpenBSD’s explicit_bzero(3) function. This
proactively reduces the impact of memory exposure in the event of a
future vulnerability or an unprivileged process that gains control of a
tainted memory segment.
Google’s BoringSSL
Currently BoringSSL is the SSL library in Chrome/Chromium and
Android.
BearSSL, MatrixSSL, mbedtls, PolarSSL, lib sodium and so on
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
11. Depths of vulnerabilities (not all)
Big check list
Stack buffer overflow, Heap Overflow, integer overflow, buffer
underflow, off-byone, memory leak, use after free, double free, race
conditions(TOCTOU), lack of ASLR, lack of DEP, lack of stack
cookie, lack of relro, lack of certificate pinning, lack of signature
check, RCE, IDOR, RFI, LFI, SSO, CSRF, SSRF , SSTI, XEE,
ReDOS, NoSQLi, SQLi, blind SQLi, XSS, blind XSS, DomXSS, Open
Redirect, Path traversal, Insecure deserealization, LDAP injection,
HQL injection, http parameter pollution, improper permissions,
uncontrolled upload, uncontrolled resource consumption, CSV
injection, graph injection, Denial of service, weak cryptography, lack
of salt, lack of secret key, lack of anti-tampering, lack of root detect,
lack of secomp/pledge, lack of rate limiting, lack of resource
anti-robot, lack of http header hardening, lack of anti-hooking,
misconfiguration, Uncontrolled Search Path Element, information
leak,hardcoded credentials, tempest attack...
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
12. Depths of vulnerabilities (not all)
Dark depths in vulnerabilities - fuzzing! AFL!
Figure: Magic the gathering card, dark depths by Mathias Kollros
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
13. Always watch your home
Always watch your home
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
14. Always watch your home
Allow list of syscalls
Enumerate syscalls of each resource
Linux’s seccomp() function
OpenBSD’s Pledge() function
Restrict a Container’s Syscalls with seccomp
github.com/antitree/syscall2seccomp
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
15. Always watch your home
Hide your treasures
Prevent hardcoded credentials using the proper vault
Uses a safe library example LibreSSL and lib sodium
Use safe algorithm for cryptography following OWASP, CERT and
NIST.
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
16. Always watch your home
LKM to hide and protect file system resources
Casper-fs is a custom Linux Kernel Module generator to work with
resources to protect or hide a custom list of files.
Each LKM has resources to protect or hide files following a custom
list in the YAML rule file.
Not even the root has permission to see the files or make actions like
edit and remove. The files only can be caught, edited, and deleted if
the user sends a proper key to the custom device.
github.com/CoolerVoid/casper-fs
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
17. Always watch your home
Master librarian to audit operational system libraries
Figure: from the game castlevania 1997
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
18. Always watch your home
Master librarian to audit operational system libraries
A tool to audit Unix/*BSD/Linux system libraries to find public
security vulnerabilities
Uses pkg-config resource to list all operational system libraries
github.com/CoolerVoid/master_librarian
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
19. Always watch your home
Vision to audit all services banners
Vision2 analyses the Nmap XML scanning results, parses each CPE
context, and correlates to search CVE on NIST. You can use that to
find public vulnerabilities in services
Uses nmap result to search security issues following NVD
github.com/CoolerVoid/Vision2
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
20. Always watch your home
LKM for Hidden firewall
Tool to generate a Linux kernel module for hidden and custom rules
with Netfilter hooking. (block ports, Hidden mode, firewall functions)
The motivation: in a bad situation, an attacker can put your
iptables/ufw to fall. But if you have HiddenWall, the attacker will not
find the hidden kernel module that blocks external access because it
has a hook to netfilter on kernel land(think like a second layer for
Firewall).
github.com/CoolerVoid/HiddenWall
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
21. Always watch your home
Shared Library Application Firewall ”SLAF”
Spock SLAF is a Shared Library Application Firewall ”SLAF”. It has
the purpose to protect any service that uses the OpenSSL library. The
SLAF inserts hooking to intercept all communication to detect
security anomalies and block and log attacks like buffer overflow, path
traversal, XXE and SQL injection.
github.com/CoolerVoid/spock_slaf
Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022