NorthSec 2023

To the moon and back: How we found and exploited a series of critical vulns in an RPC server
2023-05-19, 10:45–11:15, Ville-Marie

We're always seeing vulnerability reports in the news, but how much do you know about finding and reporting these bugs? In this talk, we're going to look at a series of critical security vulnerabilities in an RPC service developed for mainframes, ported to modern operating systems, and used by most large companies. We'll cover the full process:

  • How we prepare the application for analysis
  • How we reverse engineer implement the binary protocol
  • How the RPC service authenticates users, processes messages, and starts other services
  • How we can bypass user authentication
  • How we found / exploited a variety of vulnerabilities in the services (including making Metasploit modules)
  • How we reported all this to the vendor, and how we coordinated disclosure

Basically, this will be an end-to-end vulnerability research bonanza!

What is the language of your talk/workshop?


During the day, Ron Bowes is a lead vulnerability researcher at Rapid7, where his job is to perform deep-dive analyses of publicly disclosed vulnerabilities, as well as to find (and report) his own. His previous role at Counter Hack Security was combo pentester / CTF developer.

In his free time, he runs (and writes challenges for) the BSides San Francisco CTF and is a lead organizer for The Long Con security conference in Winnipeg. When he's not doing infosec work, his biggest hobbies are rockclimbing and video games (current game: Slay the Spire!)

This speaker also appears in: