He Said, She Said – Poisoned RDP Offense and Defense

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=PytrIW8st3c


Duration: 49:22
3 views
0

He Said, She Said – Poisoned RDP Offense and Defense
Dana Baril | Security Software Engineer, Microsoft
Eyal Itkin | Vulnerability Researcher, Check Point Software Technologies
Location: South Seas ABE
Date: Wednesday, August 7 | 4:00pm-4:50pm
Format: 50-Minute Briefings
Tracks: Applied Security, Exploit Development

It's safe to assume that many people reading this text have heard of using the Remote Desktop Protocol (RDP) to connect to other machines. But has anyone ever considered that merely using RDP can compromise their own computer?

In this talk, we will not be covering a typical RDP vulnerability where a server is attacked - instead, we will show that just by connecting to a rogue machine, your own host can be reliably and silently compromised. Although there are numerous vulnerabilities in popular open source RDP clients, this talk heads straight for the crown jewel: the Microsoft Terminal Services Client, or MSTSC.EXE. Together, we will take a deep dive into the main synchronized resource between the client and the server: the clipboard. At the end of this journey, we will discover an inherent design problem with this resource synchronization, a design problem also inherited by Hyper-V.

For attackers, this design flaw enables new ways of escaping the sandbox. For defenders, there is a way to fight back. With the right optics, this technique can be detected using internal Windows telemetry.

In this collaborative talk, researchers from Check Point and Microsoft share the inside story of the attack from both the offensive and defensive perspectives.

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-08Paging All Windows Geeks Finding Evil in Windows 10 Compressed Memory
2022-01-08Legal GNSS Spoofing and its Effects on Autonomous Vehicles
2022-01-08Reverse Engineering WhatsApp Encryption for Chat Manipulation and More
2022-01-08Lessons and Lulz The 5th Annual Black Hat USA NOC Report
2022-01-08Rogue7 Rogue Engineering Station Attacks on S7 Simatic PLCs
2022-01-08PeriScope An Effective Probing and Fuzzing Framework for the Hardware OS Boundary
2022-01-07Attacking iPhone XS Max
2022-01-07Come Join the CAFSA - Continuous Automated Firmware Security Analysis
2022-01-07Defense Against Rapidly Morphing DDOS
2022-01-07Automation Techniques in C++ Reverse Engineering
2022-01-07He Said, She Said – Poisoned RDP Offense and Defense
2022-01-07Command Injection in F5 iRules
2022-01-07Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
2022-01-07Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
2022-01-07HostSplit: Exploitable Antipatterns in Unicode Normalization
2022-01-07Behind the scenes of iOS and Mac Security
2022-01-07How Do Cyber Insurers View The World?
2022-01-07Controlled Chaos: The Inevitable Marriage of DevOps & Security
2022-01-07Detecting Deep Fakes with Mice
2022-01-07Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
2022-01-07Detecting Malicious Files with YARA Rules as They Traverse the Network


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
phishing
software
access
safety
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Eyal Itkin
Dana Baril