WSL 2.0 dxgkrnl Driver Memory Corruption
IOActive Labs – Joseph Tartaro, IOActive Associate Principal Consultant, shares a deeply technical exploration into dxgkrnl driver corruption issues.
IOActive Labs Blog
Reclaiming Hallway Con We have several exciting things happening with our blog content. Like many, we’ve been working to replace the value lost with the loss of face-to-face gatherings at meetings, conventions, and informal get-togethers. Many veterans of the conference circuit will tell you that by far the most valuable part of a typical conference is the hallway con, which refers to the informal discussions, networking, and often serendipitous meetings that happen outside the formal conference agenda. IOActive is helping reclaim hallway con by making some of that valuable content…
Breaking Electronic Baggage Tags – Lufthansa vs British Airways
IOActive Labs – Ruben Santamarta, IOActive Principle Security Consultant, provides a deep probing look into electronic baggage tag (EBT) solutions from Lufthansa and British Airways on the IOActive Labs blog.
Principles of the IOActive Guest Blog Series
IOActive has recently begun to post a series of guest blogs. Our first post was an excellent contribution from Urban Jonson, who leads the Heavy Vehicle Cyber Security (HVCS) working group at NMFTA, focusing on emerging threats in intermodal transportation. Our organization has embarked upon this series because we think it provides additional value to our readers. This is one more thing we’re doing to give back to the security community and help those starting out to gain a broader understanding…
IOActive Guest Blog | Urban Jonson, Heavy Vehicle Cyber Security Program, NMFTA
Hello, My name is Urban Jonson, and I’m the Chief Technology Officer and Program Manager, Heavy Vehicle Cyber Security Program, with the National Motor Freight Traffic Association, Inc. (NMFTA). I’m honored that IOActive has afforded me this guest blogging opportunity to connect with you. The research at IOActive is always innovative and they have done some really good work in transportation, including aviation, truck electronic logging devices, and even satellites. Being among such technical experts really raises the stakes of the conversation. Luckily, I can lean…
Warcodes: Attacking ICS through industrial barcode scanners
Several days ago I came across an interesting entry in the curious ‘ICS Future News’ blog run by Patrick Coyle. Before anyone becomes alarmed, the description of this blog is crystal clear about its contents: “News about control system security incidents that you might see in the not too distant future. Any similarity to real people, places or things is purely imaginary.” IOActive provides research-fueled security services, so when we analyze cutting-edge technologies the goal is to stay one step ahead of malicious actors…
File-Squatting Exploitation by Example
This will (hopefully) be a short story about a bug I found some time ago while auditing a .NET service from an OEM. It should be interesting as I have yet to find a description of how to exploit a similar condition. Our service was running as SYSTEM and needed to periodically execute some other utilities as part of its workflow. Before running these auxiliary tools, it would check if the executable was properly signed by the vendor. Something like this: public void CallAgent() { string ExeFile = “C:\\Program…
A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive
Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption.1 The FAA published an airworthiness directive elaborating on the issue, and I was curious to see what kind of details were in this document. While I eventually discovered that there wasn’t much information in the FAA directive, there was just enough to put me on track to search for the root cause of the issue. This blog post will…
Mismatch? CVSS, Vulnerability Management, and Organizational Risk
I’ll never forget a meeting I attended where a security engineer demanded IT remediate each of the 30,000 vulnerabilities he had discovered. I know that he wasn’t just dumping an unvetted pile of vulnerabilities on IT; he’d done his best to weed out false-positive results, other errors, and misses before presenting the findings. These were real issues, ranked using the Common Vulnerability Scoring System (CVSS). There can be no doubt that in that huge (and overwhelming) pile were some serious threats to the organization and its digital assets. The reaction…
10 Laws of Disclosure
In my 20+ years working in cyber security, I’ve reported more than 1000 vulnerabilities to a wide variety of companies, most found by our team at IOActive as well as some found by me. In reporting these vulnerabilities to many different vendors, the response (or lack thereof) I got is also very different, depending on vendor security maturity. When I think that I have seen everything related to vulnerability disclosures, I’ll have new experiences – usually bad ones – but in general, I keep seeing the same problems over and…