eGospodarka.pl
eGospodarka.pl poleca

eGospodarka.plGrupypl.comp.pecetjeszcze o INWILGILACJI (mocne!!!!!!)
Ilość wypowiedzi w tym wątku: 1

  • 1. Data: 2014-01-17 11:43:35
    Temat: jeszcze o INWILGILACJI (mocne!!!!!!)
    Od: y...@g...com

    Jako, że często na niniejszej grupie goszczą wątki o inwigilacji
    i szpiegowaniu vs. anonimowości (w Internecie) więc po przypadkowym
    natrafieniu na materiał o niepokjącej treści poddaję
    Szanownym Grupowiczom pod rozwagę:

    http://www.youtube.com/watch?v=Ck8bIjAUJgE

    i zapraszam do dyskusji!

    cytat:

    Published on Jan 7, 2014
    Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

    In this work we present a stealthy malware that exploits dedicated hardware on the
    target system and remains persistant across boot cycles. The malware is capable of
    gathering valuable information such as passwords. Because the infected hardware can
    perform arbitrary main memory accesses, the malware can modify kernel data structures
    and escalate privileges of processes executed on the system.

    The malware itself is a DMA malware implementation referred to as DAGGER. DAGGER
    exploits Intel's Manageability Engine (ME), that executes firmware code such as
    Intel's Active Management Technology (iAMT), as well as its OOB network channel. We
    have recently improved DAGGER's capabilites to include support for 64-bit operating
    systems and a stealthy update mechanism to download new attack code.

    Dedicated hardware such as network interface cards and video controllers can be
    exploited to conduct a direct memory access (DMA) attack. Direct access means main
    memory access without the involvement of the host CPU, which in turn means that
    existing host security software cannot detect or prevent the attack.

    Our presentation covers a DMA malware that benefits from an isolated network channel
    to update the attack code and to exfiltrate captured data. To be more precise, we
    show how to conduct a DMA attack using Intel's Manageability Engine (ME). Our attack
    environment is dedicated hardware based on a 32-bit RISC processor called
    ARCtangent-A4 (ARC4, x86-incompatible) implemented in the chipset of modern Intel
    platforms. Intel's ME executes special firmware such as Intel's Active Management
    Technology (iAMT). The ME/iAMT environment provides an administrator with an
    Out-of-Band (OOB) network channel to maintain the computer platform remotely. A
    prominent iAMT feature is the capability to remotely reinstall an operating system
    that got corrupted and does not boot anymore. iAMT is also available when the
    platform is in a standby or powered off state. This can be exploited to implement
    persistent DMA malware. It is needless to say that such a powerful environment must
    be well protected. Hence, Intel enforces strong isolation of the ME execution
    environment that makes it perfect to hide malware. The ME is not only implemented in
    business platforms, but also in consumer platforms.

    Our work does not only show, that an arbitrary attacker is able to perform one of the
    most dangerous attacks against an iAMT featured platform, but also, that the ME
    provides a perfect environment for undetectable sensitive data leakage on behalf of
    the attacker. Our presentation consists of three parts. The first part addresses how
    to find valuable data in the main memory of the host. The second part exploits the
    ME's OOB network channel to exfiltrate captured data to an external platform and to
    inject new attack code to target other interesting data structures available in the
    host runtime memory. The last part deals with the implementation of a covert network
    channel based on JitterBug.

    In the first part of our presentation we exploit the DMA engine of Intel's ME to find
    valuable data in the host runtime memory. We have two memory targets. Our first
    target is the keyboard buffer. We demonstrate how to find the buffer on a Linux as
    well as on a Windows operating system. Our implementation is called DAGGER - DmA
    based keyloGGER. We implemented different search strategies for the operating system
    targets. On Windows we need to find the corresponding CR3 processor register value to
    get the page directory entries that are needed to map virtual memory addresses into
    physical ones. We also had to take address randomization into account. The search
    strategy for the Windows keyboard buffer is mainly based on finding and traversing
    the so called Object Manager Namespace Directory (OMND). On Linux we implemented a
    different search strategy. On Linux we have a different starting point for the search
    phase than on Windows. The implementation to map virtual memory addresses into
    physical ones is also different. On Linux we can go without page tables. Due to the
    availability of the Linux source code it was easier to derive a signature for our
    target structure used by the USB HID driver.

    We can permanently monitor the keyboard buffer on both operating system targets.
    Hence, we can capture all user input (passwords, instant messenger sessions, etc.)
    done via the associated keyboard. Our second memory target concerns the privilege
    data of an arbitrary process. Again, we use the DMA engine of the ME to find the
    appropriate data structure. Then we overwrite the existing privileges with root
    privileges via DMA.

    [...]

    Speaker: Patrick Stewin
    EventID: 5380
    Event: 30th Chaos Communication Congress [30c3] by the Chaos Computer Club [CCC]
    Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355
    Hamburg; Germany
    Language: english
    Begin: Sun, 12/29/2013 18:30:00 +01:00

strony : [ 1 ]


Szukaj w grupach

Szukaj w grupach

Eksperci egospodarka.pl

1 1 1

Wpisz nazwę miasta, dla którego chcesz znaleźć jednostkę ZUS.

Wzory dokumentów

Bezpłatne wzory dokumentów i formularzy.
Wyszukaj i pobierz za darmo: