BloomTech’s Downfall: A Long Time Coming

From Logic to Memory - Winning the Solitaire in Reparse Points

From Logic to Memory - Winning the Solitaire in Reparse Points

Black Hat via YouTube Direct link

black hat EUROPE 2021

1 of 29
Next

1 of 29

black hat EUROPE 2021

Class Central Classrooms beta

YouTube playlists curated by Class Central.

Classroom Contents

From Logic to Memory - Winning the Solitaire in Reparse Points

Automatically move to the next video in the Classroom when playback concludes
  1. 1 black hat EUROPE 2021
  2. 2 Reparse Points
  3. 3 File Redirection Attacks
  4. 4 File Redirection Mitigations #3
  5. 5 Make the exploitation harder
  6. 6 The unique vulnerability discovery strategy
  7. 7 Reset Solitaire
  8. 8 Root cause: vulnerable code
  9. 9 Challenges
  10. 10 Re-visit the vulnerability
  11. 11 File Operations Timeline
  12. 12 Race Window #0
  13. 13 Success rate expectation
  14. 14 Stability, stability, stability!
  15. 15 Reparse Data Structure
  16. 16 Reparse Point Tag
  17. 17 The memory corruption vulnerability model
  18. 18 Find the target - dynamic
  19. 19 Memory corruption vulnerability examples
  20. 20 Desktop bridge activation
  21. 21 Create the client
  22. 22 Read reparse point in Appinfo service
  23. 23 Set reparse point for OOB read
  24. 24 Out of bounds read crash
  25. 25 Race condition
  26. 26 MSRC response and timeline
  27. 27 The new attack surface impact
  28. 28 Future bug hunting insights
  29. 29 Summary

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.