2019-008-windows retpoline patches, PSremoting, underthewire, thunderclap vuln
Published March 4, 2019
|
56 min
    Download
    Add to queue
    Copy URL
    Show notes

    BrakeingDownIR show #10

    GrumpySec appearance?

    https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887

    https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Mitigating-Spectre-variant-2-with-Retpoline-on-Windows/ba-p/295618

    https://blogs.technet.microsoft.com/srd/2018/03/15/mitigating-speculative-execution-side-channel-hardware-vulnerabilities/

    “Microsoft has added support for the /Qspectre flag to Visual C++ which currently enables some narrow compile-time static analysis to identify at-risk code sequences related to CVE-2017-5753 and insert speculation barrier instructions. This flag has been used to rebuild at-risk code in Windows and was released with our January 2018 security updates. It is important to note, however, that the Visual C++ compiler cannot guarantee complete coverage for CVE-2017-5753 which means instances of this vulnerability may still exist.’

    Retpoline = “Return Trampoline”

        “That’s because when using return operations, any associated speculative execution will 'bounce' endlessly.”

        https://www.tomshardware.com/news/retpoline-patch-spectre-windows-10,37958.html

    Cool site (Andrei) *long time podcast supporter*

    UndertheWire.tech - powershell wargame

    ---

    PSRemoting -https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-6

    https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/

    https://blogs.technet.microsoft.com/askperf/2012/02/17/useful-wmic-queries/

    Caveats:
    Network connection you’re on must be set to “private”, not public

    WinRM service has to be enabled on both the local and remote hosts (at least, I think so --brbr)

     

    https://www.engadget.com/2019/02/27/dow-jones-watchlist-leaked/

    http://time.com/5349896/23andme-glaxo-smith-kline/

    http://thunderclap.io/

    https://int3.cc/products/facedancer21 -  USB

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #Brakesec Store!:https://www.teepublic.com/user/bdspodcast

    #Spotifyhttps://brakesec.com/spotifyBDS

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00