To the moon and back: How we found and exploited a series of critical vulns in an RPC server

Retour à la liste des conférenciers et sessions
Écoutez la diffusion

We're always seeing vulnerability reports in the news, but how much do you know about finding and reporting these bugs? In this talk, we're going to look at a series of critical security vulnerabilities in an RPC service developed for mainframes, ported to modern operating systems, and used by most large companies. We'll cover the full process:

  • How we prepare the application for analysis
  • How we reverse engineer implement the binary protocol
  • How the RPC service authenticates users, processes messages, and starts other services
  • How we can bypass user authentication
  • How we found / exploited a variety of vulnerabilities in the services (including making Metasploit modules)
  • How we reported all this to the vendor, and how we coordinated disclosure

Basically, this will be an end-to-end vulnerability research bonanza!

Ron Bowes Lead Security Researcher, GreyNoise Intelligenc

Ron Bowes is a Lead Security Researcher on the GreyNoise Labs team, which tracks and investigates unusual--typically malicious--internet traffic. His primary role is to understand and track the big vulnerabilities of the day/week/month/year; often, that means parsing vague vendor advisories, diff'ing patches, reconstructing attacks from log files, and--most complex of all--installing and configuring enterprise software. When he's not at work, he runs the BSides San Francisco Capture the Flag contest, is a founder of The Long Con conference in Winnipeg, maintains a personal blog, and continues his question to finish every game in his Steam library.