To the moon and back: How we found and exploited a series of critical vulns in an RPC server

Retour à la liste des conférenciers et sessions
Écoutez la diffusion

We're always seeing vulnerability reports in the news, but how much do you know about finding and reporting these bugs? In this talk, we're going to look at a series of critical security vulnerabilities in an RPC service developed for mainframes, ported to modern operating systems, and used by most large companies. We'll cover the full process:

  • How we prepare the application for analysis
  • How we reverse engineer implement the binary protocol
  • How the RPC service authenticates users, processes messages, and starts other services
  • How we can bypass user authentication
  • How we found / exploited a variety of vulnerabilities in the services (including making Metasploit modules)
  • How we reported all this to the vendor, and how we coordinated disclosure

Basically, this will be an end-to-end vulnerability research bonanza!

Ron Bowes Lead Security Researcher, Rapid7

During the day, Ron Bowes is a lead vulnerability researcher at Rapid7, where his job is to perform deep-dive analyses of publicly disclosed vulnerabilities, as well as to find (and report) his own. His previous role at Counter Hack Security was combo pentester / CTF developer.

In his free time, he runs (and writes challenges for) the BSides San Francisco CTF and is a lead organizer for The Long Con security conference in Winnipeg. When he's not doing infosec work, his biggest hobbies are rockclimbing and video games (current game: Slay the Spire!)