|
BangersInMyKnickers posted:Has anyone come up with a way to detect the microcode support for Spectre mitigation on Windows besides the powershell module? My SCCM guys aren't pushing powershell version upgrades so I have a mixed bag of 5.1/5.0/4/3 and I think 5+ added the install-module cmdlet. see the "PowerShell Verification using a download from Technet (Earlier OS versions/Earlier WMF versions)" https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution also an update on triton https://www.midnightbluelabs.com/blog/2018/1/16/analyzing-the-triton-industrial-malware
|
# ¿ Jan 16, 2018 18:27 |
|
|
# ¿ May 14, 2024 03:11 |
|
i'm not a fan of bumping but it's feasible on that: https://www.youtube.com/watch?v=H4f1H6mYHOI at least in theory: https://www.youtube.com/watch?v=nO1zkWKK5dA e: lot more info on a practical attack: https://enterthecore.net/foiling-the-forever-lock-by-deviant-ollam/ Wiggly Wayne DDS fucked around with this message at 17:48 on Jan 17, 2018 |
# ¿ Jan 17, 2018 17:36 |
|
infernal machines posted:someone is claiming a practical attack based on meltdown/spectre, with no details of course https://twitter.com/josephfcox/status/954035036898160642
|
# ¿ Jan 18, 2018 22:18 |
|
well what else happened, don't keep us in suspense
|
# ¿ Jan 19, 2018 12:55 |
|
they're right next to the rowhammer in-the-wild attacks
|
# ¿ Jan 19, 2018 17:06 |
|
it is exceedingly unlikely and would be out of the norm given that rowhammer attacks are more potent, yet don't have any end-user relevant attacks going around. end of the day spectre+meltdown are read-only info disclosures. it'd be nice as a technique for escalating your rce, but on its own it's reliant on there being interesting memory on the device to read and being actively manipulated at the time of attack. servers care as they have private keys and external services that can be leveraged further combined with means of manipulating those independent processes. end users aren't likely to have a ssh server running to pivot to, or an access method outside of a browser. the most dangerous scenario then is an extremely motivated attacker knows the system inside-out, which password manager is running and gets them onto a site - while the password manager is handling passwords in memory - and uses that to access external services, but 2fa exists as do in-depth mitigations on the browser itself. really all history has shown is that criminal groups are incredibly slow to adopt to new exploit techniques, and your nation state attackers would rather not have that white elephant of a vuln sitting in their systems as well. there's a strange misconception on the quantity of black hat attackers producing malware, their development processes and sophistication. really that is a topic in dire need of analysis because the reality really doesn't add up to the expectation of competency there, even accounting for nsa exploits being released and turnaround time for those being used outside of targeted attacks
|
# ¿ Jan 19, 2018 18:27 |
|
good luck developing your patches in secret, tested extremely thoroughly across all possible permutations, and not waiting a decade to get them released. despite all the complaints given the wide scope and everyone rushing to patch this has gone over rather smoothly
|
# ¿ Jan 25, 2018 00:44 |
|
i'm pretty sure this still counts as a sec fuckup: https://www.washingtonpost.com/loca...097e_story.htmlquote:After his arrest last Jan. 31, Wertkin returned to Washington to clean out his Akin Gump office near Dupont Circle, where he removed and destroyed electronic and paper copies of other stolen cases “that I knew could further incriminate me,” he said in plea papers.
|
# ¿ Jan 25, 2018 18:00 |
|
welcome to procurement?
|
# ¿ Jan 25, 2018 23:29 |
|
i'm this entire thread https://twitter.com/tobiaschneider/status/957317886112124928
|
# ¿ Jan 27, 2018 22:19 |
|
it was around earlier e: thanks for not removing them from the server twitter Wiggly Wayne DDS fucked around with this message at 01:24 on Jan 28, 2018 |
# ¿ Jan 28, 2018 01:16 |
|
no one told osint about it
|
# ¿ Jan 28, 2018 18:27 |
|
it's just metadata what's the harm
|
# ¿ Jan 28, 2018 19:15 |
|
korean dmz is also fun
|
# ¿ Jan 28, 2018 19:40 |
|
at least the data is in a vacuum and isn't being corroborated by people who were at the bases: https://twitter.com/svblxyz/status/957703976014761984
|
# ¿ Jan 28, 2018 21:20 |
|
|
# ¿ May 14, 2024 03:11 |
|
military has policies on these devices anyway, it's lack of enforcement and exemptions
|
# ¿ Jan 30, 2018 12:07 |