Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Nikolaos Tsouroulas Looking for a MDR partner? Beware, not all MDRs are the same Are you throwing more money than you can afford into your SOC but still failing to detect and respond quickly enough to incidents? Have you suffered the impact of...
ElevenPaths Cybersecurity Weekly Briefing October 17-23 New banking trojan called Vizom IBM Security Trusteer’s research team has published a report analysing the new “Brazilian family” banking Trojan called Vizom. This malicious software uses similar techniques to...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Innovation and Laboratory Area in ElevenPaths DIARIO: Our Privacy-Friendly Document Malware Detector DIARIO makes possible to scan and analyse documents for malware detection with no need to know the content of those files.. Find out more in this post.
Nacho Brihuega IoT Device Search Engines: Why Choose if We Can Use All of Them? Nacho Brihuega explains how to use IoT device search engines to detect vulnerabilities and the functioning of a script that will make your research easier.
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
Gonzalo Álvarez Marañón Encryption That Preserves The Format To Ensure The Privacy Of Financial And Personal Data Your personal information swarms through thousands of databases of public and private organizations. How do you protect its confidentiality so that it does not fall into the wrong hands?...
Curiosities About Windows XP Code LeakElevenPaths 6 October, 2020 A few days ago, attention was focused on Reddit, within a community that is characterised by its conspiracy theories. According to the news it consisted of filtering 43 GBs of data from “Windows XP” but, according to the name of the Torrent (more accurate), what was filtered was “Microsoft leaked source code archive“, because it actually contained much more. This is a compilation of previous leaks, documents, documentaries, images… and yes, unpublished source code. More than half of the content is fact made up of all of Microsoft’s patents, up to 27 GB in compressed form. Let’s have a look at other curiosities Directory and File Analysis Here is an example of what it can be downloaded: The description of Torrent itself makes this clear. Included in this Torrent are: MS-DOS 3.30 OEM Adaptation Kit (source code) MS-DOS 6.0 (source code) DDKs / WDKs stretching from Win 3.11 to Windows 7 (source code) Windows NT 3.5 (source code) Windows NT 4 (source code) Windows 2000 (source code) Windows XP SP1 (source code) Windows Server 2003 (build 3790) (source code) (file name is ‘nt5src.7z’) Windows CE 3.0 Platform Builder (source code) Windows CE 4.2 Shared Source (source code) Windows CE 5.0 Shared Source (source code) Windows CE 6.0 R3 Shared Source (source code) Windows Embedded Compact 7.0 Shared Source (source code) Windows Embedded Compact 2013 (CE 8.0) Shared Source (source code) Windows 10 Shared Source Kit (source code) Windows Research Kernel 1.2 (source code) Xbox Live (source code) (most recent copyright notice in the code says 2009) Xbox OS (source code) (both the “Barnabas” release from 2002, and the leak that happened in May 2020) We have indicated the most relevant part in bold since, about the rest, much was already known from previous leaks. For example, in May 2020 the original Xbox and NT 3.5 code was leaked; in 2017, some parts of Windows 10; and in 2004, some parts of NT and 2000. We show here the complete TXT justifying what the Torrent consists of. The PDF section is nothing to be missed, mostly because of the value of gathering so much documentation and news about code disclosures. A Mysterious Encrypted RAR The leak contains an encrypted RAR (Windows_xp_source.rar), and the person including it appeals to the community to try to decrypt the password. “Including ‘windows_xp_source.rar’ in this collection, even though it’s password protected. Maybe someone can crack (or guess) the password and see what’s inside. The archive is bigger than the other XP / Neptune source tree. It might be genuine, it might not. But I’m including it just in case, since the file was so hard to track down. Original upload date seems to have been around 2007 or 2008. The hash key is: $RAR3$*0*c9292efa2e495f90*044d2e5042869449c10f890c1cced438” ¿Is This relevant? What is important, therefore, and seems to be new, is the source code of kernel 5 from 2003 and largely shared by XP as well. Nt5src.7z, which is about 2.4 gigabytes and when decompressed reaches about 10 GB. It seems that the code is very complete, but it is not known if it contains enough to compile it. The vast majority of the files are dated 2 September 2002. The Service Pack was officially released on the 9th. With respect to whether this leak is a security threat, it will help detect or analyse potential vulnerabilities that are still preserved in Windows 10 by inherited code much faster. Attackers will be able, once an opportunity for flaw has been identified, to better understand why it occurs if they go to the clear code portion. And not just the inherited parts in Windows 10. Windows XP and 2003 themselves are still found on a good number of important systems. Truth be told that since 2014, when their support was stopped, administrators have other problems added if they still maintain this system. But this can make it worse. Not much more, but it is important. In any case, any researcher looking for vulnerabilities in the code would start from comments… where programmers reflect doubts, fears and… potential cracks. A simple search by “WARNING:” gives us some interesting idea of what things can go wrong in the code, according to the programmers themselves. Some of them will be mare curiosities and others could be seen as potential security problems. Here are some examples. It makes no checks on buffer… It could break everything… It is very annoying to look at… Never ever change the order or you break backwards compatibility… Overflow… I really don´t like this but… JlJmIhClBsr Chain We didn’t want to forget that in the code related to the file sharing, there is the JlJmIhClBsr chain, something curious that can indicate that the NSA already had access to the Windows code (this would not be strange at all) but that also implied that it made a mistake when creating the exploit of EnternalBlue. Because by including that chain, which was in the source code, it is not very well known why, it was adding (without being aware of it) a kind of very relevant IDS signature to know if someone was being attacked by the EternalBlue exploit. This is very curious because it would also imply that the NSA created the exploit by fixing or adapting the source code directly. When the exploit was made public, WannaCry, created under EternalBlue, also inherited that chain. However, it was useless and when it was ported to Metasploit it was simply removed. At the time, we already investigated and verified that in reality this chain JlJmIhClBsr would only have one use: to serve perfectly as a signature or mark to detect the network attack. A mislead from the NSA. Part of the svrcall.c code Introducing the New ElevenPaths Chief Security Envoys (CSEs) for 2020Security Innovation Days 2020: The New Era
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...