Conversation
buherator
buherator
This presentation by @GabrielLandau introduces a new vulnerability class where you can play double fetch with file operations:
https://github.com/gabriellandau/ItsNotASecurityBoundary/blob/main/Slides/REcon%20Montreal%202024%20Smoke%20and%20Mirrors%20-%20Driver%20Signatures%20Are%20Optional.pdf
My educated guess is that this is a massive problem for AV's, as they operate across privilege boundaries (user->SYSTEM, but I can even think of remote scenarios) and implement tons of file parsers, often from third parties. I hope I can look into specifics soon...
#reconmtl #recon2024 #recon24
https://github.com/gabriellandau/ItsNotASecurityBoundary/blob/main/Slides/REcon%20Montreal%202024%20Smoke%20and%20Mirrors%20-%20Driver%20Signatures%20Are%20Optional.pdf
My educated guess is that this is a massive problem for AV's, as they operate across privilege boundaries (user->SYSTEM, but I can even think of remote scenarios) and implement tons of file parsers, often from third parties. I hope I can look into specifics soon...
#reconmtl #recon2024 #recon24
0
6
3