The Hacker Secret #2: The Dynamite of Next Generation (Y) Attack focus on client-side exploitation with Software bugs, latest windows vulnerabilities, etc...
13. Web BrowserVulnerabilities
Google Chrome still secure !!
IE / Firefox / Safari still PWNED !!
ActiveX Control and JavaApplet stillTOP Hit for Attack!!
Web BrowserToolbar coming with other software
Using Heap Spraying via JavaScript
Focus on Client-Side Exploitation
14. Web BrowserVulnerabilities - IE
IE DHTML Behaviours User After Free
IETabular Data Control ActiveX Memory Corruption
IEWinhlp32.exe MsgBox Code Execution
Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption
(mshtml.dll) – No DEP/ASLR
24. MS Shortcut (LNK) Exploit
MSWindows Shell CouldAllow Remote Code Execution
Use DLL HijackingTechniques for exploitation
Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server
2008,7)
Patch release MS10-046 on August 24 2010
Attack Layer 8 – Client-Side Exploitation
New Generation ofTargetedAttacks – StuxnetWorm
StuxnetWorm – First Attack SCADA System and Iran nuclear reactor via USB
and Fileshares with Zero-dayWindows vulnerabilities
Stuxnet abused Auto-Run feature to spread (Just open it)
25. StuxnetWorms
MS Server Service Code Execution MS08-067 (Conficker
worms)
MS SMBv2 Remote Code Execution MS09-050
MS Shortcut (LNK)Vulnerability MS10-046
MS Print Spooler Service Code Execution MS10-061
MS Local Ring0 Kernel Exploit MS10-015
MS Keyboard Layout File MS10-073
Zero Day – MSTask Scheduler
26. Latest Zero Day – MS Local Kernel Exploit
(Win32k.sys)
MSWindows Local Kernel Exploit
Zero Day until Now !! – Still No Patch…
Affect every release of theWindows NT kernel (2000,XP,Server
2003,Vista,Server 2008,7)
Elevate Privilege from USER to SYSTEM
The Exploit takes advantage of a bug inWin32k.sys
Bypass User Account Control (UAC)
GetThe Hell
Outta Here !!