Showing posts from March, 2020

Maritime CyberThreats

Hacking Floaty Things In July 2019 the U.S. Coast Guard issued a safety alert urging civilian mariners to get their cyber-poop in a group, encouraging the most basic of cyber-opsec on ships and supporting computer systems. Apparently a large international freighter ship heading for New York and New Jersey experienced “degraded” computer systems due to “significant malware attack.” The alert indicated that only standard IT systems were affected, and no control systems had been compromised. More on that in a minute. The recommendations are positive and should be followed by all. They even point out that “most crewmembers didn’t use onboard computers to check personal email, make online purchases or check their bank accounts…” Well I guess it’s good that  most  crewmembers didn’t. I would expect otherwise, so let’s celebrate the small

Analyzing SUID Binaries

Analyzing SUID Binaries In our spare time, we hunt for bugs in various pieces of software. Thus, when winding down from a project recently, we decided it might be fun to audit one of our own laptops to see if we can locate a local privilege escalation (LPE) vulnerability in the software we use every day. This blog post describes the process for: scanning a MacBook Pro to find a target, conducting dynamic analysis with dtruss, analyzing the binary to determine the root cause, and bypassing the binary’s restrictions to obtain root privileges. The write-up and the code for the vulnerability described in this blog post can be found on our NotQuite0DayFriday repository here: Finding Targets LPE vulnerabilities come in many shapes and sizes, such as  kernel vulnerabilities ,  vulnerabilities in privileged services , and vulnerabilities in SUID binaries. As described in our previous blog post