DeepSec 2019 Talk: 30 CVEs in 30 Days – Eran Shimony
In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. We will present a complementary approach to fuzzing. By using this method, which is quite easy, we managed to get over 30 CVEs across multiple major vendors in only one month. Some things never die. In this session, we’ll show that a huge amount of software is still vulnerable to DLL Hijacking and Symlinks abuse and may allow attackers to escalate their privileges or to DoS a machine. We will show how we generalized these two techniques within an automated testing system called Ichanea, with the aim of finding new vulnerabilities. Our mindset was – choose software that is prone to be vulnerable: Installers, update programs, and services. These types of software are often privileged. Therefore, they are