added 1 Flashcards
What did the attacker attech in SingHealth’s IT network, and through what method
It attacked front end workstations, most likely through phishing attacks
How did the attacker move about in the SingHealth Network after the initial attack
After laying formant for 4 months, he commenced lateral movement for 6 mnths in the network, compromising many endpoints and servers, including the Citrix servers located in Dad’s old hospital, WHICH WERE CONNECTED TO THE SCM database.
Along the was, he also compromised a large number of user and admin accounts, including domain admin accounts
How did the attacker gain access to the Citrix Servers
He used compromised user workstations in the SingHealth IT network and virtual machines to remotely connect to the SGH Citrix servers, and while he wasn’t successful at first, eventually he obtained credentials because the security admin team didn’t notice lol
What types of C language type fuck ups lead to the StageFright Bug
Integer Underflow and Overflow, Buffer Overread, Heap Overflow.
Describe the StageFright Bug
It was used to pre process certain media files before playing in the media library in android. However, it allowed an attacker to send specially crafted media file (via MMS) and execute arbitrary code remotely
Why is Quadrooter called “Quad”
It refers to 4 vulnerabilities (Quad)
Why is Quadrooter called “Rooter”
Cos of bugs in qualcomm drivers for the chipsets (affecting 900mil android devices), and I say root because ANY ONE of the vulnerabilities can be exploited to gain root privilege
A small computer that’s covered with an eyeball, shiva deep in thought and meditating, and a piece of corn on the floor that looks sensational. Visualise it an explain pls
The quadrooter affected bugs in the qualcomm drivers.
IPC router that provides inter process communication between Qualcomm components
Ashmem: andoird kernel anonymous shared memory feature (shiva: we are all shared memory and are no one)
Kernel: graphics support layer
C you piece of shit. What C features were taken advantage of in QuadRooter
Race condition, Use After Free Bugs
I see, down the 100 meter, two large beetles with broken handcuffs still attached to their legs running. I see a broken quadcopter in the distance. Kindly say what the fuck Im looking at
Race condition, Use After Free Bugs. These were used in quadrooter.
At android, say we’ve taken some lift or antman thing or whatever, now we’re at the application level. I’m trying to use a drink machine here but they keep saying I can’t. What do. And, hm, can it fuck me
Switch on the permission for it. At the application level, access control is defined by permissions. Don’t use the drink machine because vulnerabilities exist even assuming the layer below the cloud im on (LINUX) is secure
At the kernel layer, as we birth a piece of new corn, what does the corn inherit (what does the kernel layer in android inherit)
the Linux security mechanisms.
What is one thing (hint, bars dude, bars) that can take full control of an iOS based device
JailBreaking
Usually, to enter Big Apple Heaven with Steve Jobs, you’d need what
To download an app, you’d need code signature validation
What is one thing (bars) that gets rid of code signature validation
JailBreaking
Charlie Miller, why do they call him the zero day man
he made instastock that used logic designed to exploit a 0 day vulnerability in iOS that allowed the app to load and execute unsigned code.
Why was the zero day man the zero day man
After iOS 4.3, Apple introduced the abilkity for unsigned code to be executed under a very limited set of circumstances
Hm, say Im feeling peckish and want to grab some Skype Data to eat. What do I do (sip coffee)
Embed Javascript code into the “Full Name” field of messages sent to users in Skype, therefore upon receipt of message, the JS was executed, attacker was then allowed to grab files like my contact database with like 5 people.
• This vulnerability is of particular interest because it is one of the first
examples of a third-party app vulnerability that could be exploited remotely, without requiring local network or physical access to a device.
Six minutes, six minutes im on. What do the eminems on computer security say about physical access
Their Staff published paper in Feb2011 outlining the steps required to gain access to sensitive passwords stored on an iPhone.
• The process from end-to-end takes about six minutes! and involves using a boot-based jailbreak to take control of a device in order to gain access to the file system, followed by installation of an SSH server.
• Once access is gained via SSH, a script is uploaded that, using only values obtained from the device, can be executed in order to dump passwords
stored in the device’s keychain
What happens when you stick a keychain in an apple
keychain is used to store passwrods for many important apps, such as the inbuilt email client.
What happens when androids sleep (dont take this literally)
DroidDream family of malware was primarily
distributed by the Google Play store.
• Various legitimate applications from the Play store were repackaged
to include DroidDream and then put back in the Play store.
• Users downloaded this software believing it to be safe since it came
from a trusted source.
• An app repackaged to include DroidDream requires a large number of
dangerous permissions!
I am the star in any room that i stand in
packaged in poppin apps, you barely noticin
once the victim installs the app im broadcasting
my intent to win i’ll activate on rebootin
and then i’ll send a message SMS to a hardcoded C&C number
With your IMEI number
It’s nicki.B i’ll gather everything you see
It’s june 2009, you just saw iPhone firmware 1.1.3 prep
stop. you want doom adnd erica’s utilities on your phone.
Dude it’s so annoying get Android updates
Critical security updates must pass through the entire
supply chain before they can be made available to end users.
