Showing Posts From
February 2019
- 22 Feb 2019
3D Accelerated Exploitation
The presentation explores the 3D Acceleration feature in VirtualBox as a rich vulnerability research target. Open-source accessibility makes VirtualBox attractive for novice security researchers. The talk discusses exploitation primitives within 3D Acceleration that could potentially enable virtual machine escape without traditional shellcode execution.
-
Tim Carrington - 22 Feb 2019
AutoCAD - Designing a Kill Chain
A detailed analysis of potential cybersecurity vulnerabilities in AutoCAD reveals multiple attack vectors across the cyber kill chain. The research demonstrates how malicious actors can exploit AutoCAD's features like ActionMacros, AutoLisp scripts, and remote text functionality to gain code execution, establish persistence, and perform lateral movement. Multiple attack techniques were identified that could potentially compromise users in high-value industries through targeted AutoCAD-specific exploitation methods.
- 15 Feb 2019
Ventures into Hyper-V - Fuzzing hypercalls
A technical investigation explored fuzzing Hyper-V hypercalls using a custom kernel driver called Virdian Fuzzer (VIFU). The research systematically tested both documented and undocumented hypercalls in Microsoft's virtualization platform. The project involved complex technical analysis of hypercall mechanisms, address translation, and potential vulnerabilities in the Hyper-V architecture.