Presented at
BSidesSF 2016,
Feb. 29, 2016, 10 a.m.
(55 minutes)
A few months ago, we came across a critical vulnerability in a popular security product that could act as a vehicle for a threat actor to bypass the protections of the underlying Windows system. This was only the tip of the iceberg.A deeper research revealed this issue to be present in a multitude of common Anti-Virus (AV) products. This was not something to ignore. In fact, we can assume that apart from AV products, other security products such as Data Loss Prevention (DLP) and other intrusive non-security related products such as app-performance solutions, may potentially rely on this malpractice.Making matters worse, we found a second malpractice in intrusive products which simplifies the process for threat actors to run their exploits.During the following few months we notified popular vendors and collaborated with them on a solution. In a coordinated effort, various vendors have fixed their products and released the necessary patches. In this talk we reveal a detailed description of the vulnerability and its impact. Additionally, we release a tool that the audience can use to validate whether their systems are now secure from this vulnerability.
Presenters:
-
Udi Yavo
- CTO - enSilo
Udi Yavo has more than 15 years of experience in security with a proven track record in leading cutting edge cyber-security R&D projects. Prior to enSilo, Udi spearheaded the direction of the cyber-security unit at the National Electronic Warfare Research & Simulation Center of Rafael Advanced Defense System and served as its CTO. Additionally, he developed and led Rafael's cyber training programs. Udi's achievements at Rafael have been recognized, winning him excellence and innovation awards on complex security projects. Prior to Rafael, Udi served as a system architect at the IDF. He holds a BA in Computer Science from the Open University.
-
Tomer Bitton
Tomer Bitton has more than 12 years of experience in security research. Tomer focuses on original research such as malware reversing, hostile code and extreme packers. In his prior role, Tomer served as a low-level security researcher at the National Electronic Warfare Research & Simulation Center of Rafael Advanced Defense Systems. There, he won excellence and innovation awards for complex security projects. Before that, Tomer managed the security content team at Imperva. Previous roles included a security researcher at Radware and a senior malware researcher at RSA Security.
Links:
Similar Presentations: