mlns='http://www.w3.org/1999/xhtml'>
Register now for free Black Hat Webcast, Thursday, May 20 at 11am
PLEASE JOIN US FOR THE NEXT INSTALLMENT IN THE BLACK HAT WEBCAST SERIES |
|
|
|
A Decade After Stuxnet’s Printer Vulnerability: Printing is still the Stairway to Heaven |
|
|
|
Thursday, May 20, 2021 11:00AM - 12:00PM PDT // 60 MINUTES, INCLUDING Q&A | In this Webcast, we will recap the journey of discovering and analyzing 3 Windows 10 Print Spooler 0-day vulnerabilities. We will follow-up our research with an updated 2021 discoveries (by the InfoSec community) about new vulnerabilities. In 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage to Iranian nuclear enrichment centrifuges. In order to reach Iran's centrifuges, it exploited a vulnerability in the Windows Print Spooler service and gain code execution as NT AUTHORITY\SYSTEM. Due to the hype around this critical vulnerability, we (and probably everyone else) were pretty sure that this attack surface would no longer exist a decade later. We were wrong… The first clue was that 2 out of 3 vulnerabilities which were involved in Stuxnet were not fully patched. That was the case also for the 3rd vulnerability used in Stuxnet, which we were able to exploit again in a different manner. It appears that Microsoft has barely changed the code of the Windows Print Spooler mechanism over the last 20 years. We started to investigate the Print Spooler mechanism in the latest Windows 10 Insider build and discovered two 0-day vulnerabilities providing LPE as SYSTEM and Denial-of-Service. The first one can also be used as a new, unknown persistence technique. | |
|
|
| |
|
|
|
Peleg Hadar Peleg Hadar (@peleghd) is a security researcher, having 8+ years of unique experience in the sec field. Currently, he is doing research @SafeBreach Lab after serving in various sec positions @IDF. His experience involved security from many angles: starting with network research, and now mostly software research. Peleg likes to investigate mostly Microsoft Windows components. He presented his research at Black Hat USA and DEF CON. |
|
|
|
Tomer Bar Tomer Bar is a security researcher and a research team leader with 15+ years of unique experience in the sec field. Currently, he leads the SafeBreach Labs research team. His experience involved vulnerability research and malware analysis. He is a recognized industry speaker, having spoken at DEFCON, Black Hat USA. |
|
|
|
Francisco Najera, CISSP, CISM Francisco Najera is an information security professional with over 20 years of experience. Over the last two decades, he has held multiple roles ranging from Security Architect and Solutions Engineer to Technical Lead and Global Director, advising and developing successful solutions for a diverse group of enterprises. At SafeBreach, he is focused on evangelizing the value of adversary simulation and helping clients measure the effectiveness of their security controls in order to drive continuous improvement of their security programs. |
|
|
|
| Upcoming Black Hat Events |
|
|
|
|