Name: Abusing WCF Endpoint for RCE and Privilege Escalation
Start: 2019-03-04T11:00:00-0800
End: 2019-03-04T11:30:00-0800

Back To Schedule

Abusing WCF Endpoint for RCE and Privilege Escalation

Feedback form is now closed.

In 2018 there were quite a few local privilege escalation and remote code execution CVEs related to abusing the functionality exposed by WCF services in .NET programs. These were found in products such as VPN clients, commercial network monitoring tools, and antivirus software. In some cases, these services accidentally exposed stronger capabilities than intended (for example, the ability to run arbitrary code). In other cases, sensitive features have been locked down, but the security mechanisms are faulty and can be bypassed.

The aim of this presentation is to spread awareness of WCF as an attack surface and to demonstrate how to get started finding and exploiting these bugs. This will be accomplished by reviewing the vulnerability identification and exploit development process for a recent 0-day privilege escalation in Check Point's flagship antivirus product ZoneAlarm.

Speakers

Christopher Anastasio

Security Analyst, Illumant

Chris Anastasio is a penetration tester at Illumant, bug bounty hunter, amateur exploit dev, and bad coder. He’s been working in Infosec professionally for 5 years and as a hobbyist for many more. He cofounded the Dark Corner (darkcorner.org), a monthly hacker meet up in Palo Alto... Read More →

Abusing WCF Endpoints for RCE and Privilege Escalation BSidesSf 2019 pptx

Monday March 4, 2019 11:00am - 11:30am PST
City View

Track: City View, Talk

BSidesSF 2019

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Christopher Anastasio