When You Are Attacked… by the Government

Reported to us-cert.gov: Return-Path: Reta.Brewer@ihs.gov Received: from mail.digitaloperatives.com (LHLO mail.digitaloperatives.com) by mail.digitaloperatives.com (Postfix) with ESMTP id D64E0506D5F Authentication-Results: mail.digitaloperatives.com ; dkim=pass...

Vulnerability Analysis is Hard

How much vulnerability analysis can we automate? How complete, and reliable, are those results? How well can we even answer those questions? Digital Operatives has been exploring questions like these for quite a while and the answer may be “much less than you...

Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!

What does a cult Brezhnev-era movie have to do with how exploit code finds its bearings in a Windows process’ address space? How can cryptographically insecure hashing functions be exploited to create honeypots that thwart shellcode? We researched this as a part of our Halting Attacks Via Obstructing Configurations project, funded by DARPA Cyber Fast Track. You can read about it in the International Journal of PoC||GTFO, issue 0x12.

Unintended Consequences of Equation Group Malware

Can wrongfully or rightfully convicted criminals start to seek appeals on the basis of new evidence that shows that our Forensic “Experts” rely heavily on forensic write-blockers that can be proven to be worthless when their is malware inside the firmware of the device you are creating a forensic image of?

New World Order – When Databases Collide

I recently learned that the Department of Homeland Security is soliciting bids from private companies to provide access to a database of license plate tracking. As usual, the devil is in the details. I want you to forget big brother for a minute. Stop imagining...