j00ru vx tech blog
May 30th, 2010, 04:17
One of the biggest (best http://j00ru.vexillium.org/wp-includes/smilies/icon_wink.gif ) IT security-oriented conferences in Poland finished three days ago, in the wednesday evening. In the very first place, I would like to congratulate all the organisers, for their decision on where the event should be held, as well as how it should look like - during these two days, I had plenty of real fun!
CONFidence 2010 took place in Poland, on 25th and 26th of May, in the Kijów Cinema. The lectures were presented on two, independent tracks (thus everyone was able to find something for himself in any given moment), and regarded numerous, important security fields. In my opinion (and because of my specific interests), the best speeches were given by Sebastian Fernandez - "General notes about exploiting Windows x64", Mario Heidreich - "The Presence and Future of Web Attacks Multi-Layer Attacks and XSSQLI" and Alexey Tikhonow - "De-blackboxing of digital camera". I am really looking forward to see the slides being published as soon as possible. Meanwhile, you can find the complete conference schedule at http://2010.confidence.org.pl/agenda.
The ESET company (NOD32 software producent) has recently decided to organise two competitions with fun prizes - some detailed information can be found here ("http://www.eset.pl/nowosci/nowosci/wez-udzial-w-konkursie-eset-i-wygraj-jeden-z-dwoch-komputerow.html"). In short: the purpose of the first one was to create or project a security-related application of any kind. The second one was directed towards the conference attendees, as the goal was to find a correct serial key associated to a chosen user name, in a specially prepared executable file. A team consisting of Gynvael Coldwind ("http://gynvael.coldwind.pl/") and me managed to meet the latter objective, and therefore win the competition http://j00ru.vexillium.org/wp-includes/smilies/icon_smile.gif Due to the above, a short blog entry/article should be released soon, covering the exact way of generating a correct serial, having as little knowledge about the input data verification mechanisms, as only possible (stay tuned http://j00ru.vexillium.org/wp-includes/smilies/icon_wink.gif ). The CrackMe can be still downloaded from the CONFidence website: http://2010.confidence.org.pl/ESET/banner.html, and I encourage every one and each of you to take a look at this one.
Moreover, I had the pleasure (once more, with Gynvael's collaboration) to carry out one of the last presentations, dedicated to the Windows kernel vulnerabilities (related to CSRSS and the system registry), which I have often mentioned lately. I think this is a perfect opportunity to publish some advisory documents, containg more relevant, detailed information about the vulns, of a more technical nature. Below you can find a complete list of these:
The slides presented during our lecture can be found here ("http://vexillium.org/dl.php?confidence_slideshow.pdf") (1.6 MB).
I strongly encourage every conference attendee to share your opinion regarding the conference itself, as well as specifically the material talked over by us. http://j00ru.vexillium.org/wp-includes/smilies/icon_wink.gif
http://j00ru.vexillium.org/?p=363&lang=en
CONFidence 2010 took place in Poland, on 25th and 26th of May, in the Kijów Cinema. The lectures were presented on two, independent tracks (thus everyone was able to find something for himself in any given moment), and regarded numerous, important security fields. In my opinion (and because of my specific interests), the best speeches were given by Sebastian Fernandez - "General notes about exploiting Windows x64", Mario Heidreich - "The Presence and Future of Web Attacks Multi-Layer Attacks and XSSQLI" and Alexey Tikhonow - "De-blackboxing of digital camera". I am really looking forward to see the slides being published as soon as possible. Meanwhile, you can find the complete conference schedule at http://2010.confidence.org.pl/agenda.
The ESET company (NOD32 software producent) has recently decided to organise two competitions with fun prizes - some detailed information can be found here ("http://www.eset.pl/nowosci/nowosci/wez-udzial-w-konkursie-eset-i-wygraj-jeden-z-dwoch-komputerow.html"). In short: the purpose of the first one was to create or project a security-related application of any kind. The second one was directed towards the conference attendees, as the goal was to find a correct serial key associated to a chosen user name, in a specially prepared executable file. A team consisting of Gynvael Coldwind ("http://gynvael.coldwind.pl/") and me managed to meet the latter objective, and therefore win the competition http://j00ru.vexillium.org/wp-includes/smilies/icon_smile.gif Due to the above, a short blog entry/article should be released soon, covering the exact way of generating a correct serial, having as little knowledge about the input data verification mechanisms, as only possible (stay tuned http://j00ru.vexillium.org/wp-includes/smilies/icon_wink.gif ). The CrackMe can be still downloaded from the CONFidence website: http://2010.confidence.org.pl/ESET/banner.html, and I encourage every one and each of you to take a look at this one.
Moreover, I had the pleasure (once more, with Gynvael's collaboration) to carry out one of the last presentations, dedicated to the Windows kernel vulnerabilities (related to CSRSS and the system registry), which I have often mentioned lately. I think this is a perfect opportunity to publish some advisory documents, containg more relevant, detailed information about the vulns, of a more technical nature. Below you can find a complete list of these:
Furthermore, a package including all the above advisories is available to be downloaded here ("http://vexillium.org/dl.php?Hispasec_Advisories.zip") (864 kB).
Windows CSRSS Local Privilege Elevation Vulnerability ("http://vexillium.org/dl.php?HISPASEC_CSRSS_Priv_Escal.pdf") (CVE-2010-0023 ("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0023"))
Windows Kernel Null Pointer Vulnerability ("http://vexillium.org/dl.php?HISPASEC_Local_DoS1.pdf") (CVE-2010-0234 ("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0234"))
Windows Kernel Symbolic Link Value Vulnerability ("http://vexillium.org/dl.php?HISPSAEC_Local_DoS2.pdf") (CVE-2010-0235 ("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0235"))
Windows Kernel Memory Allocation Vulnerability ("http://vexillium.org/dl.php?HISPASEC_Buffer_Overflow.pdf") (CVE-2010-0236 ("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0236"))
Windows Kernel Symbolic link Creation Vulnerability ("http://vexillium.org/dl.php?HISPASEC_Registry_Local_Priv_Escal.pdf") (CVE-2010-0237 ("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0237"))
Windows Kernel Symbolic link Information Disclosure ("http://vexillium.org/dl.php?HISPASEC_Info_Disclosure.pdf") (CVE-2010-0237 ("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0237"))
Windows Kernel Registry Key Vulnerability ("http://vexillium.org/dl.php?HISPASEC_Race_Condition.pdf") (CVE-2010-0238 ("http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0238"))
The slides presented during our lecture can be found here ("http://vexillium.org/dl.php?confidence_slideshow.pdf") (1.6 MB).
I strongly encourage every conference attendee to share your opinion regarding the conference itself, as well as specifically the material talked over by us. http://j00ru.vexillium.org/wp-includes/smilies/icon_wink.gif
http://j00ru.vexillium.org/?p=363&lang=en
Good job!