Presented at Black Hat Europe 2018
Dec. 6, 2018, 4 p.m.
In the early 2000s attackers could very easily leverage naïve mechanisms of IP fragmentation and reassembly to intercept packets, modify them, or cause denial of service. The same fundamental flaw brought up other techniques such as stealth-scan.<br><br>These attacks relied on the trivial predictability of the IP identification field. The major operating systems fixed the problem by adding a randomization element. A simple and efficient solution.<br><br>For years this seemed to have done the trick until a seemingly innocent but unnecessary reorganization of the relevant code in the <span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Windows kernel left things even worse than they began: opening back not only these attacks, but also leaking kernel memory in a very funny way.</span><br><br><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Unlike any of the vulnerabilities I've ever had the privilege to discover/research, this vulnerability </span><p class="p1"><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;"><span class="s1">(CVE-2018-8493) </span><span style="background-color: initial;" data-mce-style="background-color: initial;">is a (simple) crypto bug, which shouldn't have been so damaging. The system's design, however, caused it to break down the entire mechanism.</span></span></p>
- Security Researcher, Ran Menscher Security Research
Ran Menscher is a security researcher and has always been fascinated by reverse engineering of big and small, from OS internals to embedded devices. Ran has been finding and exploiting vulnerabilities for the past decade. As VP of research at XM Cyber, Ran's team was responsible for finding cunning ways to automatically map realistic attack vectors on enterprise production networks by reverse engineering OS, products, equipment and vulnerabilities. Currently, Ran provides research and security services to tech companies and startups.