Suspekt... » korea

Speaking at POC 2010 - ASLR for jailbroken iPhones

Stefan Esser — Wed, 01 Dec 2010 10:57:16 +0000

December has arrived and it is time to announce my talk for the Power of Community security conference in Seoul. This year I will not only return there for the 3rd time as speaker, but this time I will talk about something not related to PHP or web security at all. My company SektionEins recently started to offer mobile security audits and I am now playing around with iPhone security all the time which resulted in the talk that I will present at POC this year.

Session: Adding Address Space Layout Randomization (ASLR) to jailbroken iPhones
This year has brought bad news for the security of the iPhone. First it was demonstrated during the PWN2OWN contest that ROP payloads can steal information like the SMS database from factory iPhones and later this year jailbreakme.com combined multiple exploits for vulnerabilities in MobileSafari, the iOS kernel and the userland to jailbreak the device from remote. And for jailbroken devices the situation is even worse because the jailbreak weakens the otherwise strong security features of the iPhone in a way that remote exploits are far easier to accomplish.

However it is time to remember that the whole purpose of a jailbreak is to free the device from Apple and to allow users to do whatever they want with their device. The fact that current jailbreaks destroy the security is just because jailbreakers did not bother to find a better solution. This changes now.

In this session the differences in exploiting jailbroken and factory iPhones will be highlighted and it will be explained step by step how a new tool was developed that adds ASLR (address space layout randomization) to jailbroken iPhones. With ASLR an exploit mitigation is added that is not available in factory iPhones and makes exploitation more difficult. And this is only the first step, more mitigations and a full reactivation of the codesigning protection are planed for the next months.

See you in Seoul between 13th and 16th December.

서울에서 12월 13일에서 16일에 만나요!

Shocking News in PHP Exploitation

Stefan Esser — Sat, 28 Nov 2009 17:43:54 +0000

On 5th of November I gave a talk titled “Shocking News in PHP Exploitation” at the Powerofcommunity hacking/security conference in Seoul, South Korea. Afterwards I uploaded my slides to this server but only distributed the link through twitter. I totally forgot about announcing the slides in my blog.

The topics of my talk were

easy ways to bypass modsecurity and f5 big ip asm
exploiting unserialize vulnerabilities in Zend Framework applications
exploiting PHP interruption vulnerabilities after recent fixes in PHP

The slides are available here.

Speaking at POC 2009

Stefan Esser — Thu, 24 Sep 2009 20:45:16 +0000

This year I will return to Power of Community in Seoul and present a session about state of the art exploitation of PHP applications and servers. Unlike my Syscan and Blackhat talk I will also demonstrate how to find unusual code execution vulnerabilities and how to tunnel attacks through web application firewalls.

Session: Shocking News in PHP Exploitation

Remote code execution vulnerabilities in modern PHP applications have become more difficult to find and exploit due to better education of developers and the wide adoption of Suhosin, web application firewalls and other PHP environment hardening. E.g. the class of remote file inclusion vulnerabilities is practically dead in modern PHP installations.

This talk will demonstrate how a well known class of PHP application vulnerabilities that is widely believed to be a DoS vulnerability only, can result in arbitrary PHP code being executed. Furthermore it will be demonstrated how attacks on PHP applications can be tunneled through web application firewalls like mod_security with ease, bypassing the whole rule engine. And last but not least we will take a look at the recently introduced protections against interruption vulnerabilities in PHP and how it is still possible to perform post exploitation tricks as presented at Syscan and Blackhat.

See you in Seoul between 5th and 6th November.

서울에서 11월 5일에서 6일에 만나요!

Starbucks, WIFI, Internet and South Korea

Stefan Esser — Tue, 30 Sep 2008 02:17:44 +0000

When I came to Seoul, South Korea I had already heard about the high distribution of broadband internet access. Therefore I was not suprised at all that my hotel room had ethernet sockets that provided me with fast internet access. What suprised me however was the fact that it was for free. In Germany or the USA you usually pay atleast 10$ per day for a similiar connection.

On the other hand when I visited Starbucks I had to learn the hard way that without Microsoft Windows you are an outsider in South Korea. It is simply not possible to connect to the NETSPOT hotspots within Starbucks Korea without Microsoft Windows and without Internet Explorer. On the one hand their special connectivity software only exists for Windows and on the other hand the web login seems to require an activex module for credit card payment.

With this kind of limit in place I can now understand why devices like the IPOD Touch are far cheaper in South Korea than in Germany. You simply cannot use them

I think the guys behind NETSPOT should really consider redesigning their system to be compatible to non Microsoft systems, like osx or linux. After all it is not that hard to do credit card billing.

PS.1: Yes I know that the NETSPOT hotspots seem to let everything through on port 53 UDP which might allow VPN tunnels on port 53 but I am only speaking about legal access here.

PS.2: Beside that little annoyance I really love South Korea and plan to come back as often as possible