Published By
Created On
2 Sep 2020 11:38:31 UTC
Transaction ID
Cost
Safe for Work
Free
Yes
Efail Breaking S MIME and OpenPGP Email Encryption using Exfiltration Channels
Black Hat USA 2018
OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From today's viewpoint this is surprising as both standards rely on outdated cryptographic primitives that were responsible for vulnerabilities in major cryptographic standards. The belief in email security is likely based on the fact that email is non-interactive and thus an attacker cannot directly exploit vulnerability types present in TLS, SSH, or IPsec.
We show that this assumption is wrong. We use a novel attack technique called malleability gadgets to inject malicious plaintext snippets into encrypted emails via malleable encryption. These snippets abuse existing and standard-conforming backchannels, for example, in HTML, CSS, or x509 functionality, to exfiltrate the full plaintext after decryption. The attack is triggered when the victim decrypts a single maliciously crafted email from the attacker.
We devise working malleability gadgets for both OpenPGP and S/MIME encryption, and show that exfiltration channels exist for 25 of the 35 tested S/MIME email clients and 10 of the 28 tested OpenPGP email clients. While it is necessary to change the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws allowing straightforward exfiltration of the plaintext.
...
https://www.youtube.com/watch?v=uXfxkpgRz4w
OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. From today's viewpoint this is surprising as both standards rely on outdated cryptographic primitives that were responsible for vulnerabilities in major cryptographic standards. The belief in email security is likely based on the fact that email is non-interactive and thus an attacker cannot directly exploit vulnerability types present in TLS, SSH, or IPsec.
We show that this assumption is wrong. We use a novel attack technique called malleability gadgets to inject malicious plaintext snippets into encrypted emails via malleable encryption. These snippets abuse existing and standard-conforming backchannels, for example, in HTML, CSS, or x509 functionality, to exfiltrate the full plaintext after decryption. The attack is triggered when the victim decrypts a single maliciously crafted email from the attacker.
We devise working malleability gadgets for both OpenPGP and S/MIME encryption, and show that exfiltration channels exist for 25 of the 35 tested S/MIME email clients and 10 of the 28 tested OpenPGP email clients. While it is necessary to change the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws allowing straightforward exfiltration of the plaintext.
...
https://www.youtube.com/watch?v=uXfxkpgRz4w
Author
Content Type
Unspecified
video/mp4
Language
Unspecified
More from the publisher
Controlling
VIDEO
DEF C
def-con-26-pwning-the-largest-bug-bounty
Guang Gong
Pwning the toughest target the exploit chain of winning the largest bug bounty in the history of ASR program
...
https://www.youtube.com/watch?v=driilAoWa9c
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
BEATI
beating-the-blockchain-by-mapping-out
Black Hat USA 2018
The Namecoin and Emercoin blockchains were designed to provide decentralized and takedown-resistant domain names to users with the reported goal of promoting free speech. By leveraging unofficial Top-Level Domains (TLDs) such as .bit and alternate DNS resolution methods such as the OpenNIC project, users can register and configure their own domains on these blockchains at a relatively cheap price.
In recent years, cybercriminals have adopted and abused this infrastructure and implemented it into well-known malware such as Dimnie, Smoke Loader, and Necurs as well as larger, more targeted workflows. The resiliency of blockchain techology prevents researchers and ISPs from taking down or sinkholing these domains. In addition, limited public knowledge of this threat in a larger context and the constraint of alternative DNS resolution mitigates an analyst's ability to map out related domains and IP addresses when malicious activity is identified.
On the other hand, blockchain-based infrastructure comes with a serious drawback: data added to or removed from these blockchains becomes a permanent record of a threat actor's activity. This talk is intended to leverage this attribute to tackle these issues, providing high and medium-confidence methodologies for mapping out these blockchains through TTP analysis, script-based transaction mapping, and index-based infrastructure correlation. In doing so, analysts will be able to generate additional intelligence surrounding a threat and proactively identify likely malicious domains as they are registered or become active on the blockchain.
...
https://www.youtube.com/watch?v=yeZjThJ17w8
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
DEF C
def-con-26-alguacil-and-murillo-moya
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=k9IZYrp8reM
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
BLACK
black-hat-usa-2016-avleak-fingerprinting
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=9U5FXN2iIo0
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
32C3
32c3-state-of-the-internat-as201701
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=qmTDVwaYcL0
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
DEF C
def-con-27-leon-jacobs-meticulously
Mobile app hacking peaked in 2015 with tools like keychain-dumper & ssl-kill-switch released but requiring jailbroken/rooted devices. Back then, wresting the power to understand & modify apps on our devices from dystopian looking mega corps was our cause. As jailbreaks became infrequent, the hackers’ arsenal was left behind. While this is progress against dark uses of hacking, done to protect our freedom fighters, how can hackers still hold power to account? Can we still find flaws in apps/devices & live up to the protections the technology promises?
Enter runtime binary instrumentation with Frida. It’s possible to analyze apps in their final state when executed on real hardware running the latest iOS/Android with no jailbreaks. This fills a gap between source analysis & debuggers. But, simply enumerating app classes requires studying multiple blogs & a deep read of the docs. We created Objection to simplify this & hide the boilerplate so hackers could focus on unravelling apps. But, many people still rely on simple hacks & automation & rarely use new advanced techniques such as reflectively inspecting live heap objects, canary execution tracing, runtime memory edits and filesystem exploration.
We’ll show hackers, malware researchers & security engineers how to use these advanced mobile hacking techniques.
...
https://www.youtube.com/watch?v=rmSh4bEedNQ
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
DEF C
def-con-26-josh-mitchell-ridealong
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=yZO04lQLMlc
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
32C3
32c3-verified-firewall-ruleset
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=GobaTmAZ3tA
Transaction
Created
1 month ago
Content Type
Language
video/mp4
Controlling
VIDEO
DEF C
def-con-27-xiaohuihui-all-the-4g-modules
Nowadays more and more 4G modules are built into IoT devices around the world, such as vending machines, car entertainment systems, laptops, advertising screens, and urban cameras etc. But no one has conducted a comprehensive security research on the 4G modules. We carried out this initiative and tested all the major brand 4G modules in the market (more than 15 different types). The results show all of them have similar vulnerabilities, including remote access with weak passwords, command injection of AT Command/listening services, OTA upgrade spoofing, command injection by SMS, and web vulnerability. Through these vulnerabilities we were able to get to the shell of these devices. In addition to using wifi to exploit these vulnerabilities, we created a new way to attack through fake base station system, triggered by accessing the intranet of cellular network, and successfully run remote command execution without any requisites. In this talk, we will first give an overview on the hardware structure of these modules. Then we will present the specific methods we use in vulnerability probe. In the final section we will demonstrate how to use these vulnerabilities to attack car entertainment systems of various brands and get remote control of cars.
...
https://www.youtube.com/watch?v=qz4eSsQaOLk
Transaction
Created
1 month ago
Content Type
Language
video/mp4