A stitch in time saves nine: A Case of Multiple Operation System Vurnarability

Channel:

All Hacking Cons

Subscribers:

5,970

Published on December 30, 2021 8:35:48 PM ● Video Link: https://www.youtube.com/watch?v=J8CRpupHmx0

Duration: 58:34

1 views

Six years ago Linux kernel developers fixed a vulnerability that was caused by using the "sysret" privileged Intel CPU instruction in an unsafe manner. Apparently, nobody realized (or cared enough to let others know) the full impact and how widespread and reliably exploitable the problem is: in 2012, four other popular operating systems were found to be vulnerable to user-to-kernel privilege escalation resulting from the same root cause.

The presentation will explain the subtleties of the relevant Intel CPU instructions and the variety of ways they can be reliably exploited on unpatched systems. Exploits for a few affected operating systems will be demonstrated.

Attendees are expected to have basic understanding of Intel CPUs architecture.
Presented By:
Rafal Wojtczuk
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security

Other Videos By All Hacking Cons

2021-12-31	Are you my type? : Breaking NET Sandboxes through serialization
2021-12-31	Changing the Security Paradigm... Taking back your network and bringing pain to the adversary
2021-12-30	There's a party at ring0 Tavis Ormandy, Julien Tinnes
2021-12-30	Ushering in the post GRC world applied threat modeling Alex Hutton, Allison Miller
2021-12-30	USB Paul carugati
2021-12-30	The future of DNS Security Panel
2021-12-30	CuteCats exe and the Arab Spring
2021-12-30	Hacking the Corporare Mind: using social engineering tactics to improve organizational security
2021-12-30	Legal Aspects of Cyberspace Operations
2021-12-30	Meeting Yaniv Karta
2021-12-30	A stitch in time saves nine: A Case of Multiple Operation System Vurnarability
2021-12-30	Hacking with WebSockets
2021-12-30	Dex Education: Practicing safe Dex
2021-12-30	Dont stand so close to me: an analysis of the NFC attack surface
2021-12-30	Looking into the Eye of the Meter
2021-12-30	Errata Hits Puberty: 13 years of chagrin
2021-12-30	Hardware Backdooring is practical
2021-12-30	Package Clone Detection
2021-12-30	Evasion of Webapplication
2021-12-30	MAC EFI Rootkits
2021-12-30	Passive Bluetooth Monitoring

Tags:

data

hacker

security

computer

cyber

internet

technology

hacking

attack

digital

virus

information

hack

online

password

code

web

concept

protection

network

scam

fraud

secure

identity

criminal

phishing

software

access

safety

theft

system

firewall

communication

business

privacy

binary

account

spy

programmer

program

spyware

hacked

hacking conference

conference

learn

how to

2022

2021

cybersecurity

owned

break in

google

securing

exploit

exploitation

recon

social engineering

Rafal Wojtczuk

Channel	Latest
WONG IRY	6 hours ago
Amu Gaming	6 hours ago
Lancee Lott	6 hours ago
Wins Gaming	7 hours ago
MegaXD	7 hours ago
Daniel V	7 hours ago
Outnico007	7 hours ago
EduFam	7 hours ago
Erlangga Preset	7 hours ago
Adar	7 hours ago
MLBB EPIC PLAYS	7 hours ago
NeuroSpicyGaymer	7 hours ago
BB Ria Malupa	7 hours ago
Dian Salosa	7 hours ago
Z4PNU	7 hours ago
Phoveus Tiktok	7 hours ago
Bi Usagii	7 hours ago
Indio Ph	7 hours ago
Juan Talk PH🇵🇭	7 hours ago
Maizura Gaming	8 hours ago
happyheart	8 hours ago
Trap Ninja	8 hours ago
Sir Wyeth's Classroom	8 hours ago
Thotz Tv	8 hours ago
Aamwisprip	8 hours ago