DEF CON Safe Mode - Zhipeng Huo, Chuanda Ding - Hack Windows Machines with Printer Protocol

preview_player
Показать описание
Printer Spooler service, one of the important services in Microsoft Windows, has existed for more than 25 years. It runs at highest privilege level, unsandboxed, does networking, and dynamically loads third-party binaries. What could possibly go wrong?

In this talk, we will walk you through an incredibly fun bug we have discovered in printer spooler service. It can be exploited both locally and remotely, escapes sandbox, executes arbitrary code, and also elevates to SYSTEM. While Microsoft managed to develop the most restrictive sandbox for Microsoft Edge, this bug easily goes through it like it's a sieve.

We will talk in detail the implementation of this ancient service, the method we used to discover and exploit the bug, and also throw in some tips and tricks for logic bugs in between.
  1. DEFCONConference
  2. DEF
  3. CON
  4. DEFCON
  5. DEF CON
  6. hacker conference
Рекомендации по теме
DEF CON Safe 0:00:49

DEF CON Safe Mode

DEF CON Safe 0:42:42

DEF CON Safe Mode - Christopher Wade - Beyond Root

DEF CON Safe 0:42:43

DEF CON Safe Mode - Elie Bursztein - A Hacker’s Guide to Reducing Side Channel Attack Surfaces

DEF CON Safe 0:32:34

DEF CON Safe Mode - Paul Marrapese - Abusing P2P to Hack 3 Million Cameras

DEF CON Safe 0:23:50

DEF CON Safe Mode Password Village - Getting Started with Hashcat

DEF CON Safe 0:57:26

DEF CON Safe Mode Red Team Village - Chris Kubecka - Pwn the World

DEF CON Safe 0:43:50

DEF CON Safe Mode - Sean Metcalf - Hacking the Hybrid Cloud

DEF CON Safe 0:26:59

DEF CON Safe Mode - Yamila Levalle - Bypassing Biometric Systems with 3D Printing

DEF CON Safe 0:42:18

DEF CON Safe Mode Red Team Village - Travis Palmer - Passwd Cracking Beyond 15 Chars, Under $500

DEF CON Safe 0:24:10

DEF CON Safe Mode - The Dark Tangent and Lostboy - Welcome to DEF CON Safe Mode and Badge Talk

DEF CON Safe 0:45:21

DEF CON Safe Mode Recon Village - Levi - Ambly the Darknet Spider

DEF CON Safe 0:27:49

DEF CON Safe Mode - Jiska Classen and Francesco Gringoli - Spectra—New Wireless Escalation Targets...

DEF CON Safe 0:28:51

DEF CON Safe Mode Demo Labs - Jakub Botwicz - Cotopaxi

DEF CON Safe 0:12:32

DEF CON Safe Mode Password Village - EvilMog - From printers to silver tickets or something

DEF CON Safe 0:23:54

DEF CON Safe Mode Password Village - PNI - Getting Started With Hashcat

DEF CON Safe 0:51:11

DEF CON Safe Mode Ham Radio Village - Pancake - So you have an SDR

DEF CON Safe 0:35:02

DEF CON Safe Mode - Zhipeng Huo, Chuanda Ding - Hack Windows Machines with Printer Protocol

DEF CON Safe 0:18:51

DEF CON Safe Mode - Slava Makkaveev - Pwn2Own Qualcomm Compute DSP for Fun and Profit

DEF CON Safe 0:45:48

DEF CON Safe Mode ICS Village - Ben Gardiner - PowerLine Truck Hacking 2TOOLS4PLC4TRUCKS

DEF CON Safe 0:36:26

DEF CON Safe Mode - Patrick Kiley - Reverse Engineering a Tesla Battery Mgmt. System for Moar Power

DEF CON Safe 0:45:03

DEF CON Safe Mode - ayoul3 - Only Takes a Spark Popping a Shell on 1000 Nodes

DEF CON Safe 0:44:10

DEF CON Safe Mode - Shlomi Oberman, Moshe Kol, Ariel Schön - Hacking the Supply Chain

DEF CON Safe 0:37:23

DEF CON Safe Mode Biohacking Village - Bryson Bort - MedICS

DEF CON Safe 0:59:37

DEF CON Safe Mode Red Team Village - Anthony Rose, Jake Krasnov - APTs ❤️PowerShell You Should Too...

Комментарии
Автор

Does someone has created a blog on this topic !

depansurohila