Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=bizT2lsOqR0


Duration: 46:57
4 views
0

Nathan Hauke | Senior Research Engineer, Two Six Labs
David Renardy | Senior Research Scientist / Mathematician, Two Six Labs
Location: Jasmine
Date: Thursday, August 8 | 9:45am-10:35am
Format: 50-Minute Briefings
Tracks: Web AppSec, Exploit Development

How many bytes do you need to take down a web server? The answer might be fewer than you think. Algorithmic complexity (AC) vulnerabilities allow an attacker to submit a small amount of input to an algorithm and cause the target to perform a large amount of work. By leveraging AC vulnerabilities, an attacker can create a denial of service effect without the large resource requirements of a traditional DDoS attack. AC vulnerabilities present attractive DoS opportunities for attackers because they aren't bugs, and are therefore difficult to fix. Exploits may be valid input and hence may not produce observables such as unusual log messages or errors.

In this talk we will reveal three distinct zero-day AC vulnerabilities affecting PDF readers, common linux VNC servers, and a popular user authentication library. We'll show how to generate low-RAM, CPU DoS attacks against online OCR platforms, how to remotely exhaust the disk space on a VNC server without ever logging in, and how to launch a DoS attack against a web server from the user signup page. We will dive deep into the technical details of each exploit, examine the paths we followed that led to their discovery, and demonstrate each exploit against a range of vulnerable targets.

Through these examples, we will show how AC vulnerabilities can be born out of intended functionality, and how existing security testing procedures fail to defend against AC attacks. In addition to providing specific mitigations against the attacks we discovered, we will introduce general strategies for improving your security posture against AC attacks.

In coordination with our talk we will release PoC code for auditing your own applications as part of our ongoing contribution to the ACsploit project, an open-source platform introduced at Black Hat Asia 2019 for generating worst-case inputs to common algorithms.

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-08Lessons and Lulz The 5th Annual Black Hat USA NOC Report
2022-01-08Rogue7 Rogue Engineering Station Attacks on S7 Simatic PLCs
2022-01-08PeriScope An Effective Probing and Fuzzing Framework for the Hardware OS Boundary
2022-01-07Attacking iPhone XS Max
2022-01-07Come Join the CAFSA - Continuous Automated Firmware Security Analysis
2022-01-07Defense Against Rapidly Morphing DDOS
2022-01-07Automation Techniques in C++ Reverse Engineering
2022-01-07He Said, She Said – Poisoned RDP Offense and Defense
2022-01-07Command Injection in F5 iRules
2022-01-07Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
2022-01-07Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
2022-01-07HostSplit: Exploitable Antipatterns in Unicode Normalization
2022-01-07Behind the scenes of iOS and Mac Security
2022-01-07How Do Cyber Insurers View The World?
2022-01-07Controlled Chaos: The Inevitable Marriage of DevOps & Security
2022-01-07Detecting Deep Fakes with Mice
2022-01-07Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
2022-01-07Detecting Malicious Files with YARA Rules as They Traverse the Network
2022-01-070-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars
2022-01-07Critical Zero Days Remotely Compromise the Most Popular Real Time OS
2022-01-07DevSecOps : What, Why and How


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
criminal
phishing
software
access
safety
system
firewall
communication
business
privacy
binary
account
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
David Renardy
Nathan Hauke