Presented at
BSidesLV 2023,
Aug. 8, 2023, 2:30 p.m.
(20 minutes).
In our latest research, we explored innovative approaches in uncovering security vulnerabilities within the RDP protocol. Rather than leveraging the conventional reverse engineering tools, we exclusively utilized Open-Source Intelligence (OSINT) techniques, leading us to discover significant security shortcomings, including instances of remote code execution, as well as bypasses of security mechanisms. Our presentation will introduce the RDP protocol and its various use cases, in addition to detailing the motivations behind our adoption of an unconventional research methodology. We will delve into how protocol specifications, open-source implementations, and other publicly accessible resources can be used to reveal hidden vulnerabilities. We will give a comprehensive overview of the vulnerabilities discovered and an in-depth analysis of the most significant ones.
Presenters:
-
Dor Dali
Dor is the Head of Security Research @ Cyolo. With over a decade of experience across a variety of subjects in the cybersecurity domain both at startups and big companies. Dor is very enthusiastic about everything related to fixing and fixing problems in security and holds deep understanding and knowledge in the fields of web applications, product, and infrastructure security.
Links:
Similar Presentations: