Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware

LAS VEGAS – Researchers said they found buffer overflow flaws in the firmware for ASRock and ASUS, potentially enabling bad actors to remotely launch man-in-the-middle MITM attacks. The findings, which will be presented Wednesday at Black Hat USA this week by researchers from Eclypsium, show that...

Design/Logic Flaw

Android devices with code from Ragentek contain a privileged binary that performs over-the-air OTA update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs,...

Educational Ubuntu Linux Rootkit

The rootkit was tested to work on Linux kernels 2.6.32-38 and 4.4.0-22 as provided by Ubuntu in Ubuntu 10.04.4 LTS and Ubuntu 16.04 LTS respectively, but it should be very easy to port to kernels in-between, as well as newer ones. There is some architecture-specific code in the rootkit which is...

Lightweight and Practical Kernel Protector for x86: Shadow-Box

Shadow-box is a security monitoring framework for operating systems using state-of-the-art virtualization technologies. Shadow-box has a novel architecture inspired by a shadow play. We made Shadow-box from scratch, and it is primarily composed of a lightweight hypervisor and a security monitor...

GLSA-201805-11 : Rootkit Hunter: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201805-11 Rootkit Hunter: User-assisted execution of arbitrary code A vulnerability was discovered in Rootkit Hunter that allows the downloading of mirror updates over insecure channels HTTP. Furthermore, the mirror update is then...

Rootkit Hunter: User-assisted execution of arbitrary code

Background Scans for known and unknown rootkits, backdoors, and sniffers. Description A vulnerability was discovered in Rootkit Hunter that allows the downloading of mirror updates over insecure channels HTTP. Furthermore, the mirror update is then executed in Bash. Impact A remote attacker, by...

JShielder - Automates The Process Of Installing All The Necessary Packages To Host A Web Application And Hardening A Linux Server

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server wi...

DefenseMatrix - Full security solution for Linux Servers

Full security solution for Linux Servers. SCUTUM is to be added into DefenseMatrix Project After consideration, SCUTUM, as a nice firewall controller, is to be added into DefenseMatrix. It will soon replace the iptables controller and arptables controller in DefenseMatrix. Expect lots of...

Python-Rootkit - Python Remote Administration Tool (RAT) To Gain Meterpreter Session

This is a full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse httpsMetasploit connection to your listening machine. ViRu5 life cycle Bypass all anti-virus. Inject a malicious powershell script into memory...

Linux Expl0rer - Easy-To-Use Live Forensics Toolbox For Linux Endpoints

Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask. Capabilities ps View full process list Inspect process memory map & fetch memory strings easly Dump process memory in one click Automaticly search hash in public services VirusTotal AlienVault OTX users users list...

Diamorphine - LKM Rootkit for Linux Kernels 2.6.x/3.x/4.x

Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x Features When loaded, the module starts invisible; Hide/unhide any process by sending a signal 31; Sending a signal 63to any pid makes the module become invisible; Sending a signal 64to any pid makes the given user become root; Files or...

Reptile - LKM Linux Rootkit

Reptile is a LKM rootkit for evil purposes. If you are searching stuff only for study purposes, see the demonstration codes. Features Give root to unprivileged users Hide files and directories Hide files contents Hide processes Hide himself Boot persistence Heaven's door - A ICMP/UDP port-knockin...

Secure BIOS/UEFI Set-up Incomplete in Lenovo E95 and ThinkCentre M710s/M710t - us

Lenovo Security Advisory: LEN-17417 Potential Impact: Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3771 Summary Description: System boot process is not adequately secured...

chkrootkit: Local privilege escalation

Background chkrootkit is a tool to locally check for signs of a rootkit. Description When /tmp is mounted without the noexec option chkrootkit will execute files in /tmp with root privileges. Impact A local attacker could possibly execute arbitrary code with root privileges. Workaround Users shou...

September 5, 2017 – Morning Cyber Coffee Headlines – “The Office” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 5, 2017 - Headlines Carbon Black in the News: Carbon Black’s Cb Defen...

Koadic - COM Command & Control Framework (JScript RAT)

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

3 New CIA-developed Hacking Tools For MacOS & Linux Exposed

WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed 'Imperial,' which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems. ...

Adware the series, the final: Tools section

So far in this series, we have handed you some methods to recognize and remediate adware. We used this diagram as a guideline. During this journey, we have touched upon several free tools that we used to get some insight on what type of infection we were dealing with and where the adware could be...

Schneider Electric Pelco VideoXpert Privilege Escalation Vulnerability

Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag full for the 'Users' group, for...

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH Secure Shell credentials from targeted Windows and Linux operating systems using different attack vectors. Secure Shell or...