Server Tailgating - A Chosen-PlainText Attack on RDP

Presented at Black Hat Asia 2018, March 23, 2018, 10:15 a.m. (60 minutes).

Millions of networks are relying on Windows authentication protocols to secure their logins, and consequently, their network's integrity. In this talk, we will show a surprising chosen-plaintext attack exploiting a logical vulnerability in one of Windows' more common protocols. The vulnerability affects a wide array of applications including Microsoft Remote Desktop. The attack enables remote code execution and, while being mathematically and technically complex, is very easy to utilize and has nearly 100% of success.

The talk will include a live demonstration of the attack along with a rich description of the technical vulnerability details.


Presenters:

  • Eyal Karni - Security Researcher, Preempt
    Eyal Karni is a Security Researcher at Preempt, delivering the industry's first Behavioral Firewall to protect enterprises from security breaches and malicious insiders. Eyal spent over 9 years researching cyber security projects. He has worked in Preempt since its beginning . Previously, he served 5 years in an elite unit of the IDF in Cyber Security Research and Development. Eyal is an expert on Windows Authentication protocols, among his latest finding is CVE-2017-8563. Eyal holds a B.Sc in Mathematics and Physics.
  • Roman Blachman - CTO, Preempt
    Roman Blachman is Chief Technology Officer and Co-Founder of Preempt and is responsible for product strategy and research and development. Prior to Preempt, Roman was a leading Apple iOS mobile security strategist and researcher at Lacoon Mobile Security (acquired by Check Point Software Technologies). Roman also served over ten years in the elite Israeli Defence Forces in Research and Development where he led a cyber-security product development teams and a mobile cyber-security research team. He was also the Head of Israeli Intelligence Branch where he received an Excellence Award in 2006. Roman is an expert in enterprise grade security systems.
  • Yaron Zinar - Lead Security Researcher, Preempt
    Yaron Zinar is a Lead Security Researcher at Preempt, delivering the industry's first Behavioral Firewall to protect enterprises from security breaches and malicious insiders. Previously, Yaron spent over 12 years at leading companies such as Google and Microsoft where he held various positions researching and leading big data, machine learning and cyber security projects. Yaron is an expert on Windows Authentication protocols, among his latest finding is CVE-2017-8563. Yaron holds a B.Sc in Electrical Engineering and Computer Science.

Links:

Similar Presentations: