Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Detail the Blood and Guts of the 2016 Pwn2Own Exploit Expo

posted by janrinok on Monday August 08 2016, @03:33PM   Printer-friendly
from the be-safe-out-there dept.

Arthur T Knackerbracket has found the following story:

The quartet of Matt Molinyawe, Abdul-aziz Hariri, Jasiel Spelman, and Jason Smith of Trend Micro's Zero Day Initiative vulnerability clearing house detailed and demonstrated the devastating white hat hacks during their presentations at the Black Hat conference in Las Vegas.

They walked delegates through the exploitation steps of the eight successful Pwn2Own hacks pulled off at the Pwn2Own competition in March, recapping the steps and the 21 vulnerabilities which lead to digital goring of Chrome, Safari, Microsoft Edge, Apple OS X, and Adobe Flash.

"The winning submissions to Pwn2Own 2016 provided unprecedented insight into the state-of-the-art techniques in software exploitation" the quartet says in a 65-page technical paper [PDF] published after the talk.

"Every successful submission provided remote code execution as the super user (SYSTEM/root) via the browser or a default browser plug-in … attained through the exploitation of the Microsoft Windows or Apple OS X kernel."

[...] "Application sandboxing is a step in the right direction, but the kernel attack surface remains expansive and exposed," they say. "Each of the winning entries was able to avoid the sandboxing mitigations by leveraging vulnerabilities in the underlying OSs."

Mitigations that isolate access to kernel APIs from sandboxed processes will add hurdles to frustrate future attempts to pop god-mode shells, they say.

Presentation slides are also available as a PDF. ®

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hackers Detail the Blood and Guts of the 2016 Pwn2Own Exploit Expo | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Scruffy Beard 2 on Monday August 08 2016, @04:02PM

    by Scruffy Beard 2 (6030) on Monday August 08 2016, @04:02PM (#385339)

    So software as munitions snuck up on me without me noticing:

    The event was, by all accounts, a great success. Researchers get rewarded for their work and software developers get the heads-up on problems. Some security experts did, however, note that the Wassenaar arrangement limited the involvement of EU researchers.

    The Wassenaar arrangements cover the export of weaponry which, these days, includes cyber munitions. Earlier suggestions for how to extend Wassenaar into cyber included a blanket ban on tools used by security researchers to test software – such as fuzzers – which would have being banned from export. ®

    Not sure why the article ends with a registered trademark symbol. I wonder if they meant to use the Copyright symbol.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Gravis on Monday August 08 2016, @04:23PM

    by Gravis (4596) on Monday August 08 2016, @04:23PM (#385351)

    Not sure why the article ends with a registered trademark symbol. I wonder if they meant to use the Copyright symbol.

    it's The Register , they do that shit for everything.

  • (Score: 2) by Scruffy Beard 2 on Monday August 08 2016, @04:26PM

    by Scruffy Beard 2 (6030) on Monday August 08 2016, @04:26PM (#385352)

    For more information, I suggest going to the source [wassenaar.org].

    • The list of DUAL-USE GOODS AND TECHNOLOGIES covers: think that are needed to develop or use items on the restricted list.
    • Apparently, if you can buy the software in a store, the agreement does not apply
    • The general software exemption apparently does not apply to items described under 'Category 5 - Part 2 "Information Security"'
    • Looks like that section has had exemptions carved out for common things like cell-phone (the restriction on strong encryption is still there)
    • 5.A.4.a. looks like it my apply to this contest, but only if they do cryptanalysis,

    • (Score: 2) by Scruffy Beard 2 on Monday August 08 2016, @04:35PM

      by Scruffy Beard 2 (6030) on Monday August 08 2016, @04:35PM (#385356)

      Category 5, Part 2 starts with the note:

      Part 2 - "INFORMATION SECURITY"
      Note 1 Not used since 2015

      Does that imply there is nothing to worry about?