Skip to content

Security and Exploitation

DJShepherd edited this page Feb 10, 2024 · 21 revisions

Secure boot, Chain of Trust

Control Flow Integrity (CFI)

Core Software Vulnerabilities

ROP/JOP

Exploiting Common Software Bugs

Improper Crypto Implementations

  • Insecure handling of key material
    • Insecure key storage
    • Reusing or constantly defining key parameters that are meant to be randomized
    • Insecure RNG when generating key parameters
  • Insecure crypto operations
    • Algorithms vulnerable to timing attacks or side channel analysis
    • Rolling out custom encryption/authentication protocols/systems instead of using proven methodologies

Sensitive Information Leak

Fault Injection/"Glitching"

Additional References

Reverse Engineering

  • Binary reversing
    • Getting familiar with standard tools (Ghidra, IDA, Hopper, etc)
    • Techniques/tricks/tools that help with reversing like decompiler, analysis, debugging, etc
    • Obfuscation techniques
      • TODO...
  • Basic board design
    • Component identification
    • Identifying chips and what their role may be
  • Extracting binaries
    • Exploit => injected code => serial/com channel
    • Intercepting traffic from insecure com channel
    • Dumping flash chips

Security Automation Tooling

Exploit/Rootkit Development

  • Identifying potential entry points
    • Protocol/peripheral exploitation (USB, network stack, etc)
    • Custom/patched firmware
      • Running custom/unsigned FW (non-secure boot, glitching, etc)
      • Runtime patching vs persistent file patching
    • Malicious/crafted files/payloads
    • User space application/web browser vulnerabilities
      • Insecure deserialization
      • XML External Entities (XXE)
    • External web service vulnerabilities
      • XSS
      • Payloads/files from compromised services
  • Chaining vulnerabilities in different software components to traverse the system/elevate privileges

Attestation

  • Attestation concepts
  • Evading detections/forging attestation responses

Clone this wiki locally