Inglourious Drivers — The Revenge of the Peripheral Devices

Presented at ShmooCon 2023, Jan. 21, 2023, 5 p.m. (30 minutes)

Do you like gaming? What about gambling? Why not do both with your computer’s security?! Just install a driver of your favorite peripheral device, and see if it allows attackers to escalate privileges on your machine (chances are it will!).

In this talk, we’ll go through various vendors’ drivers, exploit vulnerabilities, and explore one weird behavior that many “gaming” drivers tend to share.

Besides, if one OS doesn’t suit you, don’t worry; we’ve got your back. Some of the vulnerabilities we found are shared between different operating systems.

In addition, we will talk about mitigations for most of the vulnerabilities we will introduce and how you can eliminate most of them easily.

Presenters:

• Omer Tsarfati
  Omer Tsarfati (@OmerTsarfati) is a Senior Security Researcher at CyberArk Labs. He focuses on discovering new research techniques and beating complex security challenges while implementing them into the cybersecurity area, either from the attacker’s or the defender’s point of view. Omer’s primary research areas are OS internals, network defense, cloud security, android applications, and web applications. Prior to CyberArk, Omer served in the Israeli Army in an elite unit.

Similar Presentations:

• DEF CON 27 (2019) / Get off the Kernel if you can't Drive
• Black Hat USA 2014 / Windows Kernel Graphics Driver Attack Surface
• ekoparty 14 (2018) / Don't Trust the NIC: Attacking Windows NDIS Drivers