DeepSec 2024 Talk: Reversing Windows RPC in Enterprise Software for Fun and CVEs – Andreas Vikerup
This talk will walk the audience through the dissection of Windows RPC usage in the enterprise software ManageEngine ADAudit Plus, which will unravel two CVEs and crack a CTF-like encryption/decryption process.
We asked Andreas a few more questions about his talk.
Please tell us the top 5 facts about your talk.
This talk will guide the audience through a reverse engineering method that will ultimately lead to 2 CVEs in a product known as ManageEngine ADAudit Plus. The reviewed code will be human readable (as in not assembly language) which makes it easy to follow. There will be hurdles along the way to reach the goal and these will be highlighted and discussed in the presentation.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
The initial goal when starting the reverse engineering process of the product was to leverage an old CVE in a new way. This was also successful, however never published – yet 😉
Why do you think this is an important topic?
This topic is important as it shows how versatile a security researcher needs to be to assess complex applications. This talk also highlights a novel technique to interact with RPC.
Is there something you want everybody to know – some good advice for our readers, maybe?
I love PDF generators. I dislike injustice and gRPC. Sub 28 seconds on a Rubik’s cube.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
I expect that more research will be done in enterprise software running on Windows. Historically, once the initial barriers of understanding a product are overcome and are published, researchers will follow and gather new insights and interesting scenarios appear.
Hacker, pentester, IT security consultant and co-founder of Shelltrail. 20 years in the IT industry and 6 years with 100% security focus. Loves PDF-generators and Rubik’s cubes. Hates gRPC and obfuscated JavaScript.