Question 1 Did you get root? We got the kernel, and from the kernel we got root. This is an often asked question and is actually the worst question we.

Slides:

Advertisements

Similar presentations

DNS Attack Dalia Solomon. CONFIGURATION KNOPPIX SDT STD stands for security tools distribution A bootable CD with Linux OS, Linux kernel STD focuses.

Advertisements

Understanding Your Laptop A scavenger hunt designed to help you get to know your new computer.

Datalink Access.

TOPIC LEARNING BTEC Level 3 Unit 28 Websites L01- All students will understand the web architecture and components which allow the internet and websites.

Tactics to Discover “Passive” Monitoring Devices

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

Chapter 7 Protocol Software On A Conventional Processor.

What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Unit 2 - Hardware Computer Security.

By: Nora R.. Problem Suppose x and y are real numbers such that xy = 9 and x²y + xy² + x + y = 100. What is the integer value of x² + y²?

Researchers turn USB cable into attack tool 報告人：劉旭哲.

An Introduction to UNIX Security A Presentation by Trey Evans

Year 8AD Speaking and Listening Assessment. Learning Objectives We will: Develop our ability to assess each others work using a success criteria Become.

Computer & Internet Security Sean Lanham, CISSP - ISO University of Texas at Arlington Information Security Office.

Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

IS Network and Telecommunications Risks Chapter Six.

Explicit Textual Evidence. When we read, we are often asked to __________ questions or __________ our ideas about the text.

Citing Textual Evidence

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008

Security flaws in Windows XP due to Kernel Complexity Presented by: Zubin Lalani Daniel Beech Professor : Mike Burmester.

Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.

Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.

SQ3R Video Review Method Survey, Question, Run through, Recite, Review. After Derek Rowntree (1970)

Aim: to be able to understand how to effectively identify your target audience.

MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.

CCSDS SOIS Working Group Meeting – Berlin, Germany 14th of October 2008 Prototyping of CCSDS SOIS services on 1553 Bus Sev Gunes-Lasnet, Olivier Notebaert.

ITI-510 Computer Networks ITI 510 – Computer Networks Meeting 6 Rutgers University Center for Applied Computer Technologies Instructor: Chris Uriarte.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Network Programming Chapter 1 Networking Concepts and Protocols.

Introducing the Smartphone Pentesting Framework Georgia Weidman Bulb Security LLC Approved for Public Release, Distribution Unlimited.

A PC Wakes Up A STORY BY VICTOR NORMAN. Once upon a time…  a PC (we’ll call him “H”) is connected to a network and turned on. Aside: The network looks.

Maths quiz KS 2: Use sequence in programs. Today we are learning about: Programs & Selection ●I can explain what selection is ●I can write a program using.

System Programming Basics Cha#2 H.M.Bilal. Operating Systems An operating system is the software on a computer that manages the way different programs.

JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

Outcome 3 (Video Games Industry) By Lewis Arnott Creative Industries in the UK.

COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.

DEFIANA ARNALDY,M.SI ANALYZING NETWORK PACKETS.

© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.

Information Systems in Organizations 2.2 Systems Architecture: Devices, Network, Data and Apps.

Android and IOS Permissions Why are they here and what do they want from me?

Remote Control System 7 Cyber intelligence made easy.

Kyler Rhoades. What is Jailbreaking? History The evais0n Jailbreak How evais0n Works.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Revision Chapter1/2 How many devices can be connected with one IDE/EIDE/PATA interface? How many devices can be connected with one SATA interface? What.

How Multimedia Affected Our Business What Happened?

Containers as a Service with Docker to Extend an Open Platform

CSC 482/582: Computer Security

Software Mr. Singh.

The Linux Operating System

Prepared by: Assistant prof. Aslamzai

Wireless Network Security

DEFCON TORONTO #4 Covering everything you need to know about the latest cyber attacks, zero days, data leaks, vulnerabilities and hacker lulz Presenter:

( … ONLINE POLLS... ) By Neerali Pattni.

Computer System Laboratory

Common Operating System Exploits

Welcome to OS Class!.

Net 323: NETWORK Protocols

CIT 480: Securing Computer Systems

CS 31006: Computer Networks – The Routers

Take out your notebook. Copy the following quote into your notes:

Server Management and Automation Windows Server 2012 R2

Presentation transcript:

Question 1 Did you get root? We got the kernel, and from the kernel we got root. This is an often asked question and is actually the worst question we have received. People asking this question have shown they are not familiar with OS architecture and device drivers. The answer is that once you have compromised a device driver you are running in ring-0, the highest privilege level on a processor. From this state and depending on how your shellcode is designed, you can do anything you want.

Question 2 What services were running? This attack happens at the network link layer. No IP packets were required for this attack.

Question 3 Ill pay you $10/$100/$1000 for a live demo! REALLY?? By doing a live demo we are in essence selling you a copy of the exploit. Its not for sale.

Question 4 Why was it a video? For the same reason we arent doing live demos. By doing this anyone in the audience with a sniffer will then have a copy of the exploit.

Question 5 How did you use a 3rd party card, there are no card slots? USB?!?!?!?!?!

Question 6 I saw some people quote you as saying the bug is in the built-in in card and other people quote you as saying as its not, who is right? They both are. The exploit shown in the video was targeting a specific third party driver and that same vulnerability does not affect the built in card. We are, however, doing ongoing research on the built-in card as well and have shared our findings with Apple.