Deviant's Lock Advice - Part 05 - Privilege Escalation
30.7 هزار بار بازدید -
4 سال پیش
-
This is a long-ish video,
This is a long-ish video, I know. But it covers an important vulnerability and shows how it can be exploited.
If someone is issued a working key (even a key with very low permissions) as part of a master-keyed system, then that individual can typically pivot from there and use the bitting info from their issued key to attempt a privilege escalation attack and discover the key bitting measurements for the master key in that system.
If suitable key blanks are accessible, there is almost nothing that can be done to stop this kind of attack. This is why we recommend higher-security lock solutions to many of our clients... ones where blanks are harder to obtain or key cutting is harder to perform. There's often still some attack vector, even on more advanced systems, but it sure makes it harder.
This video shows a master key privilege escalation attack (the same kind written up by Matt Blaze nearly two decades ago!) in action. It's a LOT faster than many folk might think!
- -- ----- ----------
this is my personal web site. most things i create wind up online...
https://deviating.net
this is my company. we're good at stuff...
https://enterthecore.net
this is where i train. come and learn badass skills...
https://redteamalliance.com
- -- ----- ----------
Andy Tait, the creator of the PCB version of my Devious Decoder Card, is here on YouTube...
therasteri
Matt Blaze's write-up concerning the vulnerabilities inherent in master-keyed systems is here...
https://www.mattblaze.org/masterkey.html
- -- ----- ----------
NOTE: The winners of some CH751 keys have been chosen. By random selection the winners are Ege Feyzioğlu, Adam Kentrop, Fyrchkn, and Bruno Johnson. That's right, we gave away MULTIPLE keys! ^_^ I will reply to them below and we'll hopefully connect soon. Nice work, everybody!
If someone is issued a working key (even a key with very low permissions) as part of a master-keyed system, then that individual can typically pivot from there and use the bitting info from their issued key to attempt a privilege escalation attack and discover the key bitting measurements for the master key in that system.
If suitable key blanks are accessible, there is almost nothing that can be done to stop this kind of attack. This is why we recommend higher-security lock solutions to many of our clients... ones where blanks are harder to obtain or key cutting is harder to perform. There's often still some attack vector, even on more advanced systems, but it sure makes it harder.
This video shows a master key privilege escalation attack (the same kind written up by Matt Blaze nearly two decades ago!) in action. It's a LOT faster than many folk might think!
- -- ----- ----------
this is my personal web site. most things i create wind up online...
https://deviating.net
this is my company. we're good at stuff...
https://enterthecore.net
this is where i train. come and learn badass skills...
https://redteamalliance.com
- -- ----- ----------
Andy Tait, the creator of the PCB version of my Devious Decoder Card, is here on YouTube...
therasteri
Matt Blaze's write-up concerning the vulnerabilities inherent in master-keyed systems is here...
https://www.mattblaze.org/masterkey.html
- -- ----- ----------
NOTE: The winners of some CH751 keys have been chosen. By random selection the winners are Ege Feyzioğlu, Adam Kentrop, Fyrchkn, and Bruno Johnson. That's right, we gave away MULTIPLE keys! ^_^ I will reply to them below and we'll hopefully connect soon. Nice work, everybody!
4 سال پیش
در تاریخ 1399/01/22 منتشر شده
است.
30,752
بـار بازدید شده