Investigating the Practicality and Cost of Abusing Memory Errors with DNS

Presented at DEF CON 23 (2015), Aug. 8, 2015, 4 p.m. (60 minutes)

In a world full of targeted attacks and complex exploits this talk explores an attack that can simplified so even the most non-technical person can understand, yet the potential impact is massive: Ever wonder what would happen if one of the millions of bits in memory flipped value from a 0 to a 1 or vice versa? This talk will explore abusing that specific memory error, called a bit flip, via DNS. The talk will cover the various hurdles involved in exploiting these errors, as well as the costs of such exploitation. It will take you through my path to 1.3 million mis-directed queries a day, purchasing hundreds of domain names, wildcard SSL certificates, getting banned from payment processors, getting banned from the entire Comcast network and much more.

Presenters:

• Luke Young - Information Security Engineer, Hydrant Labs LLC
  Luke Young (@innoying) - is a freshman undergraduate student pursuing a career in information security. As an independent researcher, he has investigated a variety of well-known products and network protocols for design and implementation flaws. His research at various companies has resulted in numerous CVE assignments and recognition in various security Hall of Fames. He currently works as an Information Security Intern at LinkedIn.

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#LYoung
• https://www.youtube.com/watch?v=4b5disac9g4

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / DNS Exfiltration and Out-of-Band Attacks
• Black Hat USA 2016 / Dark Side of the DNS Force