by Nate | Apr 7, 2015 | Products, Research
Sometime in 2012, when Cyber Fast Track was in full swing at DARPA, I had what I thought was a novel idea. People with “hacker mindsets” go through life finding “vulnerabilities”, “exploits”, “asymmetries”, or...
by digitaloperatives | Sep 25, 2014 | Research
Just wanted to post a quick alternative of Metasploit’s VMWare Fusion CVE-2014-6271 exploit ( metasploit-framework / modules / exploits / osx / local / vmware_bash_function_root.rb ) for local shell use. hephaestus:~ jdugie$ for cmd in "cp /bin/bash /tmp/"...
by digitaloperatives | Feb 13, 2014 | Research
[toc] Hard Problems As cybersecurity researchers, we deal with computationally hard problems all the time. Finding a hash collision… determining the user inputs that can assign a certain value to a tainted EIP… deciding whether a black-box binary is...
by digitaloperatives | Feb 6, 2014 | Research
First of all, thanks for all of your positive feedback on our recent post on physical security. One of the comments we’ve received multiple times is that these types of locks and the practice of using mnemonics for their codes is primarily limited to government...
by digitaloperatives | Jan 31, 2014 | Research
Digital spin locks like the Kaba Mas X-09 and X-10 are very common for high security applications like vault doors. US General Services Administration approval means that they are nearly ubiquitous in securing government filing cabinets that contain documents that are...
by digitaloperatives | Jan 20, 2014 | Research
A couple days ago, Dominic Spill and Michael Ossman presented an interesting talk at Shmoocon on using specially crafted error correcting codes to have unambiguous encapsulation, preventing attacks like “Packet in Packet.” This appears to be the...
