PWN Windows: From Low to System Privilege via RASMAN Service

Presented at CanSecWest 2022, May 20, 2022, 2:15 p.m. (60 minutes).

Windows is an operating system with a long history, which also means that it has a lot of codes that have been used for many years. These codes may not be fully considered for their security when they are written. I found an attack surface called rasman (remote access connection manager) that has been hidden for a long time, at least since the windows nt4 version has existed. In this talk, I will introduce the architecture of this module in detail, and introduce how I can find 10+ vulnerabilities in this module in a short period of time. Finally, I will introduce two vulnerabilities which bypasses all current mitigations, and won the windows EOP project in Tianfu cup 2021

Presenters:

  • Ziming Zhang - Ant Security Light-Year Lab
    Security researcher of Ant Security Light-Year Lab Working on virtualization security and kernel security 2021 Tianfu Cup Windows project winner 2021 Q2 Microsoft Most Valuable Security Researchers 2020 Tianfu Cup paralles desktop project winner Before, I researched vulnerabilities related to virtualization software and obtained 30+cves such as qemu, virtualbox, pd, etc. In the past year, I got 10+ cve numbers from Microsoft, many of which are exploitable.

Links:

Similar Presentations: