Announcement

Collapse
No announcement yet.

Ben Barnea & Ophir Harpaz - Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ben Barnea & Ophir Harpaz - Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in...

    Ben Barnea & Ophir Harpaz - Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service



    Ben Barnea, Senior Security Researcher, Akamai, He/Him

    Ophir Harpaz, Senior Security Research Team Lead, Akamai, She/Her





    Presentation Title: Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service

    Length of presentation: 45 minutes

    Demo, Tool, Exploit



    MS-RPC is Microsoft's implementation of the Remote Procedure Calls protocol. Even though the protocol is extremely widespread, and serves as the basis for nearly all Windows services on both managed and unmanaged networks, little has been published about MS-RPC, its attack surface and design flaws.




    In this talk, we will walkthrough and demonstrate a 0-day RCE vulnerability which we discovered through our research of MS-RPC. When exploited, this vulnerability allows an attacker to execute code remotely and potentially take over the Domain Controller. We believe this vulnerability may belong to a somewhat novel bug-class which is unique to RPC server implementations, and would like to share this idea as a possible research direction with the audience.




    To aid future research into the topic of MS-RPC, we will share a deep, technical overview of the RPC system in Windows, explain why we decided to target it, and point out several design flaws. We will also outline the methodology we developed around RPC as a research target along with some tools we built to facilitate the bug-hunting process.




    SPEAKER BIO(S)

    Ben Barnea is a security researcher at Akamai with interest and experience conducting low-level security research and vulnerability research across various architectures - Windows, Linux, IoT and mobile. He likes learning how complex mechanisms work and most importantly, how they fail.


    Twitter: @nachoskrnl



    Ophir Harpaz is a security research team lead in Akamai, where she manages research projects around OS internals, exploitation and malware analysis. Ophir has spoken in various security conferences including Black Hat USA, Botconf, SEC-T, HackFest and more. As an active member in Baot - a community for women engineers - she has taught a reverse-engineering workshop (https://begin.re) to share her enthusiasm for reversing. Ophir has entered Forbes' list of 30-under-30 and won the Rising Star category of SC Magazine's Reboot awards for her achievements and contribution to the Cyber security industry.


    Twitter:@OphirHarpaz



    REFERENCES:

    * https://github.com/topotam/PetitPotam

    * https://github.com/silverf0x/RpcView

    * https://blog.xpnsec.com/analysing-rp...-ghidra-neo4j/

    * https://www.tiraniddo.dev/2021/08/ho...erver-and.html

    * https://csandker.io/2021/02/21/Offen...IPC-2-RPC.html

    []
Working...
X