The Experts below are selected from a list of 84 Experts worldwide ranked by ideXlab platform
Bernhards Blumbergs - One of the best experts on this subject based on the ideXlab platform.
-
remote Exploit Development for cyber red team computer network operations targeting industrial control systems
International Conference on Information Systems Security, 2019Co-Authors: Bernhards BlumbergsAbstract:Cyber red teaming and its techniques, tactics and procedures have to be constantly developed to identify, counter and respond to sophisticated threats targeting critical infrastructures. This paper focuses on cyber red team technical arsenal Development within conducted fast paced computer network operation case studies against the critical infrastructure operators. Technical attack details are revealed, attack tool released publicly and countermeasures proposed for the critical vulnerabilities found in the industrial devices and highly used communication protocols throughout the Europe. The Exploits are developed in a reference system, verified in real cyber red teaming operations, responsibly disclosed to involved entities, and integrated within international cyber defence exercise adversary campaigns.
-
ICISSP - Remote Exploit Development for Cyber Red Team Computer Network Operations Targeting Industrial Control Systems
Proceedings of the 5th International Conference on Information Systems Security and Privacy, 2019Co-Authors: Bernhards BlumbergsAbstract:Cyber red teaming and its techniques, tactics and procedures have to be constantly developed to identify, counter and respond to sophisticated threats targeting critical infrastructures. This paper focuses on cyber red team technical arsenal Development within conducted fast paced computer network operation case studies against the critical infrastructure operators. Technical attack details are revealed, attack tool released publicly and countermeasures proposed for the critical vulnerabilities found in the industrial devices and highly used communication protocols throughout the Europe. The Exploits are developed in a reference system, verified in real cyber red teaming operations, responsibly disclosed to involved entities, and integrated within international cyber defence exercise adversary campaigns.
David J. Musliner - One of the best experts on this subject based on the ideXlab platform.
-
SASO - Meta-control for Adaptive Cybersecurity in FUZZBUSTER
2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, 2013Co-Authors: David J. Musliner, Jeffrey M. Rye, Scott E. Friedman, Tom MarbleAbstract:Modern cyber attackers use sophisticated, highly-automated vulnerability search and Exploit Development tools to find new ways to break into target computers. To protect against such threats, we are developing FUZZBUSTER, a host-based adaptive security system that automatically discovers faults in hosted applications and incrementally refines and repairs the underlying vulnerabilities. To perform this self-adaptation, FUZZBUSTER uses meta-control to coordinate a diverse and growing set of custom and off-the-shelf fuzz-testing tools. FUZZ Buster's greedy meta-control strategy considers adaptation deadlines, the Exploit potential of vulnerabilities, the usage schedule of vulnerable applications, and the expected performance of its various fuzz-testing and adaptation tools. In this paper, we demonstrate how FUZZ Buster's meta-control reasons efficiently about these factors, managing task selection to maximize the system's safety and effectiveness.
-
SASO - Automatic Self-Adaptation to Mitigate Software Vulnerabilities: A Fuzzbuster Progress Report (Extended Abstract for Poster)
2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems, 2012Co-Authors: David J. Musliner, Jeffrey M. Rye, Timothy Woods, Tom Marble, Kevin RaisonAbstract:Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. Under DARPA's Clean-slate design of Resilient, Adaptive, Survivable Hosts (CRASH) program, we are developing FUZZBUSTER to provide self-adaptive immunity from these and other cyber threats. This poster describes the most up-to-date results from the millions of fuzz-testing operations FUZZBUSTER has conducted, as well as its results in self-adapting to mitigate the vulnerabilities it finds.
-
SASO Workshops - Using Concolic Testing to Refine Vulnerability Profiles in FUZZBUSTER
2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops, 2012Co-Authors: David J. Musliner, Jeffrey M. Rye, Tom MarbleAbstract:Vulnerabilities in today's computer systems are relentlessly Exploited by cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER uses custom and off-the-shelf fuzz-testing tools to find vulnerabilities, create vulnerability profiles identifying the inputs that drive target programs to the corresponding faults, and synthesize adaptations that prevent future Exploits. We have adapted the CREST co colic testing tool so that FUZZBUSTER can refine a vulnerability profile by extracting the symbolic constraints stemming from concrete execution of a target program. This novel use of concolic testing enables FUZZBUSTER to automatically generalize a single fault-inducing input example into a symbolic description of the vulnerability, and thus create more effective adaptations.
-
SASO Workshops - FUZZBUSTER: Towards Adaptive Immunity from Cyber Threats
2011 Fifth IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops, 2011Co-Authors: David J. Musliner, Jeffrey M. Rye, Dan Thomsen, David Mcdonald, Mark Burstein, Paul B. RobertsonAbstract:Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vulnerabilities. FUZZBUSTER uses a suite of fuzz testing and vulnerability assessment tools to find or verify the existence of vulnerabilities. Then FUZZBUSTER conducts additional tests to characterize the extent of the vulnerability, identifying ways it can be triggered. After characterizing a vulnerability, FUZZBUSTER synthesizes and applies an adaptation to prevent future Exploits.
Tom Marble - One of the best experts on this subject based on the ideXlab platform.
-
SASO - Meta-control for Adaptive Cybersecurity in FUZZBUSTER
2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, 2013Co-Authors: David J. Musliner, Jeffrey M. Rye, Scott E. Friedman, Tom MarbleAbstract:Modern cyber attackers use sophisticated, highly-automated vulnerability search and Exploit Development tools to find new ways to break into target computers. To protect against such threats, we are developing FUZZBUSTER, a host-based adaptive security system that automatically discovers faults in hosted applications and incrementally refines and repairs the underlying vulnerabilities. To perform this self-adaptation, FUZZBUSTER uses meta-control to coordinate a diverse and growing set of custom and off-the-shelf fuzz-testing tools. FUZZ Buster's greedy meta-control strategy considers adaptation deadlines, the Exploit potential of vulnerabilities, the usage schedule of vulnerable applications, and the expected performance of its various fuzz-testing and adaptation tools. In this paper, we demonstrate how FUZZ Buster's meta-control reasons efficiently about these factors, managing task selection to maximize the system's safety and effectiveness.
-
SASO - Automatic Self-Adaptation to Mitigate Software Vulnerabilities: A Fuzzbuster Progress Report (Extended Abstract for Poster)
2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems, 2012Co-Authors: David J. Musliner, Jeffrey M. Rye, Timothy Woods, Tom Marble, Kevin RaisonAbstract:Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. Under DARPA's Clean-slate design of Resilient, Adaptive, Survivable Hosts (CRASH) program, we are developing FUZZBUSTER to provide self-adaptive immunity from these and other cyber threats. This poster describes the most up-to-date results from the millions of fuzz-testing operations FUZZBUSTER has conducted, as well as its results in self-adapting to mitigate the vulnerabilities it finds.
-
SASO Workshops - Using Concolic Testing to Refine Vulnerability Profiles in FUZZBUSTER
2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops, 2012Co-Authors: David J. Musliner, Jeffrey M. Rye, Tom MarbleAbstract:Vulnerabilities in today's computer systems are relentlessly Exploited by cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER uses custom and off-the-shelf fuzz-testing tools to find vulnerabilities, create vulnerability profiles identifying the inputs that drive target programs to the corresponding faults, and synthesize adaptations that prevent future Exploits. We have adapted the CREST co colic testing tool so that FUZZBUSTER can refine a vulnerability profile by extracting the symbolic constraints stemming from concrete execution of a target program. This novel use of concolic testing enables FUZZBUSTER to automatically generalize a single fault-inducing input example into a symbolic description of the vulnerability, and thus create more effective adaptations.
Jeffrey M. Rye - One of the best experts on this subject based on the ideXlab platform.
-
SASO - Meta-control for Adaptive Cybersecurity in FUZZBUSTER
2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems, 2013Co-Authors: David J. Musliner, Jeffrey M. Rye, Scott E. Friedman, Tom MarbleAbstract:Modern cyber attackers use sophisticated, highly-automated vulnerability search and Exploit Development tools to find new ways to break into target computers. To protect against such threats, we are developing FUZZBUSTER, a host-based adaptive security system that automatically discovers faults in hosted applications and incrementally refines and repairs the underlying vulnerabilities. To perform this self-adaptation, FUZZBUSTER uses meta-control to coordinate a diverse and growing set of custom and off-the-shelf fuzz-testing tools. FUZZ Buster's greedy meta-control strategy considers adaptation deadlines, the Exploit potential of vulnerabilities, the usage schedule of vulnerable applications, and the expected performance of its various fuzz-testing and adaptation tools. In this paper, we demonstrate how FUZZ Buster's meta-control reasons efficiently about these factors, managing task selection to maximize the system's safety and effectiveness.
-
SASO - Automatic Self-Adaptation to Mitigate Software Vulnerabilities: A Fuzzbuster Progress Report (Extended Abstract for Poster)
2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems, 2012Co-Authors: David J. Musliner, Jeffrey M. Rye, Timothy Woods, Tom Marble, Kevin RaisonAbstract:Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. Under DARPA's Clean-slate design of Resilient, Adaptive, Survivable Hosts (CRASH) program, we are developing FUZZBUSTER to provide self-adaptive immunity from these and other cyber threats. This poster describes the most up-to-date results from the millions of fuzz-testing operations FUZZBUSTER has conducted, as well as its results in self-adapting to mitigate the vulnerabilities it finds.
-
SASO Workshops - Using Concolic Testing to Refine Vulnerability Profiles in FUZZBUSTER
2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops, 2012Co-Authors: David J. Musliner, Jeffrey M. Rye, Tom MarbleAbstract:Vulnerabilities in today's computer systems are relentlessly Exploited by cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER uses custom and off-the-shelf fuzz-testing tools to find vulnerabilities, create vulnerability profiles identifying the inputs that drive target programs to the corresponding faults, and synthesize adaptations that prevent future Exploits. We have adapted the CREST co colic testing tool so that FUZZBUSTER can refine a vulnerability profile by extracting the symbolic constraints stemming from concrete execution of a target program. This novel use of concolic testing enables FUZZBUSTER to automatically generalize a single fault-inducing input example into a symbolic description of the vulnerability, and thus create more effective adaptations.
-
SASO Workshops - FUZZBUSTER: Towards Adaptive Immunity from Cyber Threats
2011 Fifth IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops, 2011Co-Authors: David J. Musliner, Jeffrey M. Rye, Dan Thomsen, David Mcdonald, Mark Burstein, Paul B. RobertsonAbstract:Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and Exploit Development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vulnerabilities. FUZZBUSTER uses a suite of fuzz testing and vulnerability assessment tools to find or verify the existence of vulnerabilities. Then FUZZBUSTER conducts additional tests to characterize the extent of the vulnerability, identifying ways it can be triggered. After characterizing a vulnerability, FUZZBUSTER synthesizes and applies an adaptation to prevent future Exploits.
Massimiliano Oldani - One of the best experts on this subject based on the ideXlab platform.
-
Facing the Challenges of Remote Kernel Exploitation
A Guide to Kernel Exploitation, 2011Co-Authors: Enrico Perla, Massimiliano OldaniAbstract:This chapter focuses on remote kernel Exploitation, introducing the main ideas behind writing remote kernel Exploits. Remote vulnerabilities are traditional ones that are reachable through the network without having access to the target machine. The remote scenario can definitely be viewed as a sort of hardened environment, which hides from us a lot of information about the remote running kernel and takes away from one much of the ability to directly influence it through user-land processes. For these reasons, the remote scenario highly impacts the Exploit Development. The chapter presents a few techniques, ranging from the classic 32-bit (read-implies-execute) approach of leveraging the register contents and finding relative trampoline sequences as our return address, to exploring the options that an arbitrary write opens for one. In particular, it outlines two classic situations: the mapping at a fixed address of the kernel core module, and 1:1 direct physical page mappings, which give safe entry points for both arbitrary read/writes and payload Development. The chapter concludes with a discussion of remote kernel payloads.
-
Stairway to Successful Kernel Exploitation
A Guide to Kernel Exploitation, 2011Co-Authors: Enrico Perla, Massimiliano OldaniAbstract:Publisher Summary This chapter discusses the major building blocks of a kernel Exploit. It begins by focusing on the architecture level: the physical layer on top of which operating systems (and Exploits targeting them) run. Following the theoretical-then-practical approach, the chapter discusses the common ideas behind architecture design and how the x86 and x86-64 architectures implement them. Understanding the architecture helps one at various stages during Exploit Development. The first obvious application is during Development of a shellcode: a sequence of instructions to which one tries to divert execution. Moreover, architectural constraints and features influence the way the kernel behaves, and thus determine what one can possibly do inside the attacking code. The architecture can also be an ally at various levels, providing both good entry points for your shellcode and vital information to improve the reliability of the Exploit. The chapter then focuses on the execution phase of an Exploit, the operations that one tries to perform once one has successfully managed to hijack the execution path. There are two key points here: raise the privileges and restore the kernel to a stable state. To successfully start the execution phase, one needs to generate the vulnerability, hijack the execution flow, and redirect it to your payload. This is the job of the triggering phase. The success (and reliability) of the triggering phase is highly influenced by how much information one has been able to gather about the target.
