30 CVEs in 30 Days

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration).

In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. We will present a complementary approach to fuzzing. By using this method, which is quite easy, we managed to get over 30 CVEs across multiple major vendors in only one month. Some things never die. In this session, we'll show that a huge amount of software is still vulnerable to DLL Hijacking and Symlinks abuse and may allow attackers to escalate their privileges or to DoS a machine. We will show how we generalized these two techniques within an automated testing system called Ichanea, with the aim of finding new vulnerabilities. Our mindset was - choose software that is prone to be vulnerable: Installers, update programs, and services. These types of software are often privileged. Therefore, they are good candidates for exploitation using symlink or DLL Hijacking attacks. We're only scratching the surface and we are positive that there are additional attack vectors that could be widely implemented to achieve similar results.

Presenters:

  • Eran Shimony - CyberArk
    Eran Shimony is a security researcher at CyberArk. Eran has an extensive background in security research, that includes years of experience in malware analysis and vulnerability research on multiple platforms. With a growing interest in logical vulnerabilities he has made lots of disclosures across multiple vendors.

Links:

Similar Presentations: