August 31, 2017

12 Great Technical Talks at SHA2017

image credit Arron Dowdeswell @Arronandir

SHA2017 is a large outdoor hacker camp, which took place in the Netherlands on August 4th to 8th. Despite the intensive preparation of his own talk at this event, a Positive Technologies expert Alexander Popov attended a lot of interesting lectures. In this article Alexander shares his impressions and lists 12 great technical talks at SHA2017, which he liked the most.

August 30, 2017

Blocking double-free in Linux kernel

On the 7-th of August the Positive Technologies expert Alexander Popov gave a talk at SHA2017. SHA stands for Still Hacking Anyway, it is a big outdoor hacker camp in Netherlands.

The slides and recording of Alexander's talk are available.

This short article describes some new aspects of Alexander's talk, which haven't been covered in our blog.

August 28, 2017

Disabling Intel ME 11 via undocumented mode

Our team of Positive Technologies researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts. In this article, we describe how we discovered this undocumented mode and how it is connected with the U.S. government's High Assurance Platform (HAP) program.

Disclaimer: The methods described here are risky and may damage or destroy your computer. We take no responsibility for any attempts inspired by our work and do not guarantee the operability of anything. For those who are aware of the risks and decide to experiment anyway, we recommend using an SPI programmer.

August 8, 2017

4G Networks Infrastructure Still Vulnerable Despite Upgrade

Billions has been invested, super speed reached, yet none of the security holes have been fixed. Positive Technologies has warned that its research confirms vulnerabilities in the world’s mobile infrastructure still exist, despite billions being invested to upgrade mobile networks to Diameter to carry 4G and 5G traffic. The unaddressed flaws leave mobile communications, and the security practices founded on them, vulnerable allowing hackers to intercept and divert SMS messages – including passcodes meant to validate identity and authorise transactions; eavesdrop on phone conversations; locate users; instigate denial of service attacks against the whole network; plus other illegitimate actions. Earlier this year attackers stole funds from bank accounts having redirected one time passcodes (OTPs) sent by banks in Germany, via text message (SMS), confirming that real world attacks have been devised and can be successfully executed.

Web application vulnerability report: time to dig into the source code


Every year, web applications expand their presence in more and more areas. Almost every business has its own web applications for clients and for internal business processes. However, application functionality is often prioritized at the expense of security, which negatively affects the security level of the entire business.

As a result, web application vulnerabilities provide massive opportunities for malicious actors. By taking advantage of mistakes in application architecture and administration, attackers can obtain sensitive information, interfere with web application functioning, perform DoS attacks, attack application users, penetrate a corporate LAN, and gain access to critical assets.

This report provides statistics gathered by Positive Technologies while performing web application security assessments throughout 2016. Data from 2014 and 2015 is provided for comparison purposes.

This information suggests paths of action: which security flaws in web applications require attention during development and operation, how to distinguish potential threats, and what the most effective techniques for security assessment are. We also illustrate trends over time in web application development in the context of information security.

August 1, 2017

Cobalt strikes back: an evolving multinational threat to finance

1. Introduction

Bank robbery is perhaps the quintessential crime. The promise of immense, instant riches has lured many a criminal to target banks. And while the methods, tools, and scale of robbery have all changed, two things have stayed the same: the enticement of a hefty payday and the fact that no system is perfectly secure.

In the modern digital economy, criminals are becoming ever more creative in ways to make off with millions without having to leave home. Despite enormous efforts, security is always a work in progress because of technical vulnerabilities and the human factor. Only a small fraction of banks today are able to withstand targeted attacks of the kind perpetrated by Cobalt, a cybercriminal group first described in 2016 that is currently active worldwide. Now the group has set its sights on more than just banks.

Researchers at Positive Technologies and other companies have described the group's methods previously. In this report, we will describe the new techniques used by Cobalt in 2017, the changing target profile, and recommendations on how to avoid becoming their latest victim.