SafeBreach Labs has updated the Hacker's Playbook™ with simulations for both Meltdown and Spectre (US-Cert Alert TA18-004A) vulnerabilities across Windows and Linux Systems. If you've already patched, you can validate your security by signing up for a free trial.
These vulnerabilities provide a potential route for attackers to compromise critical kernel and/or application data from within protected memory. The vulnerabilities are extremely widespread, being related to CPU architecture, and as such pose a significant risk to both end-user devices as well as server hosts.
SafeBreach recommends all industries and businesses immediately install patches from operating system vendors, as well as any available firmware updates from device manufacturers. In order to validate the efficacy of these patches, SafeBreach has developed platform-specific simulations to identify whether or not the patches were deployed effectively. As always, SafeBreach Labs will continue to monitor the situation, and develop new simulations as necessary.
To assess patch effectiveness against these vulnerabilities, the SafeBreach Breach and Attack Simulation Platform specifically tests the following endpoint security controls:
Playbook #1464 - Meltdown: Read kernel data
- Endpoint Controls - Are patches/updates in place to prevent an attacker from reading kernel data/symbols from vulnerable machines?
Playbook #1465 - Spectre: Read Linux process memory
- Endpoint Controls - Are patches/updates in place to prevent an attacker from reading in-memory process data from vulnerable Linux machines?
Playbook #1466 - Spectre: Read Windows process memory
- Endpoint Controls - Are patches/updates in place to prevent an attacker from reading in-memory process data from vulnerable Windows machines?
Additional breach methods added recently include:
- UC-CERT Alert TA17-318A/B
- Petya.A (Bad Rabbit) Ransomware
- US-CERT Alert TA17-293A
The Safebreach Hacker's Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.