Breaking, Misc

Attack llvmpipe Graphics Driver from Chromium

In this post, we are discussing a bug we came across in Mesas llvmpipe Gallium3D graphics driver. This bug was accessible through Chromium’s WebGL implementation and can provide control of the program counter (pc) within Chromium’s GPU process if llvmpipe is used. Llvmpipe is a software rasterizer that is used on Linux if no hardware acceleration (graphics card) is available. This is a pretty rare edge case as llvmpipe has no widespread use. An estimate by Google is that approx 0.06% of the Chromium users are affected by this. However, as this is a simple but valid Chromium bug, we want to give you a quick walkthrough. The issue is tracked as CVE-2021-21153 and was fixed in February 2020.

Continue reading “Attack llvmpipe Graphics Driver from Chromium”

Continue reading
Misc

BSI veröffentlicht Hardening Guide, Protokollierungs-Empfehlung und zugehörige GPOs für Windows 10 im Rahmen der SiSyPHuS-Studie

Wir freuen uns, dass das Bundesamt für Sicherheit in der Informationstechnik (BSI) im Rahmen des gemeinsam mit ERNW durchgeführten SiSyPHuS Win10-Projekts (Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10) heute (ca. 10 Uhr) die nächsten drei Arbeitspakete veröffentlicht:

  • Empfehlung zur Härtung von Windows 10 mit Bordmitteln
  • Empfehlung zur Konfiguration der Protokollierung in Windows 10
  • Gruppenrichtlinien zu den Konfigurationsempfehlungen für Härtung und Protokollierung für Windows 10

In den Dokumenten finden sich unterschiedliche Empfehlungen für Domänenmitglieder (mit normalem und mit hohem Schutzbedarf) und Einzelplatzrechner. Die Dokumente bauen auf den Empfehlungen von Microsofts Security Baseline und dem CIS Benchmark für Windows 10 auf und ergänzen diese in von Microsoft und CIS nicht betrachteten Bereichen oder modifizieren sie dort, wo es aus Erfahrung von ERNW im Hardening von Windows-Systemen sinnvoll ist.

Sie finden die Dokumente hier.

Wir hoffen, damit zur Sicherheit von Windows-Umgebungen beitragen zu können, und wünschen Ihnen viel Spaß bei der Lektüre!

 

German Federal Office for Information Security (BSI) Publishes Hardening Guideline, Logging Guideline And Related GPOs for Windows 10

We are happy to announce that today the BSI publishes several documents that ERNW created as part of the long-term SiSyPHuS Win10-Project (ger: “Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10”, en: “Study on System Integrity, Logging, Hardening and Security relevant Functionality in Windows 10”):

  • Hardening Guideline
  • Logging Guideline
  • GPOs for the Guidelines

The guidelines are built on recommendations from Microsoft´s Security Baseline, CIS Benchmarks and ERNW´s expertise.

You  can find the documents and GPOs here.

Let’s make the Windows world a safer place, and have fun reading!

Cheers,

Friedwart.

Continue reading
Misc

Of Corona, Buggy Audio Drivers and Industrial Espionage

The Situation

Last year, the CISO of a customer sent me a laptop for analysis. The reason was that he feared the company could have been victim of industrial espionage. Starting in spring 2020, the IT help desk got several employee laptops with full hard drives, caused by a huge amount of audio recordings. The audio files contained recordings even of highly sensitive telephone conferences. An automated scan on all employee computers for such audio recordings showed that about 300 devices were affected. Continue reading “Of Corona, Buggy Audio Drivers and Industrial Espionage”

Continue reading
Events

Summary of “Software-Defined Radio applied to security assessments” at Troopers21

The training Software-Defined Radio applied to security assessments was held by Sébastien Dudek at Troopers21 and was remotely organized – like most other events – due to Covid-19. Once we were all caffeinated, we had an exciting journey through basically all things radio.

Continue reading “Summary of “Software-Defined Radio applied to security assessments” at Troopers21″

Continue reading
Breaking, Misc

fpicker: Fuzzing with Frida

Introduction

In this post, I will introduce fpicker. Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida. In practice, this means that fpicker enables fuzzing binary-only targets with AFL++ on potentially any system that is supported by Frida. For example, it allows fuzzing a user-space application on the iOS operating system, such as the Bluetooth daemon bluetoothd – which was part of the original motivation to implement fpicker.
Continue reading “fpicker: Fuzzing with Frida”

Continue reading
Breaking

ManiMed: Hamilton Medical AG – HAMILTON-T1 Ventilator Vulnerabilities

Manipulating Medical Devices

The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].

Continue reading “ManiMed: Hamilton Medical AG – HAMILTON-T1 Ventilator Vulnerabilities”

Continue reading
Breaking

ManiMed: B. Braun Melsungen AG – Space System Vulnerabilities

Manipulating Medical Devices

The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].

Continue reading “ManiMed: B. Braun Melsungen AG – Space System Vulnerabilities”

Continue reading
Breaking

ManiMed: Innokas Yhtymä Oy – VC150 Patient Monitor Vulnerabilities

Manipulating Medical Devices

The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].

Continue reading “ManiMed: Innokas Yhtymä Oy – VC150 Patient Monitor Vulnerabilities”

Continue reading
Misc

ERNW Whitepaper 71 – Analysis of Anti-Virus Software Quarantine Files

I am glad to announce the release of the ERNW whitepaper 71 containing information about quarantine file formats of different AV software vendors. It is available here.

Anti-Virus Software

I took quarantine files from real-life incidents and created some in a lab environment. Afterwards I tried to identify metadata, like timestamps, path names, malware names, and the actual malicious file in the quarantine files. One goal was to use this information to support our incident analyses: Using the results, we can now easily create timelines showing information about quarantined files, extract the detected malware, and sometimes even find information about processes that created the malicious files. Continue reading “ERNW Whitepaper 71 – Analysis of Anti-Virus Software Quarantine Files”

Continue reading