Yoriy Bolygin: Remote and Local Exploitation of Network Drivers
MP4•Trang chủ episode
Manage episode 152211970 series 1053194
Nội dung được cung cấp bởi Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel.
This work describes the process behind hunting remote and local vulnerabilities in wireless LAN drivers as well as in other types of network drivers. The first part of the work describes simple and much more advanced examples of remote execution vulnerabilities in wireless device drivers that should be considered during quest for vulnerabilities. We demonstrate an example design of kernel-mode payload on Windows and construct a simple wireless frames fuzzer. The second part of the work explains local privilege escalation vulnerabilities in I/O Control device driver interface on Windows, introduces a technique to uncover them and IOCTLBO fuzzer implementing this technique. Third part of the work describes specific examples of local vulnerabilities in network drivers that can be exploited remotely and introduces an exploitation technique. In the last part of the work we present case studies of remote and local vulnerabilities mitigated in Intel Centrino wireless LAN drivers. The work concludes discussing vulnerabilities in other types of network drivers.
…
continue reading
This work describes the process behind hunting remote and local vulnerabilities in wireless LAN drivers as well as in other types of network drivers. The first part of the work describes simple and much more advanced examples of remote execution vulnerabilities in wireless device drivers that should be considered during quest for vulnerabilities. We demonstrate an example design of kernel-mode payload on Windows and construct a simple wireless frames fuzzer. The second part of the work explains local privilege escalation vulnerabilities in I/O Control device driver interface on Windows, introduces a technique to uncover them and IOCTLBO fuzzer implementing this technique. Third part of the work describes specific examples of local vulnerabilities in network drivers that can be exploited remotely and introduces an exploitation technique. In the last part of the work we present case studies of remote and local vulnerabilities mitigated in Intel Centrino wireless LAN drivers. The work concludes discussing vulnerabilities in other types of network drivers.
89 tập