30 CVEs in 30 Days

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration)

In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. We will present a complementary approach to fuzzing. By using this method, which is quite easy, we managed to get over 30 CVEs across multiple major vendors in only one month. Some things never die. In this session, we'll show that a huge amount of software is still vulnerable to DLL Hijacking and Symlinks abuse and may allow attackers to escalate their privileges or to DoS a machine. We will show how we generalized these two techniques within an automated testing system called Ichanea, with the aim of finding new vulnerabilities. Our mindset was - choose software that is prone to be vulnerable: Installers, update programs, and services. These types of software are often privileged. Therefore, they are good candidates for exploitation using symlink or DLL Hijacking attacks. We're only scratching the surface and we are positive that there are additional attack vectors that could be widely implemented to achieve similar results.

Presenters:

• Eran Shimony - CyberArk
  Eran Shimony is a security researcher at CyberArk. Eran has an extensive background in security research, that includes years of experience in malware analysis and vulnerability research on multiple platforms. With a growing interest in logical vulnerabilities he has made lots of disclosures across multiple vendors.

Links:

• https://deepsec.net/archive/2019.deepsec.net/speaker.html#PSLOT417

Similar Presentations:

• DEF CON 29 (2021) / 2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us
• BruCON 0x0A (2018) / Finding security vulnerabilities with modern fuzzing techniques Workshop
• Black Hat Europe 2016 / Effective File Format Fuzzing – Thoughts, Techniques and Results