2023-05-19, 10:45–11:15, Ville-Marie
We're always seeing vulnerability reports in the news, but how much do you know about finding and reporting these bugs? In this talk, we're going to look at a series of critical security vulnerabilities in an RPC service developed for mainframes, ported to modern operating systems, and used by most large companies. We'll cover the full process:
- How we prepare the application for analysis
- How we reverse engineer implement the binary protocol
- How the RPC service authenticates users, processes messages, and starts other services
- How we can bypass user authentication
- How we found / exploited a variety of vulnerabilities in the services (including making Metasploit modules)
- How we reported all this to the vendor, and how we coordinated disclosure
Basically, this will be an end-to-end vulnerability research bonanza!
English
During the day, Ron Bowes is a lead vulnerability researcher at Rapid7, where his job is to perform deep-dive analyses of publicly disclosed vulnerabilities, as well as to find (and report) his own. His previous role at Counter Hack Security was combo pentester / CTF developer.
In his free time, he runs (and writes challenges for) the BSides San Francisco CTF and is a lead organizer for The Long Con security conference in Winnipeg. When he's not doing infosec work, his biggest hobbies are rockclimbing and video games (current game: Slay the Spire!)