Josh Pitts

Deploying JAMF Server Software: Just Check the Box

Overview We came across a default setting in JAMF Software Server (JSS), which we believe can put companies leveraging the solution at risk. Organizations should make sure they have enabled a very simple configuration setting, e.g. checking a box. We alerted JAMF Software and it has been responsive with its next steps to address the issue. What is JAMF Software? JAMF Software encompasses a number of solutions for fleet management of Apple products, including their own Apple MDM. Specifically...

Josh Pitts

The EMET Serendipity: EMET's (In)Effectiveness Against Non-Exploitation Uses

TL;DR This post discusses a method of bypassing Microsoft’s Enhanced Mitigation Toolkit (EMET) protections post Address Space Layout Randomization/Data Execution Prevention (ASLR/DEP) protections. The closer your position independent execution shellcode is to working like compiled code, the harder it will be to stop with bolt-on user-land protections. DEP/ASLR/SEH are still solid protections: all the additional protections are to stop people that can't write their own payloads. The production...

Josh Pitts and Travis Morrow

DIY Genetic Malware: EBOWLA

Back in 1998, the year that Mongolia went from a 46 hour to a 40 hour work week, another ground breaking event happened— the publishing of Environmental Key Generation towards Clueless Agents by Riordan and Schneier. This paper discussed using environmental factors on a host as a means to encrypt and protect data and code from inspection. The idea discussed is simple: use unique identifiable information from the host as the key to encrypt the data/code you want to protect. If encrypted blobs...

Page 6 of 6