Links
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
    Type 1 or more characters for results.
    5 results tagged Backdoor  ✕
    InfoSec Handlers Diary Blog https://isc.sans.edu/diary/rss/26124
    Thu May 14 23:43:11 2020 archive.org
    thumbnail

    Looking at our patch Tuesday list, I looked a bit closer at CE-2020-1048 (Print Spooler Privilege Escalation) and Microsoft's ratings for that one. Microsoft rated this as:

    Disclosed: NO
    Exploited: NO
    Exploitability (old and new versions)

    Unfortunately, this vulnerabiltiy was actually disclosed to Microsoft by the research community (see below), so the code to exploit it absolutely does exist and was disclosed, and a full write-up was posted as soon as the patch came out:
    https://windows-internals.com/printdemon-cve-2020-1048/

    Long story short, on an unpatched system, you can plant a persistent backdoor on a target host with this one-liner in PowerShell:

      Add-PrinterPort -Name c:\windows\system32\ualapi.dll

    Then "print" an MZ file (DOS excecutable) to that printer to light it up.

    As noted, this backdoor is persistent, and will remain in place even after you apply the patch!

    Moral of the story? For me, there are a couple of them:

    • Don't put too much stock in risk ratings assigned to patches. "Lows" and "Mediums" can bite you just as badly as vulnerabilities rated as "High". This goes for patches as well as scan results or pentest results. If your policy is to patch only Severe and High rated issues, you'll pay for that eventually.
    • Also, it's a good thing that more vendors are going to monolithic patching. If you apply the current patch set from Microsoft, you get them all - there's no more "cherry picking" allowed!
    windows backdoor patch
    ZATAZ Chrome backdoor : Prendre le contrôle dun navigateur Chrome - ZATAZ - http://www.zataz.com/chromebackdoor-prendre-controle-navigateur-chrome/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ZatazNews+%28ZATAZ+News%29#axzz45tofkkgY http://www.zataz.com/chromebackdoor-prendre-controle-navigateur-chrome/
    Fri Apr 15 12:59:37 2016 archive.org
    thumbnail

    Chrome Backdoor

    chrome backdoor
    Computrace http://korben.info/computrace-lojack-absolute.html
    Tue May 20 16:49:28 2014 archive.org
    thumbnail

    Le mouchard universel présent sur les PC, Mac et appareils Android « Korben

    Hack Virus NSA Backdoor Malware antivirus
    Il y a bien une backdoor dans OS X !, sur MacBidouille.com http://www.macbidouille.com/news/2014/04/01/il-y-a-bien-une-backdoor-dans-os-x
    Mon Mar 31 22:50:25 2014 archive.org
    thumbnail
    backdoor OSX
    Faille routeurs Linksys et Netgear http://korben.info/le-port-32764-ouvert-sur-les-routeurs-linksys-et-netgear-est-une-backdoor.html
    Tue Mar 4 12:40:03 2014 archive.org
    thumbnail

    Le port 32764 ouvert sur les routeurs Linksys et Netgear est une backdoor «

    Backdoor linksys Hack Port
    1578 links, including 7 private
    Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn