Zooming in on Zero-click Exploits

Presented at REcon 2022, June 3, 2022, 10:30 a.m. (60 minutes)

Or: How to Reverse Engineer a Giant Pile of Code

Zoom is a video conferencing solution that has gained popularity throughout the pandemic. It is also one of the more interesting targets that I have reverse engineered in some time. This talk describes my security analysis of Zoom's client and server, with a focus on the reverse engineering challenges. It covers understanding large systems, analyzing software and protocols with Frida, fuzzing non-relocatable binaries and much more.


Presenters:

  • Natalie Silvanovich
    Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is messaging applications and video conferencing. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.

Links:

Similar Presentations: