Recent Event Highlights: Flash Player update closes zero-day - The H, eEye Digital Security, a Provider of IT security Products, Closed First ... - Benzinga, Prominent iPhone Hacker Blames Vendors' Buggy Code for Security Breaches - eWeek, eEye CTO to Speak at Phoenix ISSA Chapter's Information Security Conference on ... - Benzinga, Traditional Defensive Security Can't Stop New APTs, Zero-Day Threats - eWeek, "LulzSec" uses zero-day on PBS, promises more attacks - SC Magazine US, and 113 more...
Created by dipity on Jul 7, 2009
Last updated: 06/06/11 at 04:09 AM
Flash Player update closes zero-dayThe HAdobe has released an update to Flash Player to close a zero day vulnerability. The "univeral" cross-site scripting flaw could, said Adobe, be used to take actions on a user's behalf on any web site or web mail provider once the user had visited a ...Adobe releases Flash zero-day patch for universal cross-scripting vulnerabilityComputerWeekly.comall 3 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNFu1ry0c4AhEARtlNESTsO5Ts5ftg&url=http://www.h-online.com/security/news/item/Flash-Player-update-closes-zero-day-1255599.html
eEye Digital Security, a Provider of IT security Products, Closed First ...BenzingaeEye's Zero Day Tracker provides an online catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities. eEye's Vulnerability Expert Forum (VEF) webinars, hosted monthly by CTO ...and more »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNH7q4teahhE-9shmKqPpwhs2tGBig&url=http://www.benzinga.com/press-releases/11/06/p1139448/eeye-digital-security-a-provider-of-it-security-products-closed-first-
Prominent iPhone Hacker Blames Vendors' Buggy Code for Security BreacheseWeekThey uncovered a zero-day vulnerability in Movable Type 4, the content-management system used by PBS, and broke in, defacing the site and posting a fake news story about Tupac Shakur supposedly being alive. Miller blamed the software vendors for the ...and more »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNHVQcmiAWvZJd9-AmeXepvK1qo6XQ&url=http://www.eweek.com/c/a/Security/Prominent-iPhone-Hacker-Blames-Vendors-Buggy-Code-for-Security-Breaches-668397/
eEye CTO to Speak at Phoenix ISSA Chapter's Information Security Conference on ...BenzingaeEye's Zero Day Tracker provides an online catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities. eEye's Vulnerability Expert Forum (VEF) webinars, hosted monthly by CTO ...and more »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNE1KPdF8dsfNPmQCTN47oI_IwaT2Q&url=http://www.benzinga.com/press-releases/11/06/p1135298/eeye-cto-to-speak-at-phoenix-issa-chapters-information-security-confer
Traditional Defensive Security Can't Stop New APTs, Zero-Day ThreatseWeekFirewalls, antivrus, e-mail filters, Web gateway, intrusion prevention systems and other security products are “obsoleted” by the current threat, because they tend to use unexpected attack vectors or exploit zero-day vulnerabilities. ...and more »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNF6JOF0Kxuy28jsSHggDk2watXHeQ&url=http://www.eweek.com/c/a/Security/Traditional-Defensive-Security-Cant-Stop-New-APTs-ZeroDay-Threats-854464/
Telegraph.co.uk"LulzSec" uses zero-day on PBS, promises more attacksSC Magazine USA group of hackers who compromised servers belonging to PBS.org early Monday morning said they used a zero-day vulnerability in a blog software program to obtain access to the popular site. In a post Sunday on the file-sharing site Pastebin, ...PBS Website Hacked With Fake NewsInformationWeekall 1,049 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNGjWvY5FhmEBWczHlwwiQ4EUHCBSA&url=http://www.scmagazineus.com/lulzsec-uses-zero-day-on-pbs-promises-more-attacks/article/204243/
'Cookiejacking' Flaw Discovered in Internet ExplorerDiscovery NewsHe claims that a zero-day vulnerability is found in every version of Internet Explorer for any version of Windows and allows hackers to hijack any cookie for any website. "Any website. Any cookie. Limit is just your imagination," Valotta told Reuters. ...
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNH3GsbVOvNvKXVm_aJQyxjrL41i7w&url=http://news.discovery.com/tech/cookiejacking-flaw-discovered-internet-explorer-110531.html
Moneycontrol.comInternet Explorer Flaw Can Cause Zero-Day ExploitMicrosoft Certified ProfessionalIn a process coined "cookiejacking" by Valotta, the stolen data can be used to carry out a zero-day attack. Successfully compromised systems can be installed with malware, send messages or forge clicks. The researcher warns that this flaw affects all ...Security researcher finds 'cookiejacking' risk in IECNETCookiejacking Attack Steals Website Access CredentialsInformationWeekMicrosoft downplays IE 'cookiejacking' bugComputerworldITProPortal -eWeek -International Business Timesall 108 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNH8js6__j8j_8_zx9SicP5xu_0YTA&url=http://mcpmag.com/articles/2011/05/27/internet-explorer-flaw.aspx
PadGadgetGoogle releases Chrome security fixes, still mum on flaw detailsGCN.comThe release of the updated browser does not fix a zero-day sandbox vulnerability that a French security research team, Vupen, had announced it had discovered earlier in the month. Aside from a handful of Google engineers taking to Twitter to blame the ...Chrome 11 Update Patches Critical BugsIT Business Edge (blog)all 15 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNG6zTS_Q7ErgK5auC0MWcIlcRdMmg&url=http://gcn.com/articles/2011/05/25/ecg-google-releases-security-update-for-chrome.aspx
Cookiejacking Attack Steals Website Access CredentialsInformationWeekAll versions of Internet Explorer on all versions of Windows are affected by the zero-day vulnerability, and are thus susceptible to cookiejacking. As the name implies, the attack is similar to clickjacking attacks, which trick users into clicking on ...Security researcher finds 'cookiejacking' risk in IECNETIE Flaw Could Allow Hackers Access to your Facebook, Gmail, Twitter AccountsNetwork Worldall 60 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNGMCFNCI0xUEB7s4JaokcZSbVrnig&url=http://www.informationweek.com/news/security/vulnerabilities/229700031
Apple standard procedures won't work with securityCNETThis is not an attack on the security of the operating system--any OS is hackable, for one thing, and phishing attacks rely less on zero-day vulnerabilities and more on the complacency of an unsuspecting victim. Mac users? Pretty unsuspecting. ...and more »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNGA-paZcedCELlrrw4aWEkimH_-zQ&url=http://news.cnet.com/8301-31322_3-20066288-256.html
WordPress 3.1.3 Security Update ReleasedGhacks Technology NewsThe developers classify the update as a security update, it appears however that it fixes no zero day vulnerability. The WordPress blog lists the following security enhancements and fixes in WordPress 3.1.3. Prevent sniffing out user names of ...and more »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNGL2fVgbifWT94xHZ7crMaqdDLZvQ&url=http://www.ghacks.net/2011/05/25/wordpress-3-1-3-security-update-released/
Reduce virtualization security risks by thinking physical, experts saySearchSecurity.comAn attacker can leverage a zero-day vulnerability or new malware variant to bypass antimalware technologies, he said. “In essence it is an arms race with the hacker always out in front,” Haletky said. Researchers continue to investigate VM escapes in ...
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNEM8IMWEOFMMMWlF1xZh7wfrS3uTQ&url=http://searchsecurity.techtarget.com/news/2240036165/Reduce-virtualization-security-risks-by-thinking-physical-experts-say
THINQ.co.ukHotmail Targeted by Zero-Day AttackPCWorldHotmail accounts were recently targeted by an attacking against a zero-day vulnerability in the Microsoft Webmail system. The attack is more insidious than some because it executes without user intervention when a malicious ...Trend Micro Discovers Zero-day Hotmail BugIT Business Edge (blog)Hotmail targeted by zero-day attackCIO Australiaall 26 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNEBBCmhKnX47gux803tHQsdwR9SMw&url=http://www.pcworld.com/businesscenter/article/228574/hotmail_targeted_by_zeroday_attack.html
The Explosion of CybercrimeinformITZero day vulnerabilities are those that are known to attackers, but either not known to the vendor, or the vendor has not developed and released a fix yet. While this implies that a zero day vulnerability lasts only a single day, it can actually last ...
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNEjFfb_t5P46uvaMc9tP9DB4m6YPw&url=http://www.informit.com/articles/article.aspx?p%3D1713590
Purported Chrome sandboxing exploit underscores monetary value of zero-day codeFierceCIOUnfortunately, the company has also declined to outline the technical details of the underlying vulnerabilities the company exploited--not even to the Chrome web browser team who could have rectified the vulnerability. Several Google (NASDAQ: GOOG) ...Unplugged: Google Blames Chrome Breach on Adobe FlashRedmond Developer Newsall 4 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNHhnCop3Tqa6iseVgTLaqvCm4VBOQ&url=http://www.fiercecio.com/techwatch/story/purported-chrome-sandboxing-exploit-underscores-monetary-value-zero-day-cod/2011-05-13
bit-tech.netGoogle, VUPEN Spar Over Chrome HackInformationWeekBut for now, only VUPEN and its "three-letter" government agency customers know the details about the two zero-day vulnerabilities that VUPEN says it exploited and successfully used to bypass Chrome's sandbox and other security features. ...Google Chrome Hacked, But Security Firm Won't Share DetailsPC MagazineResearchers crack Google ChromeComputingZero-Day Security Flaws Found In Google ChromeADT MagazineRedmond Developer News -CRN -PC Authorityall 94 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNEJ_dZ7Ut4tQww3SZdyRxt6BuoJ4A&url=http://www.informationweek.com/news/security/attacks/229500086
Telegraph.co.ukGoogle Chrome Hacked, But Security Firm Won't Share DetailsPC Magazine"Currently, there are several zero-day vulnerabilities that Adobe has put off patching in Reader X, out of an abundance of confidence in the ability of its sandbox technology to thwart these attacks." Bekar wrote that the Chrome exploit takes advantage ...Google, VUPEN Spar Over Chrome HackInformationWeekResearchers warn of Google Chrome zero-dayTHINQ.co.ukHackers Break Into Google Chrome SandboxCRNComputing -Storage (blog) -TechEyeall 1,885 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNEdFwi_L-yM3gM6HmWuBvPDugTOHA&url=http://www.pcmag.com/article2/0,2817,2385205,00.asp
Excerpt
...VoIP service Skype has dished out an update for its Mac client that fixes a zero-day vulnerability reported by a group of ethical hackers in Australia. Gordon Maddern of Pure Hacking wrote in a blog post that the vulnerability was extremely “wormable” and...
Source Info
IT Pro Portal
http://www.itproportal.com/2011/05/10/skype-for-mac-5-1-hotfix-fixes-zero-day-vulnerability/
Social BarrelSkype For Mac 5.1 Hotfix Fixes Zero Day VulnerabilityITProPortalPopular VoIP service Skype has dished out an update for its Mac client that fixes a zero-day vulnerability reported by a group of ethical hackers in Australia. Gordon Maddern of Pure Hacking wrote in a blog post that the vulnerability was extremely ...Report: Skype's Mac Client Has Dangerous ExploitPC MagazineResearchers uncover zero-day flaw in Mac SkypeV3.co.ukSkype for Mac requires manual update to fix security vulnerabilityCNET (blog)PCWorld -Social Barrel -TFTS (blog)all 96 news articles »
http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNH0USDBVL9iVRsUnj9YFFx1Zje44A&url=http://www.itproportal.com/2011/05/10/skype-for-mac-5-1-hotfix-fixes-zero-day-vulnerability/
Qualys CTO Wolfgang Kandek & Rodrigo Branco, vulnerability & malware research director discuss the recent vulnerability in Microsoft Excel - MS11-021.
Qualys CTO Wolfgang Kandek & Amol Sarwate, vulnerability labs manager discuss this months Microsoft Patch Tuesday release.
Speaker: Rainer Böhme What is the economic value of a zero-day exploit? What is the market value of a zero-day exploit? It is evident that information on vulnerabilities and information security threads is very valuable, but the market for it is neither structured nor liquid. This talk combines examples from real world information security business with academic arguments on the pros and cons of vulnerability markets, including vulnerability sharing circles, bug auctions, remote root derivatives, and cyber-insurance. Would we live in a more secure world if every geek could go and sell his exploit at the market price? How could this market eventually be organised? What are the incentives of market participants and where are dangers for conflicts of interest? Join us on a journey to a hypothetical world where information security is entirely melted into finance so that S&P quotes a daily kernel hardness index ... For more information visit: bit.ly To download the video visit: bit.ly
Advanced Exploitation of the Recent Flash Zero-day Vulnerability (CVE-2011-0609) by Haifei Li
This demonstration video takes a detailed look at the Stuxnet worm on a Siemens PCS7 FieldPG host. The demo provides a brief overview of the worm, and then takes a look at how it exploits Windows vulnerabilities to install itself on the target host, infect various Windows and Siemens components, and then replicate itself for installation on other hosts. Additional information available at www.SCADAhacker.com
Speakers: Matt Richard Malicious Code Researcher, Raytheon Steven Adair Researcher, Shadowserver This talk is the story of 0-day PDF attacks, the now famous gh0stnet ring and the disclosure debacle of the Adobe JBIG2 vulnerability in January and February 2009. This is the story of international cyber-espionage using 0-days and the fierce debate over how to defend networks in the face of prolonged periods of exposure to unpatched vulnerabilities. We seek to answer the following questions in this talk: •Who was behind the early 0-day attacks and are they the same as the gh0stnet report published in April 2009? •Did disclosure of the Adobe JBIG2 vulnerability have an impact on targeted attacks? •How effective were post-disclosure protections such as AV signatures, IDS signatures and workarounds? Throughout the talk we dissect the 0-day artifacts and other events leading up to the partial disclosure of the JBIG2 vulnerability on February 19 by ShadowServer. Using a variety of 0day PDF samples we will analyze the 0-day attacks and attempt to correlate them to the attackers discussed in the recent paper "Tracking GhostNet: Investigating a Cyber Espionage Network". We will also look at the partial disclosure by ShadowServer and then full disclosure on the Sourcefire blog and assess the impact on targeted attacks. We will analyze the various malicious PDF's submitted to Virustotal to determine their lineage and relationship to either the original 0day exploit and gh0stnet or new ...
Zero day vulnerabilities have been all over the news lately with the recent Stuxnet attack. How big of a risk are they for the average enterprise?
Learn more about Stuxnet/the Windows shortcut exploit zero-day and register to attend a FREE live Anatomy of an Attack event near you: bit.ly
Sophos's Windows Shortcut Exploit Protection Tool detects malicious LNK files. Download the free tool and learn more at www.sophos.com Works with any anti-virus - you don't need to uninstall your existing product.
Malformed Shortcut Zero-Day Vulnerability demonstration with and without BluePoint Security 2010. This vulnerability is currently un-patched as of 7/23/2010 and affects all Microsoft Operating Systems. BluePoint Security 2010 mitigates the vulnerability across all supported operating systems including Windows XP SP2
W32/Stuxnet 0-day PoC demo Source: www.exploit-db.com
The following video shows the automatically executed rootkit in action. You can see that I in no way interact with the device other than to "explore" it. This will work even with AutoRun and AutoPlay disabled. I don't know why you would plug in a USB storage device if you weren't going to view it in Explorer... Read the Sophos blogpost for more information Source: Sophos blog (bit.ly
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
This video shows how the Adobe 0-day vulnerability (CVE-2010-1297) is used in mass injection attacks and what happens on the user's computers when visiting a compromised website. More information about this attack can be found on our blog: bit.ly
Más información: cafemigao.com
Demo movie demonstrating a live attack by exploiting the Adobe CVE-2010-1297 vulnerability in Adobe® Reader, Flash Player and Acrobat - Read more on MalwareCity
Clip 1/5 Speaker: Weidong Cui · Microsoft In this talk, I will present a new approach to automatically generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen. Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer ten common, real-world file and network message formats. ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities. By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen ...
Clip 2/5 Speaker: Weidong Cui · Microsoft In this talk, I will present a new approach to automatically generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen. Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer ten common, real-world file and network message formats. ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities. By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen ...
Clip 3/5 Speaker: Weidong Cui · Microsoft In this talk, I will present a new approach to automatically generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen. Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer ten common, real-world file and network message formats. ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities. By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen ...
Clip 4/5 Speaker: Weidong Cui · Microsoft In this talk, I will present a new approach to automatically generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen. Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer ten common, real-world file and network message formats. ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities. By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen ...
Clip 5/5 Speaker: Weidong Cui · Microsoft In this talk, I will present a new approach to automatically generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen. Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer ten common, real-world file and network message formats. ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities. By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen ...
Update Sources