Elevation of privilege

--Originally published at miguel.net

Elevation of privilege or privilege escalation is a group of attacks, where the attacker gets can perform an action that he originally didn't had permission to do by exploting a bug, a design flaw or a oversight configuration [Wikipedia].

"So, if I 'accidentally' opened a file that was on the folder of an administrator, then I had performed that kind of attack?" Actually, yes, if you were supposed to don't have access to that file.

Now, lets talk about Windows, it is not a surprise that Windows is one of the most attacked OS, so a lot of vurnerabilities had been found and patched but there is also that weird config under the system that is made to keep you safe but comes unsafe by default. One of those configurations is the one that allows any system to install with all privileges, even adding new users and making them part of the administrator group, so as you can imagine, full access for that user on the system.

A great repository to test your settings is the one from PowerShellMafia, the repository is PowerSploit, please note, this scripts are meant for testing, any other use maybe considered illegal. Also, it is important to note that at least Windows Defender blocks all this scripts as trojans, in fact, they are trojans but in good hands, any weapon can be used for good.

To check this attack been used you can watch the video from the YouTube channel Security World, he makes a really good explanation about the attack, and what I find interesting about this particular aproach is that it is creating a MSI installer that creates a new user with admin privileges, and then your imagination can fly, you can open anything, activate remote desktop, anything. Continue reading "Elevation of privilege"

Depth or layers? – Security Blog #9

--Originally published at TC2027 – Security – That Class Blog

Okay, so… Have you heard of the famous cake layers? If you haven’t, please, check out my last blog. Else, we can continue!

And just for you to understand the reference. The anchors go the ocean floor… Deeply… To the depths…

176805103_eeb002dfdf_o
“Rusty Anchor” by _lem (CC https://creativecommons.org/licenses/by-nc-nd/2.0/). Taken from https://www.flickr.com/photos/_lem/176805103/

So, why did I asked you to read about the security layers? Because security in depth is based on the layers implementation. We already discussed how layers are supposed to function, if you achieve to cover all holes of each layer with the preceding layers, there will be no way an attack could be successful to your system. The thing is that achieving that level of perfection is impossible. Instead, security in depth assumes from the start that the layer method can, and will eventually fail. The layered security only achieves the exhaustion of the threat (Successful defense) or the slowing of it, giving time for other plans of action and countermeasures initialize.

Depth defense also assumes that the hack or breach isn’t necessarily of remote origin, this means that the possibility of physical theft, threats, unauthorized person access, and some other unique events (See van Eck phreaking below).

Usually, taking into account those possible events involve the set up of:

  1. Monitors, alerts and emergency responses
  2. Authorized personnel activity logs
  3. Forensic analysis
  4. Reports on criminal activity
  5. Disaster recovery

Remeber that the objective of depth defense is to gain time. Each of the set up new components main objective is to delay the threat, which might not be obtained if we used only technological solutions. The obtained extra time should be used by the administrator to identify and try to overcome the hack.

And I guess that is for now regarding security.
As a mini comment

😀
Continue reading "Depth or layers? – Security Blog #9"

Cake layers rule – Security Blog #8

--Originally published at TC2027 – Security – That Class Blog

As the 8th blog regarding security, I will talk about the computer security layers. There are some people who state that there are 5, there are some people who say there are 8. What I mostly found during the investigation is that there are security layers as layers in the cake (Including the top frosting), 7.

What you, dear reader, need to remember during the reading of this entry, is that this set of rules can be implemented either by a network system administration or a regular single computer user.

The logic behind the security layers is the following: A single defense will be ineffective or flawed if the defense mechanism leaves unprotected areas, with its protective layer (umbrella), empty. That it’s why the layer’s purpose is to cover those empty spots. Theoretically, the empty areas on each layer would be so different, that an attack can’t penetrate through all the holes, and the service would remain available.

8234883949_e9e1be1f17_k
“20121201-_IGP1571” by Tim Ebbs (CC https://creativecommons.org/licenses/by-nc-nd/2.0/). Taken from https://www.flickr.com/photos/ebbsphotography/8234883949/
  1. Application Whitelisting: The objective is to install just a set of limited programs and applications in the administered computers. The fewer applications, the fewer possibility there is of a breach.
  2. System Restore Solution: This is one of the most talked security solutions in the classroom. Basically, it consists of creating a plan of action when the hack peril arouses.  This would let the user gain access to their files, even if the system is hacked and damaged files remain.
  3. Network authentication: A system of usernames and passwords must be taken into place. This would give access only to authorized users. This means no login without a password prompt.
  4. Encryption: All of your files, disks and the rest of removable devices should be encrypted. This will provide a Continue reading "Cake layers rule – Security Blog #8"

Secure Network, How? – Security Blog #7

--Originally published at TC2027 – Security – That Class Blog

This entry is not addressed to regular computer users, but more specifically to engineering students or people interested in network’s security, as the concepts are not that regular. This entry’s topic is the security of the network’s enterprise.

Virtual Private Network

This first category isn’t that much complex, as Virtual Private Networks (VPNs), are more and more widely used by the general users. So I won’t be talking a lot about this. VPNs are a method used by enterprises to connect and access an internal network from the outside, using a more secure network and an encrypted one.

15252943257_12957cec4a_k
“network” by Rosmarie Voegtli (CC https://creativecommons.org/licenses/by/2.0/). Taken from https://www.flickr.com/photos/rvoegtli/15252943257

Intrusion Detection Systems

Intrusion Detection Systems (IDS) main function is to aid the administrator in the detection of the type of attack that is being carried to the system. Usually, the IDS also help the administrator find and execute a solution to the problem as well as a plan of action on future detections. These systems trace and record logs, signature and triggered events. Usually, the IDS is attached to the firewall (Which I’m speaking down below) and the network router.

The most popular IDS tools I found are Snort and Cisco Network-Based IDS. Both successfully notify the user real-time, the signatures of attacks made to the network. The main advantage of Cisco IDS is the results obtained in the aftermath of the events (Reassembly of IPs and TCP sessions) and Cisco continuous support to the client. Meanwhile, Snort is open-source, cheaper to implement (Hardware wise), and flexible (Only requires Linux) and has multiple modalities where it can be implemented.

Firewalls

Firewalls, also called Intrusion Detection Devices, are software or applications that work directly in the network layer. As most of us already know, the firewalls protect the Continue reading "Secure Network, How? – Security Blog #7"

Ataque man-in-the-middle

--Originally published at Toledo

Un ataque man-in-the-middle, “hombre en el medio” en español, es un tipo de ataque en el mundo de seguridad informatica, en el que el atacante, con intenciones maliciosas, se interpone en la comunicación entre su victima y el servidor al que quiere acceder.

En término cotidianos, un ataque man-in-the-middle es como el juego popular del telefono descompuesto. Las personas en los extremos estan intentando comunicarse, quizá para decir la primera frase o chiste que se les ocurrió, al fin es un juego. La persona en medio, es parte del medio de comunicación, es decir, tiene que escuchar y repetir lo que oye para que el mensaje llegue al otro extremo. Para que ésto funcione, ambas personas en los extremos tienen que confiar que la persona en medio va a jugar su papel de manera correcta, no va a divulgar chismes que probablemente escuche, ni va a modificar lo que alguien dijo para armar un alboroto.

2009-08-19-oseano-telefono-descompuesto

La situación cambia ligera cuando se trata de un ataque man-in-the-middle. Las personas en los extremos ahora son: algún usuario despistado navegando en internet, y el servidor de alguna de sus páginas favoritas. El atacante toma el lugar de la persona de en medio, sin que los otros se enteren.  Y lo que intentan comunicar, ya no son cosas sin sentido, los mensajes podrían contener datos sensibles (tarjetas de crédito, contraseñas, domicilios, etc.). Es aquí la principal razón por la que se invierte tanto tiempo y esfuerzo en llevar a cabo éste tipo de ataques, en el valor de la información que se puede conseguir.

man-in-the-middle-mitm

Un atacante puede utilizar su computadora, celular o dispositivo especializado para planear e configurar el ataque. Dependiendo del caso en específico, y de las precauciones que la víctima tome en cuenta, un atacante podría explotar a Continue reading "Ataque man-in-the-middle"

Cryptography is fun, TC2027

--Originally published at Sebastian Luna

Let's wikipedia:

Cryptography is the practice and study of techniques for secure communication from third parties.
It is about constructing and analyzing protocols that prevent unauthorized access to the message.

Modern cryptography is based on mathematics and computer science, thanks to computers, we have the power to encrypt data and make it 'impossible' for a human to decrypt it.

Getting started
The way I got into cryptography, was with the series "Gravity Falls", they put some hidden messages all over the place, on the intro, at the end of the episode, and they used different encryption methods. It was really fun to try to decypher a code that you found on an episode.
If you know nothing about cryptography, I would recommend to enter the link provided at the end of this document, and to watch the animated series.

Encryption methods
Some encryption methods that were used on Gravity Falls are:

Caesar cipher: substitute the original letter for the nth letter before it. In the case for letters X, Y, and Z, (if n = 3) one would have to cycle through to the beginning of the alphabet.

Atbash cipher: decoded by reversing the letters. (A turns into a Z)
EXAMPLE: World -> D


A1Z26: simple substitution cipher decoded by substituting the nth letter of the alphabet for given number n.


Vigenère cipher: it's a series of Caesar ciphers where each letter shift depends on a key word. Vigenère ciphers use a Vigenère square to encrpyt the message.

These are relatively simple Encryption methods, computers use other methods but I will write about it on another blog, I want this one to be for "begginers".



http://gravityfalls.wikia.com/wiki/List_of_cryptograms

Revolution, TC2027

--Originally published at Sebastian Luna

We need one, we need a revolution on the way we learn.

I am currently developing a project that started with one of our professors, Sergio Hernández.
He started Estación Meiquer to give Social Service hours to ITESM GDA students. I was lucky to be one of them, because it covers topics I really like.
But for about a year now, we wanted to do more than giving Social Service hours, we see that there is a need for kids to change the way they think and the way they learn. We see everyday the consequences of a bad educational system, even here, at my school; there hasn't been a single time where partials are comming, and I see students studying from very specific questions and exercises (it took me a few semesters to realize they were studying from exams). I've seen students that take pictuers of the exam as soon as it's on their hands, before making it and after the professor gives them back so we can check our mistakes. What went wrong? Why is it more important to get an exam or find really clever ways to copy, than actual learning? Why is a number (grade) more important than all the effort someone can make on a whole semester learning by experimentation or research? Why aren't we allowed to make mistakes? We're not perfect, we learn from mistakes, I can tell you that the things I remember or learned the most, are things I struggled with, I had to find a way to solve it or I f*cked up really bad.

Our project is called Estación Meiquer, our goal is for kids to develop skills that, according to the World Economic Forum, will drive the 4th Industrial Revolution. These skills are:

Elevation of Privileges, TC2027

--Originally published at Sebastian Luna

What is Elevation of Privileges? 

Elevation of Privileges or Privilege Escalation is exploiting a system or application to gain more access than you normally should have. This means you have the power to do unauthorized actions.

There are two branches of privilege escalation, Horizontal and Vertical.

Horizontal

  • Access to other user's information or content. It's horizontal because you are in the scope of a user, but you can gain access to other users, this is still gaining more access than you should, but not at a higher level.

Vertical

  • Access to information or content that should only be accessd by someone with higher access. You stay on your scope, but now you "escalate steps" in the privilege section.

The following image shows the different levels of privileges that a system has. 


My favorite example of elevation of privileges:

Jailbreak

I remember I was in highschool when I got my first iPod Touch, it was Christmas and Santa gave me and my brothers an iPod. I was really excited and I opened it on the bathroom, as soon as I took it out of the box, it fell.
I always liekd playing and listening to music on my iPod, but after a while (still in highschool) I discovered that you could "jailbreak" it, letting you add more functionalities and customize your iPod, I didn't know it back then but that was a form of Elevation of Privileges. 
Normally, you couldn't do all those things that Cydia allowed you to do, but when you jailbreaked it, you gained control of many things and it felt really nice. 

Other methods
This webpage tells more about EoP and ways that it cacn be exploited: 
https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/06/07/all-you-know-about-stride-elevation-privilege-threat-eop
Here there are 6 ways to exploit and gain EoP that the webpage Continue reading "Elevation of Privileges, TC2027"

Elevation of Privileges, TC2027

--Originally published at Sebastian Luna

What is Elevation of Privileges? 

Elevation of Privileges or Privilege Escalation is exploiting a system or application to gain more access than you normally should have. This means you have the power to do unauthorized actions.

There are two branches of privilege escalation, Horizontal and Vertical.

Horizontal

  • Access to other user's information or content. It's horizontal because you are in the scope of a user, but you can gain access to other users, this is still gaining more access than you should, but not at a higher level.

Vertical

  • Access to information or content that should only be accessd by someone with higher access. You stay on your scope, but now you "escalate steps" in the privilege section.

The following image shows the different levels of privileges that a system has. 


My favorite example of elevation of privileges:

Jailbreak

I remember I was in highschool when I got my first iPod Touch, it was Christmas and Santa gave me and my brothers an iPod. I was really excited and I opened it on the bathroom, as soon as I took it out of the box, it fell.
I always liekd playing and listening to music on my iPod, but after a while (still in highschool) I discovered that you could "jailbreak" it, letting you add more functionalities and customize your iPod, I didn't know it back then but that was a form of Elevation of Privileges. 
Normally, you couldn't do all those things that Cydia allowed you to do, but when you jailbreaked it, you gained control of many things and it felt really nice. 

Other methods
This webpage tells more about EoP and ways that it cacn be exploited: 
https://securitycommunity.tcs.com/infosecsoapbox/articles/2017/06/07/all-you-know-about-stride-elevation-privilege-threat-eop
Here there are 6 ways to exploit and gain EoP that the webpage Continue reading "Elevation of Privileges, TC2027"

Problemas de seguridad con Github

--Originally published at Seguridad Informática



Github ha sido conocida mudialmente como una de las mejores herramientas para los programadores, realmente una herramienta hecha a la medida para poder subir tus trabajos y códigos y llevar un control de versiones increiblemente ordenada. Todos nos hemos sentidos seguros con github, ya que su uso consiste en un control de versiones que guarda cada avance de tu proyecto, y cada vez que hagas un "commit" se guardara tu avance y siempre podras regresar a esa version que "si funcionaba bien". 

En lo perosnal soy un fanático de github y de su flexibilidad, ya que puedes ingresar cualquier tipo de lenguaje, además de llevar un control de progreso en gráficas que meustra que tanto has avanzado, además de contar con las herramientas para trabajar con colaboradores y que otros puedan mejorar tu proyecto o simplemente darte algunas sugerencias. Otra cosa que ahce de github una herramienta muy util es que es opensoruce, por lo cual todos pueden ver tu código a menos que hagas tu proyecto privado.

Con filtraciones de contraseñas masivas apareciendo casi semanalmente y la práctica común de reutilizar el mismo password en varias cuentas, los ataques de contraseña automáticos son una buena razón para establecer un nivel adicional de autenticación para servicios en línea. Compañías como Apple, DropBox , Google , Twitter , Facebook o Microsoft, han lanzado la doble autenticación a lo largo del último año.

Recientemente GitHub ha enviado correos electrónicos a usuarios con contraseñas consideradas como débiles cuyas cuentas se han visto potencialmente comprometidas tras un reciente ataque de su sistema de autenticación. El ataque, todavía es investigado, aunque se sabe que se ha originado desde unas 40.000 IPs.

Confirmado de forma official en el blog de GitHub por el Security Manager, Shawn Davenport, el popular servicio de alojamiento de repositorios Continue reading "Problemas de seguridad con Github"