Less than a year after that story broke, Winternals was acquired by Microsoft, and while has moved on, has stayed with Microsoft, and is now the CTO of Azure.
Incidentally, they also broke the Sony BMG rootkit story, using sysinternals tools.
A bit of history, Process Monitor is part of the Sysinternals suite, originally developed by and, founders of Winternals. Microsoft is continuing to develop their Linux presence, this time by re-engineering Process Monitor as ProcMon for Linux. They attempt to bridge the gap between being a developer and an exploit author, walking us through the process of building an actual working exploit PoC based on a Google Project Zero write-up. We’ve covered many kernel level exploits in this column, but never have we covered a guide quite like the one just published by Secfault Security. To Make an Exploit From Scratch, You Must First Invent the Universe If a Google account was breached, the practice was to start with Google Takeout, the service from Google that allows downloading all the data Google has collected related to that account. If a targeted account used two factor authentication, the attacker was to make a note and give up on gaining access to that account. The training videos also contained a few interesting tidbits. Among the captured data was records of compromised accounts belonging to US and Greek military personnel. I suspect a Deadpool fan must work at IBM, but that’s beside the point.Ī server suspected to be used by ITG18 was incorrectly configured, and when data and training videos were stored there, that data was publicly accessible. This story comes from the IBM X-Force Incident Response Intelligence Services (IRIS). We’re once again talking about the strange shadowy world of state sponsored hacking. Even top-tier security professionals make catastrophic mistakes, and this time it was the operators at Iran’s ITG18.
0 kommentar(er)
