#6

************************************************************ Yak Facts 18 November, 1998 Issue #6 Repeat as necessary ************************************************************ In This Week's Issue: The Ultimate Marketing Scheme Let's Eat On the Web Call to Action This Week in Be Dope Credits The Ultimate Marketing Scheme There is a fine line between strategic advertising and sporadic advertising. We used to know where the line was. Then somebody sold the line to Coca-Cola so they could replace it with computer-generated polar bears. Now it seems everything is up for sale. Now, I& ...

... ['/DUF\QNI<;3>5E3J9PZ_BYE`NL^:C'[%W M'3V,)I.`W1_?0R!5V<V:3;O9NTR[F1L_PMU*+3(=0:9+EOLSY]@=;I-E?.9, MC]WZ!&(3,G/MY8+)\@#6>.PFRX.9B[UVC[?88[),S'S$M\X]/MN'^$.9BSS6 M8JR?E+GPB5)L-SES@<^)G0XJ9=6//B#PYS"\'Y:PHQI*W$N)F?#;,+R,Q+N0 M2,UL!?/A"RPL9CZL86$>\^$5%AYFK-(FA>4$PR:EA/4-23MYNE,],B:7L+DL M>C3G26J=WH26?:-=H@P"(Q4:#[].(#O,CCS*&*AOL+7V-0>[<[SK4&?<X0#U M1.!"IS`HYE"5':JZQ$[.IZL<--ZU,\,E;R>!:Q;*L*<SIDX?7Q=#%E8$^XC3 MBCYD<'ODB!LC-A^;\RB5_W4(KH=6,`5^FQ(P;N;$L$V(#QBW(&(7=`&C@]UZ MQ0+W=X$A#/M"*TV9)B;0Z(^I4%A/6D4H(J0%*"X,J@@I0E)& ...

... ente manera: > SET WSOCK_PATH=<el path de nuestro WSOCK32.DLL> #4- Ejecutar el programa WinSock. #5- Recibiras un mensaje que esta logeando. #6- Ya puedes salir del programa. #7- Busca un fichero llamado LOG.XXX donde las XXX son tres digitos en hexadecimal. #8- El fichero Log contendra toda la sesion del Winsock :) El programa dispone de mas opciones de configuracion, que podemos ver como usar leyendo la estupenda documentacion de trae. Ahora ya no tenemos excusa alguna de que no podemos pillar "informacion sensible." 5-15. PWlTool V 4.0. Podemos usar esta herramienta para desencriptar los famosos pwl's. La verdad es que es una he ...

... t Sector Number On Track): This byte should contain the number of sectors you wish to format, not necessarily the highest logical sector number. Byte #6 (Gap Length For Diskette Reads): We're not exactly sure if this byte actually affects a format operation, but it doesn't hurt to go ahead and modify it. The value should be changed in relation to the sector size. For instance, if you're going to format a track of four 1024 byte sectors, cut the value in this byte in half. Double it for sixteen 256 byte sectors and multiply it by four for thirty two 128 byte sectors. Byte #8 (Gap Between Sectors): This definitely needs to be changed ...

... -=[ stealthiness and increase campaign dwell time ]=---------=| |=-----------------------------------------------------------------------=| by SWaNk &#60;contato@vectorcrow.com> --[ Table of Contents 0. About the Author 1. Preamble and scope 2. Malware scene evolution 3. Definitions 3.1 Dwell time 3.2 Fudness 3.3 Windows messaging system 3.4 Port knocking 4. The devil is in the details 5. Avoid patterns, reinvent the wheel 6. To stage, or not to stage, that is the question... 7. Relays and multiple protocols 8. Port knocking + RAW SOCKETS = Stealth bind 9. Abusing Windows messaging system to install persistence 10. Final Words 11. References -- ...

... ..."); chunk_lw_size = getpagesize() * PAGES_TO_READ; chunk_lw = calloc(chunk_lw_size, sizeof(uint8_t)); outb(0, DAC_IDX_RD_PORT); for (int i = 0; i &#60; chunk_lw_size; i++) { chunk_lw[i] = inb(DAC_DATA_PORT); } for (int index = 0; index < chunk_lw_size/8; index++) { qword = ((uint64_t *)chunk_lw)[index]; if (qword > 0) { warnx("[%06d] => 0x%lx", index, qword); } } . . . Running the code in the guest leaks a bunch of heap pointers as below: root@linuxguest:~/setupA/readmemory# ./readmemory . . . readmemory: [128483] => 0x801b6f000 readmemory: [128484] => 0x801b6f000 readmemory: [128486] => 0xe4000000b5 readmemory: [128489] ...

... using :1234 _Reset () at boot64.S:15 15 ldr x30, =stack_top_el3 (gdb) disassemble Dump of assembler code for function _Reset: => 0x0000000080000000 &#60;+0>: ldr x30, 0x80040000 0x0000000080000004 <+4>: mov sp, x30 ... The framework boot sequence is presented below. We will explain the individual steps in the following sections. Note that we will not be following the graph in a linear manner. +-------+ +-------+ +-------+ | EL3 | | EL2 | | EL1 | +-------+ +-------+ +-------+ | . . _reset . . | . . copy_vmm . . | . . eret -------------------------------------------> start_el1 | . | | . __enable_mmu | . | handle_interrupt_el3 <---------- ...

... --------------- | Driller | | | | ++++++++++++++ ++++++++++++++ | | + angr + =====> + AFL + | | + + + + | | + Symbolic + + Genetic + | | + Tracing + &#60;===== + Fuzzing + | | ++++++++++++++ ++++++++++++++ | | | ----------------------------------------- There are a few things we considered when we thought about how we wanted to find bugs in the Cyber Grand Challenge. Firstly, we will need to craft exploits using the bugs we find. As a result, we need to use techniques which generate inputs that trigger the bugs, not just point out that there could be a bug. Secondly, the bugs might be guarded by specific checks such as matching a command argume ...