Ekoparty 2009 – Deactivate the Rootkit – 2 days left.

•September 15, 2009 • Leave a Comment
Ekoparty Security Conference

Ekoparty Security Conference

Well… everybody knows Ekoparty. One of the most important Security Conferences at south america.  And a very important event in the local scene.

Of course, Alfred and I will be talking there. This’ll be a great opportunity for us to show all the PoC that we left out (coz of the Turbo Talk) in the past Black Hat – Las Vegas.

So, i hope you be there.

If you wanna share a beer (or two) and chat a bit.  Please drop me a msg.

Deactivate the rootkit – Black Hat Vegas 2009

•September 11, 2009 • 2 Comments
BlackHat 2009 - Vegas

BlackHat 2009 - Vegas

Has been a long time since my last post here… Alfred and I were working very hard for our last research/talk (the continuation of ‘Persistant BIOS Infection’) “Deactivate the rootkit” where we found that Computrace  (an Anti-Theft Technology system) comes by default on most of the laptops BIOSes and it can be controlled by an attacker compromising the whole system’s security mechanisms.

Im not going to explain all the research here… a lot has been said about this. We just did a turbo-talk at black hat ( a very long one, im really happy about that) and we didnt have the time to show all the proofs we gathered but we did it through Core. Here is all the stuff. Draw Your Own Conclusions

Slides: Black Hat – Las Vegas 2009

White Paper : Black Hat – Las Vegas 2009

Continue reading ‘Deactivate the rootkit – Black Hat Vegas 2009′

Persistent BIOS Infection at SyScan 2009

•June 26, 2009 • Leave a Comment
SyScan

SyScan

Alfred and I we’ll be giving our talk “Persistent BIOS Infection” at SyScan ‘09, Singapore.  This time with some added content and of course, with our multiple cOOl demos, including the one with the dismembered real box (i hope  not to have problems when traveling with the hardware).

If someone wants to meet and go out for a beer or something i’ll be glad. Just drop me some line here or at als.alsx@gmail.com

c ya there!

Our paper ‘Persistent BIOS Infection’ has been released… on Phrack!

•June 11, 2009 • 2 Comments

We finally did it.  Our paper is out, and the phrack #66 is the best place i can imagine to release it.  We had to run a lot this last days for getting the paper ready on time. I would like to thank  the whole Phrack team for putting together the outstanding issue that you can read right here.

Continue reading ‘Our paper ‘Persistent BIOS Infection’ has been released… on Phrack!’

Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability

•June 3, 2009 • Leave a Comment

AppleCups

Poor little CUPS… I feel bad for him.
I swear, i wasn’t looking for bugs in it (not for *new* bugs at least ;) ). It just crashed in my face…

At the beginning i didn’t give so much importance to it but CUPS is shipped as the default printing service for OS X and almost all Linux distributions. Besides, it’s a pre-auth vulnerability so… i think it was worth to release an advisory for it  – with the appropiated PoC and technical info, as usual -

So, here you have it.  have phun. :p

Continue reading ‘Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability’

Python winappdbg 1.0 is Out!

•April 22, 2009 • Leave a Comment
HotFuzz

HotFuzz

Mario Vilas, a very good friend of mine (and coworker) has released a very cool python module that allows developers to quickly code instrumentation scripts in Python under a Windows environment.

I’ve been folowing this project very close, testing some pre-releases,  and i must say that i cant wait to fuzz some stuff with this final version.

Continue reading ‘Python winappdbg 1.0 is Out!’

CanSecWest was great!. Here, the presentation slides.

•March 23, 2009 • 7 Comments

Ok, so, CanSecWest has finished. And i must say, It was an excellent conference.

CanSecWest Banner

We ‘ve talked on the second day and, although it was very early, there was a lot of -amazingly not drunk- people there.

Continue reading ‘CanSecWest was great!. Here, the presentation slides.’

Persistent BIOS Infection – CanSecWest

•February 2, 2009 • 3 Comments

After some time without news -as is usual around here- im back again, ready to say that i was confirmed as speaker at the CanSecWest conference that will be held March 16-20, at Vancouver, BC.

We will give a talk about a project what we’ve been working on with Alfredo Ortega (you know, the OpenBSD guy :) ) about a new generic binary method to get malicious code injected and executed into the computer BIOS. Yeah, that cute little chip…

I will post more details about the conference in some time. In the meanwhile, you can get more info at the CanSecWest website.

For those who are planning to attend the conference, we (Alfred & I) will be arriving 16/3, and of course, we are up for some beers.

Continue reading ‘Persistent BIOS Infection – CanSecWest’

My article at (IN)SECURE Magazine

•October 5, 2008 • Leave a Comment

Hey all. I’ve written an article called “The METHOD_NEITHER Odyssey” for the latest issue of the (IN)SECURE Magazine and you can download it here.

(IN)SECURE Magazine Nr. 18

(IN)SECURE Magazine Nr. 18

Continue reading ‘My article at (IN)SECURE Magazine’

Sun xVM VirtualBox Privilege Escalation Vulnerability

•August 5, 2008 • Leave a Comment

I’ve released a new advisory this past days addressing a new vulnerability i’ve found in the Windows Driver of VSun xVM VirtualBox. This is another example of the problems that must be faced when the METHOD_NEITHER method is used.

The vulnerability is deeply explained in the advisory. So, lets see it:

Continue reading ‘Sun xVM VirtualBox Privilege Escalation Vulnerability’