what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Klayton Monroe

Email addressklm at uidzero.org
First Active2006-07-19
Last Active2021-09-02
CyberArk Credential Provider Local Cache Decryption
Posted Sep 2, 2021
Authored by Klayton Monroe | Site korelogic.com

CyberArk Credential Providers can be configured to retain passwords, password metadata, and other application properties in a local, encrypted cache file. Under certain conditions, the effective key space used to encrypt the cache is significantly reduced. For an attacker who understands the key derivation scheme and encryption mechanics, full access to the information used to derive the encryption key is sufficient to reduce effective key space to one. Even in cases where the information is not known, the encrypted cache files will likely be unable to withstand a brute force attack. However, the severity of this issue is partially mitigated by the privilege level required (root) for access. Versions prior to 12.1 are affected.

tags | advisory, local, root
advisories | CVE-2021-31798
SHA-256 | 6ba600d5651668bd7a2786e7c90c3b163cf2bc3b791d517d99bf09f429b3691f
CyberArk Credential Provider Race Condition / Authorization Bypass
Posted Sep 2, 2021
Authored by Klayton Monroe | Site korelogic.com

CyberArk's Credential Provider loopback communications on TCP port 18923 are encrypted with key material that has extremely low entropy. In all currently-known use cases, the effective key space is less than 2^16. For an attacker who understands the key derivation scheme and encryption mechanics, knowledge of the source port and access to the payloads of a given client-server exchange are sufficient to reduce effective key space to one. In cases where the source port is not known, the encrypted payloads will be unable to withstand a brute force attack. Additionally, the user identification mechanism used by CyberArk's Credential Provider is vulnerable to a race condition where an unauthorized/unprivileged user can submit one or more encrypted query requests. If the race is won, the attacker will be able to retrieve sensitive information including passwords and password metadata. Versions prior to 12.1 are affected.

tags | exploit, tcp
advisories | CVE-2021-31797
SHA-256 | 7dede6bcc7b3021a2a5c5df1eb3c7bc0663ae7d954677866d63352936b9f568a
CyberArk Credential File Insufficient Effective Key Space
Posted Sep 2, 2021
Authored by Klayton Monroe | Site korelogic.com

CyberArk Credential Providers and possibly other Vault components use credential files to store usernames and encrypted passwords. Under certain conditions, the effective key space used to encrypt the passwords is significantly reduced. For an attacker who understands the key derivation scheme and encryption mechanics, full access to the information used to derive the encryption key is sufficient to reduce effective key space to one. With partial access, the effective key space can vary depending on the information available, and a number of those variations are unlikely to withstand brute force attacks. Versions prior to 12.1 are affected.

tags | advisory
advisories | CVE-2021-31796
SHA-256 | 5892fd05072b614b7847d3f43b864bd8335e297210e52ccf34c86d2321cd721f
FTimes 3.10.0
Posted Apr 9, 2013
Authored by Klayton Monroe | Site ftimes.sourceforge.net

FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.

Changes: The code was cleaned up and refined as necessary. Several bugs have been fixed. This release includes updated support for file hooks and introduces KL-EL-based XMagic. Consequently, the minimum required version of libklel has been raised to 1.1.0, which has a library version of 2:0:1. File system support for SquashFS was added.
tags | tool, forensics
systems | linux
SHA-256 | 3bd4a66c685e365d0dc4f74edaf220808530d75e78fa0246c7727d5597e95af2
ftimes-3.8.0.tgz
Posted Apr 17, 2007
Authored by Klayton Monroe | Site ftimes.sourceforge.net

FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.

Changes: Various tweaks and enhancements.
tags | tool, forensics
SHA-256 | 8d25ea7a5778438fcee469f8824aa64b3a209769d358260e6c94a927e7064e58
ftimes-3.7.0.tgz
Posted Jul 19, 2006
Authored by Klayton Monroe | Site ftimes.sourceforge.net

FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.

Changes: Removed the alpha designator.
tags | tool, forensics
SHA-256 | 767b58636f3812dbf89a9f1849e9568540a9f30648023bef95d7bab301c9fa37
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close