DEF CON 25 - William Knowles - Persisting with Microsoft Office - Abusing Extensibility Options
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=bpKZ_kMpdBU
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=6tsJ0J4OfEA
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=zRbgc53ZIpk
People are always talking about binary vulnerabilities when attacking desktop applications. Memory corruptions are always costly to find. Meanwhile, mitigations introduced by operating systems make them harder to be exploited. More and more applications are using hybrid technologies, so we can try web security tricks to pwn them reliably with less effort.
Our presentation will summarize attack surfaces and methods to find security issues in desktop applications. In particular, we will explicate some real-world cases, such as chaining multiple vulnerabilities (information leaking, CSP bypass, opened debugging port) to achieve RCE in a specialized IDE, sensitive file leaking in famous editors, privileged APIs abusing in many IM applications and so on. During our research, we find some issues actually reside in popular libraries. These flaws may affect more applications than we will demonstrate in this talk.
Web security knowledge is usually unfamiliar to desktop application developers. Attacking desktop apps using web security tricks is a non-competitive "blue ocean". Our presentation will focus on many design misconceptions and implementation mistakes in desktop applications. By sharing these representative lessons, we hope to help desktop application developers improve the security of their products.
...
https://www.youtube.com/watch?v=Jh36Qku1NvA
Krotofil & Wetzels
Through the Eyes of the Attacker Designing Embedded Systems Exploits for Industrial Control Systems
...
https://www.youtube.com/watch?v=lkO33NoYyV4
DEF CON 27 draws to a close. Prizes awarded, Black Badge winners announced, thanks given, future plans revealed.
...
https://www.youtube.com/watch?v=Mh1vEsGVldg
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=DBjN6EVizc8
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=ySPwIBoM4v4
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=PqhOMoa7p4s
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=mYP-03sTOUk