Welcome the papers of the main program!
Dear friends, we have great news: today we present you the first several papers of the main program. They all describe extraordinary abilities of seemingly well-known software and explain how useful tools for analysis and protection can do nothing but help an attacker in certain situations. But first things first.
- Abdul-Aziz Hariri, Brian Gorenc, and Jasiel Spelman (USA, Canada ) will present the paper called For the Greater Good: Leveraging VMware’s RPC Interface for Fun and Profit. Virtual machines are used by researchers and security practitioners to isolate potentially harmful code for analysis and review. However, the virtual machine hypervisor vulnerabilities can give access to the entire system. The speakers will describe the communications between nodes within VMware and functionalities of the RPC interface. The discussion will cover the techniques that can be used to record or sniff the RPC requests sent from the Guest OS to the Host OS. The speakers will also demonstrate how to write tools to query the RPC Interface in C++ and Python for fuzzing purposes and how to exploit Use-After-Free vulnerabilities in VMware.
- James Forshaw (United Kingdom) will present the paper called Abusing Access Tokens for UAC Bypasses. He will cover the hacking of UAC in Microsoft Windows. The speaker will explain the bypassing technique that allows you to gain administrator privileges if a single elevated application is running. It will also go into detail on a previously undocumented technique to abuse, presumably, more secure Over-The-Shoulder elevation on Windows 10.
- Igal Gofman and Marina Simakov (Israel) will present the paper called Malicious JIT: Abusing the Just-In-Time Administration Concept to Avoid Detection. The concept that was introduced in order to defend the environment from attackers can also be abused to avoid any detection mechanisms, which might be incorporated in an environment, and gain persistence in the environment once high privileges are already obtained. The researchers called this concept ‘Malicious JIT’. The speakers will focus on how this concept can be abused in Active Directory environments and will discuss it from two points of view – both the attackers and the defenders.