Yoriy Bolygin: Remote and Local Exploitation of Network Drivers


Manage episode 152211970 series 1053194
Player FM과 저희 커뮤니티의 Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. 콘텐츠는 모두 원 저작자에게 속하며 Player FM이 아닌 작가가 저작권을 갖습니다. 오디오는 해당 서버에서 직접 스트리밍 됩니다. 구독 버튼을 눌러 Player FM에서 업데이트 현황을 확인하세요. 혹은 다른 팟캐스트 앱에서 URL을 불러오세요.
During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel.
This work describes the process behind hunting remote and local vulnerabilities in wireless LAN drivers as well as in other types of network drivers. The first part of the work describes simple and much more advanced examples of remote execution vulnerabilities in wireless device drivers that should be considered during quest for vulnerabilities. We demonstrate an example design of kernel-mode payload on Windows and construct a simple wireless frames fuzzer. The second part of the work explains local privilege escalation vulnerabilities in I/O Control device driver interface on Windows, introduces a technique to uncover them and IOCTLBO fuzzer implementing this technique. Third part of the work describes specific examples of local vulnerabilities in network drivers that can be exploited remotely and introduces an exploitation technique. In the last part of the work we present case studies of remote and local vulnerabilities mitigated in Intel Centrino wireless LAN drivers. The work concludes discussing vulnerabilities in other types of network drivers.

89 에피소드