HackDig : Dig high-quality web security articles for hackers

Infiltrate and Syscan 360

2016-04-16 01:40

Hi everyone,

I spent the last weeks traveling to Singapore and Miami to present my Xenpwn research about double fetch vulnerabilities in paravirtualized devices at Infiltrate and Syscan360. You can find my slides here. Both conferences had great organization, very technical talks and a cool audience. In the following I want to give a short recap of some of the talks I liked the most:

Sean Heelan – Automatic Root-Cause Identification for Crashing Executions (Infiltrate)

Sean Heelan talked about his work on automated root cause analysis. The goal of this research is to give a human researcher a detailed analysis of the potential root causes (in the form of violated predicates) that triggered a crash during a fuzzing run. Sean summarizes the core idea of his research much better than I would be able to in his blog post, which also contains a link to his slides. I’m always a big fan of his talks because he is one of the few peoples working in the intersection between the academic program verification community and the IT security industry.

Sebastian Appelt – Pwning Adobe Reader (Syscan360 + Infiltrate)

Sebastian presented his research on the internals ofAdobe’s XML Forms Architecture (XFA), which is used by Adobe Reader for handling interactive forms.  Thanks to its incredibly complicated spec (around 1550 pages) and the integrated javascript engine, XFA offers a perfect attack surface for exploiting Adobe Reader. Sebastian discusses how he reversed the layout of XFA objects in memory, as well as the internals of Adobe’s custom heap allocator known as jfCacheManager. In comparison to modern OS allocators, jfCacheManager does not include any serious security features which allows the exploitation of even very limited memory corruptions: Sebastian discussed a powerful exploitation primitive based on (partial) corruption of an flink pointer and demonstrated this approach on two example vulnerabilities.

The talk was a great mix of reverse engineering and exploitation techniques and you should definitely check out the slides (maybe the PPTX ones


Source: /063-nacsys-dna-etartlifni/40/6102/ten.rotaunisni.www

Read:3751 | Comments:0 | Tags:Conferences

“Infiltrate and Syscan 360”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud