CVE-2020-0601 (also known as "Chain of Fools" or "Curveball") is a Windows CryptoAPI Spoofing vulnerability found in the validation mechanism for Elliptic Curve Cryptography certificates. Exploitation of this could allow an attacker to sign a malicious executable using a spoofed code-signing certificate, leading to a man-in-the-middle (MITM) attack and decryption of sensitive information.

In order to assist customers and researchers, InQuest has released an additional layer of protection in the form of a YARA signature. This detection capability can help organizations strengthen their overall security posture, especially in situations where comprehensive patching may take some time.

YARA Signature

Latest InQuest™ Blog Posts

Hiding In Plain Sight

Posted on 2020-02-24 Samuel Kimmons

Samuel Kimmons is a Lead Cyber Threat Emulator/Red Teamer and Penetration Tester at the United States-Air Force Computer Emergency Response Team (US-AFCERT). In his guest blog, he discusses LoLBins or Living Off the Land Binaries to get PowerShell without PowerShell.

Reverse Engineering on Windows: A Focus on Malware

Posted on 2020-02-25 by Josiah Smith

Our CTO, Pedram Amini, and colleague Ero Carrera have open-sourced all the materials from a two-day reverse engineering class they taught over the years at BlackHat, the last instance being at Blackhat 2009 Federal. Written in LaTeX + Beamer. The courseware includes malware samples and all requisite references, scripts, tools, exercises, and solutions.

InQuest™ Labs Research Spotlight

mitaka

Mitaka is a browser extension for OSINT research that can extract & refang IoCs from a selected block of text and then search for the indicator on various engines.

ollypwn's CurveBall

PoC for CVE-2020-0601, or commonly referred to as CurveBall, is a vulnerability in which the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified.

RAASNet

Ransomware as a Service. This educational tool was made to demonstrate ransomware and how easy it is to make. It works on Windows, Linux and MacOS.

Global Security Events

PLA Personnel Charged with Computer Fraud, Economic Espionage and Wire Fraud for Hacking Equifax

Indictment Alleges Four Members of China’s People’s Liberation Army Engaged in a Three-Month Long Campaign to Steal Sensitive Personal Information of Nearly 150 Million Americans.

FBI Warns of DDoS Attack on State Voter Registration Site

The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification. The website received anomalous DNS server requests consistent with a Pseudo Random Subdomain attack. Read more

India's Data Protection Bill Threatens Global Cybersecurity

The proposed ban on re-identification discourages researchers from investigating security weaknesses—and encourages criminals to exploit them. India intends to ban re-identification without consent and subject it to financial penalties or jail time.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.