Dailydave mailing list archives
Re: Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides
From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Mon, 11 Apr 2016 08:12:37 -0700
Interesting. But hundreds of connections to random Chinese computers should have also been a tip off, regardless of protocols used. Still good work overall. The Jenkins vulns are concerning because Cyanogenmod, TeamWin / TWRP, openstack, and tons of other projects depend on the security of Jenkins project build systems not being compromised. To know how bad Jenkins is, I found more 0day in Jenkins recently in 5 minutes of just skimming and used it to PoC hack one of the main developers of Jenkins, which I could have used to own millions of mobile phones and openstack servers by committing a simple backdoor upstream. I'm a whitehat though. But you should really fear Jenkins because surely the Chinese / NSA and others have owned numerous projects with it. Here is a screenshot of me popping a remote shell on a Jenkins core developer with commit access...yes really... https://s23.postimg.org/6qnenzbbv/tmp_20410_Screenshot_from_2016_03_10_12_13_17119.png I have not shared the numerous 0day with anyone but a small select group of people and only one of the vulns to the Jenkins team. This is a big hint for Google Project Zero to invest some effort there if they haven't already ;) Jenkins team says they will make "big changes" when v2.0 is released, but I can smell backdoors already have been added upstream and other exploitable vectors will be around even if they really do enable "security by default" in the next major release.. http://slides.com/eldraco/robots-vs-robots Possibly relevant to discussion :) _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides Dave Aitel (Apr 11)
- Re: Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides Kristian Erik Hermansen (Apr 12)
- Re: Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides Kevin Noble (Apr 12)