added 1

Question 1

What did the attacker attech in SingHealth’s IT network, and through what method

Answer 1

It attacked front end workstations, most likely through phishing attacks

Question 2

How did the attacker move about in the SingHealth Network after the initial attack

Answer 2

After laying formant for 4 months, he commenced lateral movement for 6 mnths in the network, compromising many endpoints and servers, including the Citrix servers located in Dad’s old hospital, WHICH WERE CONNECTED TO THE SCM database.
Along the was, he also compromised a large number of user and admin accounts, including domain admin accounts

Question 3

How did the attacker gain access to the Citrix Servers

Answer 3

He used compromised user workstations in the SingHealth IT network and virtual machines to remotely connect to the SGH Citrix servers, and while he wasn’t successful at first, eventually he obtained credentials because the security admin team didn’t notice lol

Question 4

What types of C language type fuck ups lead to the StageFright Bug

Answer 4

Integer Underflow and Overflow, Buffer Overread, Heap Overflow.

Question 5

Describe the StageFright Bug

Answer 5

It was used to pre process certain media files before playing in the media library in android. However, it allowed an attacker to send specially crafted media file (via MMS) and execute arbitrary code remotely

Question 6

Why is Quadrooter called “Quad”

Answer 6

It refers to 4 vulnerabilities (Quad)

Question 7

Why is Quadrooter called “Rooter”

Answer 7

Cos of bugs in qualcomm drivers for the chipsets (affecting 900mil android devices), and I say root because ANY ONE of the vulnerabilities can be exploited to gain root privilege

Question 8

A small computer that’s covered with an eyeball, shiva deep in thought and meditating, and a piece of corn on the floor that looks sensational. Visualise it an explain pls

Answer 8

The quadrooter affected bugs in the qualcomm drivers.
IPC router that provides inter process communication between Qualcomm components
Ashmem: andoird kernel anonymous shared memory feature (shiva: we are all shared memory and are no one)
Kernel: graphics support layer

Question 9

C you piece of shit. What C features were taken advantage of in QuadRooter

Answer 9

Race condition, Use After Free Bugs

Question 10

I see, down the 100 meter, two large beetles with broken handcuffs still attached to their legs running. I see a broken quadcopter in the distance. Kindly say what the fuck Im looking at

Answer 10

Race condition, Use After Free Bugs. These were used in quadrooter.

Question 11

At android, say we’ve taken some lift or antman thing or whatever, now we’re at the application level. I’m trying to use a drink machine here but they keep saying I can’t. What do. And, hm, can it fuck me

Answer 11

Switch on the permission for it. At the application level, access control is defined by permissions. Don’t use the drink machine because vulnerabilities exist even assuming the layer below the cloud im on (LINUX) is secure

Question 12

At the kernel layer, as we birth a piece of new corn, what does the corn inherit (what does the kernel layer in android inherit)

Answer 12

the Linux security mechanisms.

Question 13

What is one thing (hint, bars dude, bars) that can take full control of an iOS based device

Answer 13

JailBreaking

Question 14

Usually, to enter Big Apple Heaven with Steve Jobs, you’d need what

Answer 14

To download an app, you’d need code signature validation

Question 15

What is one thing (bars) that gets rid of code signature validation

Answer 15

JailBreaking

Question 16

Charlie Miller, why do they call him the zero day man

Answer 16

he made instastock that used logic designed to exploit a 0 day vulnerability in iOS that allowed the app to load and execute unsigned code.

Question 17

Why was the zero day man the zero day man

Answer 17

After iOS 4.3, Apple introduced the abilkity for unsigned code to be executed under a very limited set of circumstances

Question 18

Hm, say Im feeling peckish and want to grab some Skype Data to eat. What do I do (sip coffee)

Answer 18

Embed Javascript code into the “Full Name” field of messages sent to users in Skype, therefore upon receipt of message, the JS was executed, attacker was then allowed to grab files like my contact database with like 5 people.
• This vulnerability is of particular interest because it is one of the first
examples of a third-party app vulnerability that could be exploited remotely, without requiring local network or physical access to a device.

Question 19

Six minutes, six minutes im on. What do the eminems on computer security say about physical access

Answer 19

Their Staff published paper in Feb2011 outlining the steps required to gain access to sensitive passwords stored on an iPhone.
• The process from end-to-end takes about six minutes! and involves using a boot-based jailbreak to take control of a device in order to gain access to the file system, followed by installation of an SSH server.
• Once access is gained via SSH, a script is uploaded that, using only values obtained from the device, can be executed in order to dump passwords
stored in the device’s keychain

Question 20

What happens when you stick a keychain in an apple

Answer 20

keychain is used to store passwrods for many important apps, such as the inbuilt email client.

Question 21

What happens when androids sleep (dont take this literally)

Answer 21

DroidDream family of malware was primarily
distributed by the Google Play store.
• Various legitimate applications from the Play store were repackaged
to include DroidDream and then put back in the Play store.
• Users downloaded this software believing it to be safe since it came
from a trusted source.
• An app repackaged to include DroidDream requires a large number of
dangerous permissions!

Question 22

I am the star in any room that i stand in

Answer 22

packaged in poppin apps, you barely noticin
once the victim installs the app im broadcasting
my intent to win i’ll activate on rebootin
and then i’ll send a message SMS to a hardcoded C&C number
With your IMEI number
It’s nicki.B i’ll gather everything you see

Question 23

It’s june 2009, you just saw iPhone firmware 1.1.3 prep

Answer 23

stop. you want doom adnd erica’s utilities on your phone.

Question 24

Dude it’s so annoying get Android updates

Answer 24

Critical security updates must pass through the entire

supply chain before they can be made available to end users.

Question 25

Okay okay okay, so the quadcopter (sorry, rooter), right, how does it affect

Answer 25

an attacker can exploit the vulnerabilities using a malicious app. Such an app would require no special persmissions to take advantage of these vulnerabilities

Question 26

If you got a drone and root privilege

Answer 26

You got screwed privilege

Question 27

I have a drone. What else do I have

Answer 27

complete control of devices and
• unrestricted access to sensitive personal and enterprise data on them.
• Attacker with capabilities such as keylogging, GPS tracking, and recording
video and audio.

Question 28

How to not get struck by a drone

Answer 28

Download and install the latest Android updates asap. and don’t fuckin root your device.

Question 29

What is the difference between a sidereal year and side loading android apps

Answer 29

the latter is downloading APK files, erm, not so great idea

Question 30

At the base of the myVillage escalator, somebody farts and I BYOC> what the fuck is happening

Answer 30

Don’t bring your own cloud at the expense of corporate control, it does present potential security risks

Question 31

When poor scared crying vulnerable drivers are pre installed at the point of manufacture (thanks, roomie), how can they be fixed (quadrooter)

Answer 31

Only by installing a patch from the distributor or carrier (QC, not really hmmm). As in Qualcomm doesn’t quality control smh.