Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!

What does a cult Brezhnev-era movie have to do with how exploit code finds its bearings in a Windows process’ address space? How can cryptographically insecure hashing functions be exploited to create honeypots that thwart shellcode? We researched this as a part of our Halting Attacks Via Obstructing Configurations project, funded by DARPA Cyber Fast Track. You can read about it in the International Journal of PoC||GTFO, issue 0x12.

Random Solutions Are Often Good Enough

There is a subfield of computer science known as approximation algorithms whose goal is to find algorithms that can quickly find solutions that are not necessarily optimal, but are within some known bound of optimal. Under very reasonable assumptions, the expected value for the constant of approximation of a randomly selected feasible solution is almost always going to at most two. We present some empirical evidence suggesting that the random solutions are often even closer to optimal than ones produced by state-of-the-art approximation algorithms. Sometimes quickly and mindlessly choosing a random solution isn’t half bad!

Exploiting Password Weaknesses in Physical Security

Locks are only as secure as the codes humans choose to assign to them. As a mnemonic, the security officers who set the codes often use six-letter words which are translated into codes using the mapping from a phone keypad. Using a phone keypad mapping on six-letter English dictionary words is the physical security equivalent of a website’s arbitrarily limiting passwords to eight characters.

Unambiguous Encapsulation: Defending Against "Packet in Packet" Attacks

Spill and Ossman propose using a special error correcting code that has a property they call “isolation.” They call this family of codes “Isolated Complementary Binary Linear Block Codes” (ICBLBC). We implemented a generator that encodes the ICBLBC constraints as a Satisfiability Modulo Theories problem and used Digital Operatives’ proprietary constraint optimizer to enumerate all feasible solution codes.