Tactics, Techniques, and Procedures of the Yahoo Hack

alexeiz · on March 21, 2017

Hack 1:

> Ran mysqldump against the production database, creating 1.txt

Hack 2:

> Ran mysqldump against the production database, creating 1.txt

Anybody else sees a pattern here? We need to forbid creating files named "1.txt"!

curiousgal · on March 21, 2017

You gotta give it to him! The guy is dedicated to say the least.

zalebz · on March 21, 2017

if you are running public facing servers off a vm in your kitchen and also use the host os to access a corporate VPN you're going to have a bad time

yuhong · on March 21, 2017

I wonder how many VM escape bugs are in Parallels.

nickpsecurity · on March 21, 2017

That exact problem was why security kernels and later separation kernels were invented. The theory was you could bulletproof 4-12Kloc of mostly static code more easily than monolithic, dynamic hypervisors. They have less nifty features, though. Really bare bones.

ec109685 · on March 22, 2017

It seemed like he didn't escape but instead cracked the password using ssh.

wopwopwop · on March 22, 2017

Could someone more knowledgeable here explain this to me? How do you "crack the password using ssh" from a guest VM to the host? That seems to imply that the guest VM and the host were somehow on the same network and the host had a SSH service. Is this the case? And if so is that normal (or the default?) config, that you can network from the guest VM to the host?

Thanks

yuhong · on March 22, 2017

Yes, I think so. No I don't think it is the default.

1ba9115454 · on March 21, 2017

Alexsey Belan(M4g) seems pretty good at exploiting systems but not so good at staying anonymous.

jessaustin · on March 21, 2017

Wow, M4G seems kind of awesome. In a totally bad and not acceptable way, of course.