Écoutez la diffusion
We're always seeing vulnerability reports in the news, but how much do you know about finding and reporting these bugs? In this talk, we're going to look at a series of critical security vulnerabilities in an RPC service developed for mainframes, ported to modern operating systems, and used by most large companies. We'll cover the full process:
- How we prepare the application for analysis
- How we reverse engineer implement the binary protocol
- How the RPC service authenticates users, processes messages, and starts other services
- How we can bypass user authentication
- How we found / exploited a variety of vulnerabilities in the services (including making Metasploit modules)
- How we reported all this to the vendor, and how we coordinated disclosure
Basically, this will be an end-to-end vulnerability research bonanza!
Ron Bowes Principle Security Researcher, GreyNoise Intelligence
Ron Bowes is a Principle Security Researcher on the GreyNoise Labs team, which tracks and investigates unusual--typically malicious--internet traffic. His primary role is to understand and track the big vulnerabilities of the day/week/month/year; often, that means parsing vague vendor advisories, diff'ing patches, reconstructing attacks from log files, and--most complex of all--installing and configuring enterprise software. When he's not at work, he runs the BSides San Francisco Capture the Flag contest, is a founder of The Long Con conference in Winnipeg, takes improv classes, and continues his project to finish every game in his Steam library.