ZeroNights 2018, Eric Sesterhenn’s, Luis Merino’s, Markus Vervier’s ‘Zero Fax Given’

From The Video Description: FAX machines, although being a reminiscent of a not-so-far past, are still present in lots of office spaces and can be frequently used for business and legal communications. Most of its technology was developed decades ago a… Continue reading ZeroNights 2018, Eric Sesterhenn’s, Luis Merino’s, Markus Vervier’s ‘Zero Fax Given’

ZeroNights 2018, Junyu Zhou’s, Wenxu Wu’s ‘Attack Surfaces Against GIT Web Servers Used By Thousands Of Developers’

From The Video Description: We, Tencent Security Xuanwu Lab, have successfully carried out serveral remote attacks on the most popular git web servers in 2018.
This time we are willing to share our full, in-depth details on this research. In this prese… Continue reading ZeroNights 2018, Junyu Zhou’s, Wenxu Wu’s ‘Attack Surfaces Against GIT Web Servers Used By Thousands Of Developers’

ZeroNights 2018, HC Ma’s ‘Massive Scale USB Device Driver Fuzz WITHOUT Device’

From the Video Description: USB is one of the most common interfaces supported on modern computers. Modern OSes offer tons of USB drivers to support frequently used USB device classes. For other 3rd party USB devices, Microsoft provides automatic drive… Continue reading ZeroNights 2018, HC Ma’s ‘Massive Scale USB Device Driver Fuzz WITHOUT Device’

ZeroNights 2018, Jianing Wang’s & Junyu Zhous’ ‘NTLM Relay Reloaded: Attack Methods You Do Not Know’

From the Video Description: It has been years since NTLM authentication protocol is introduced in Windows. NTLM relay is one of the most famous attacks, which attacker can act as the victim without knowing the credentials. Microsoft has released lots o… Continue reading ZeroNights 2018, Jianing Wang’s & Junyu Zhous’ ‘NTLM Relay Reloaded: Attack Methods You Do Not Know’

ZeroNights 2018, David Baptiste’s ‘Vulnerability In Compiler Leads To Stealth Backdoor In Software’

From The Video Description: It is a fact, software has bugs and compilers (software which build other software) are not an exception. The CVE-2018-8232 discloses a vulnerability found in ML compiler from Microsoft which is used to compile assembly code… Continue reading ZeroNights 2018, David Baptiste’s ‘Vulnerability In Compiler Leads To Stealth Backdoor In Software’

ZeroNights 2018, Joxean Koret’s ‘Diffing C Source Codes To Binaries’

From The Video Description: “Often, when doing reverse engineering projects, one needs to import symbols from Open Source or «leaked» code bases into IDA databases. What everybody does is to compile to binary, diff and import the matches. How… Continue reading ZeroNights 2018, Joxean Koret’s ‘Diffing C Source Codes To Binaries’

ZeroNights 2018, Vladimir Dashchenko’s ‘Denial, Anger, Bargaining, Depression, Acceptance – Reporting 0days To Vendors’

From The video Description: The substitution of foreign ICS systems is an interesting process from the point of view of vulnerability searching. On the one hand, foreign companies have already made much progress in fixing vulnerabilities in their devic… Continue reading ZeroNights 2018, Vladimir Dashchenko’s ‘Denial, Anger, Bargaining, Depression, Acceptance – Reporting 0days To Vendors’

ZeroNights 2018, Alexandre Gazet’s, Fabien (0xf4b) Perigaud’s & Joffrey (@_Sn0rkY) Czarny’s ‘Turning Your BMC Into A Revolving Door’

From The Video Description: “Unmonitored and unpatched BMC (remote administration hardware feature for servers) are an almost certain source of chaos. They have the potential to completely undermined the security of complex network infrastructures and… Continue reading ZeroNights 2018, Alexandre Gazet’s, Fabien (0xf4b) Perigaud’s & Joffrey (@_Sn0rkY) Czarny’s ‘Turning Your BMC Into A Revolving Door’