NorthSec 2023

Practical exploitation of cryptographic flaws in Windows
2023-05-18, 10:00–10:30, Salle de Bal

In their first Patch Tuesday of January 2020, Microsoft patched CVE-2020-0601, aka CurveBall, a flaw in their root CA trust store that allowed anybody to forge certificates that would be recognized as trusted by Windows 10 and Windows Server 2016/2019. The flaw was first discovered by the NSA and patched without fully disclosing its details.
Back then, we "reversed" it and released a POC within 48 hours of its non-disclosure. We'll see how.

More recently, a second flaw,CVE-2022-34689, was disclosed by the NSA in Windows CryptoAPI. It was patched in August 2022, but was only publicly announced in the October 2022 Patch Tuesday.

In this talk we will discover how to leverage such cryptographic flaws in order to create trusted, signed binaries or how they enable us to perform MITM attacks against unpatched Windows machines and servers!
We will also address how one can defend against these and why non-disclosure is not a great idea, especially for cryptographic flaws.

What is the language of your talk/workshop?


Yolan is an applied cryptographer at Protocol Labs delving into (and mostly dwelling on) cryptography, secure coding, and other fun things. He has previously spoken at Black Hat USA, BSidesLV, Cryptovillage, NorthSec, GopherConEU, and DEF CON on topics including automation in cryptography, public keys vulnerabilities, elliptic curves, post-quantum cryptography, functional encryption, open source security, distributed randomness, and more! He introduced the first practical fault attack against the EdDSA signature scheme and orchestrated the full disclosure with the code of the CurveBall vulnerability. Nowadays he's working on the distributed randomness project, drand, studying pairing-based cryptography, distributed key generation, and threshold systems. His most recent work was focused around Timelock Encryption.

Cryptography expert in the research team at Kudelski Security. His favorite topics are Cryptography, Hardware attacks and vulnerability research in general. He worked on security of Cryptography algorithms implementations on different platforms as well as on critical code security audits. He like playing and organizing CTFs.