Showing Posts About

Georgi geshev

Chainspotting: Building Exploit Chains with Logic Bugs

A presentation explores the development of an exploit chain involving 11 logic bugs across 6 Android applications. The study demonstrates how logic vulnerabilities can be chained together to achieve malicious actions like silent APK installation. Techniques for discovering and exploiting logic bugs in Android systems are discussed, highlighting the challenges of complex vulnerability chaining.

QNX: 99 Problems but a Microkernel ain't one!

This presentation explores security research on the QNX microkernel operating system used in critical systems like automotive and consumer devices. The talk examined QNX's security architecture through reverse engineering and fuzzing techniques. The goal was to provide insights into QNX subsystems and potential attack surfaces for privilege escalation.

QNX: Security Architecture Whitepaper

A whitepaper by Alex Plaskett and Georgi Geshev examines the security architecture of QNX, a microkernel operating system. The document explores key operating system features and potential attack vectors against QNX-based platforms. The research identifies security weaknesses and suggests opportunities for further investigation into the QNX platform's security.

Warranty Void If Label Removed: Attacking MPLS Networks

A presentation on MPLS network vulnerabilities revealed critical security weaknesses in service provider network infrastructures. Network reconnaissance techniques were demonstrated that could expose internal Label Switching Router interconnections. The research highlighted potential VRF hopping attacks that could allow unauthorized traffic injection between different customer networks in shared MPLS environments.