Week 27 In Review – 2016

Resources

Exploring and exploiting Lenovo firmware secrets – blog.cr4.sh
Hi, everyone! In this article I will continue to publish my research of Lenovo ThinkPad’s firmware. Previously I shown how to discover and exploit SMM callout vulnerabilities on example of SystemSmmAhciAspiLegacyRt UEFI driver 1day vulnerability. Also, I introduced a small toolkit called fwexpl that provides API for comfortable development of firmware exploits for Windows platform.

How to Compromise the Enterprise Endpoint – googleprojectzero.blogspot.fr
Symantec is a popular vendor in the enterprise security market, their flagship product is Symantec Endpoint Protection. They sell various products using the same core engine in several markets, including a consumer version under the Norton brand.

A Case Study in Attacking KeePass – www.harmj0y.net
We see a lot of KeePass usage while on engagements. In the corporate environments we operate in, it appears to be the most common password manager used by system administrators. We love to grab admins’ KeePass databases and run wild, but this is easier said than done in some situations, especially when key files (or Windows user accounts) are used in conjunction with passwords.

Tools

Researching protection and recovering Namco System ES1 arcades – medium.com
This story began right after my old research of infamous Korean arcade machine 3 years ago: Tank! Tank! Tank! coin-op by Namco had HDD fault (which is not surprise as Namco uses Seagate 7200.12, not known for it’s reliability). Working arcade HDD was taken to make a copy from it using WinHex in Windows, after that the game won’t start.

Techniques

Extracting Qualcomm’s KeyMaster Keys – Breaking Android Full Disk Encryption – bits-please.blogspot.com
After covering a TrustZone kernel vulnerability and exploit in the previous blog post, I thought this time it might be interesting to explore some of the implications of code-execution within the TrustZone kernel. In this blog post, I’ll demonstrate how TrustZone kernel code-execution can be used to effectively break Android’s Full Disk Encryption (FDE) scheme.

Vulnerabilities

Alarm systems alarmingly insecure. Oh the irony – pentestpartners.com
Today we have alarms with Internet connectivity, mobile apps, home automation integration, and video verification – where the detectors have integrated video cameras, installed in your home.

While you filled your face at Noodles and Co, malware was slurping your bank cards – www.theregister.co.uk
The biz admitted today that hundreds of restaurants in 28 US states were infected with card-stealing software nasties that harvested customer card names, numbers, expiration dates, and CVV codes. The malware was believed to have been active and siphoned card details between January 31 and June 2 of this year.

Other News

How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law – motherboard.vice.com
There are big “no trespassing” signs affixed to most of our electronics. If you own a gaming console, laptop, or computer, it’s likely you’ve seen one of these warnings in the form of a sticker placed over a screw or a seam: “Warranty void if removed.”