Weekly in Security 202226

2022-06-27 to 2022-07-04

3 min read - 480 words

Introduction

Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-06-27 to 2022-07-04.

Vulnerabilities

OpenSSL remote memory corruption

The vulnerability affects OpenSSL 3.0.4, which was released last week. Furthermore, it only affects x64 systems with AVX-512 instruction set.

the reduction function is called with num set to the bit size, where it should be number of BN_ULONG elements (which are always 8 bytes large, because that is the size of an unsigned long on x64 systems, which is the only architecture which can have AVX512 support). So with the input sizes being 1024 bits, 8192 bytes are accessed (read from or written to) instead of 128

By chance, Intel disabled AVX-512 on recent Alder Lake processors with a microcode update. Mainly affected are Xeon processor family.

News and Articles

NeRF: An Eventual Successor for Deepfakes?

The two popular open source packages DeepFaceLab (DFL) and FaceSwap entered the public arena in 2017. Since their inception improvements in deepfake quality have pushed the original code to its outermost limits.

In 2020 a method of recreating objects by stitchign together multiple viewpoint photos inside a neural network emerged. Given a limited number of viewpoints, NeRF calculates the ‘missing views’ by recognizing shapes, textures, transparency, and lighting values, and estimating and synthesizing the views that aren’t present in the source data. NeRF could challenge the state of the art while remaining in the open source arena.

Maelstrom

As the industry balances around the convenience of delivering code and retrieving content using C2s, bad guys have been increasingly also using custom or cracked tooling for their own operations.

Modern Initial Access and Evasion Tactics

This talk by @mariuszbit shares some of his insights. He also references the article Challenging our Mental Model of Initial Access | by Matt Hand from last week. The talk will also be held at x33fcon and hopefully be recorded.

Tools

Antnium

A C2 framework and RAT written in Go.

Dobin present his antnium at Area41. The tool is written in Golang und Dobin describes quite well the different challenges. The goal of the RAT is not to replace any existing red teaming tools, e.g. Cobalt Strike. Rather, the RAT must be seen as a technical challenge.

0114a84 (Minor updates)