BSidesSF 2019 has ended
Back To Schedule
Monday, March 4 • 11:00am - 11:30am
Abusing WCF Endpoint for RCE and Privilege Escalation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In 2018 there were quite a few local privilege escalation and remote code execution CVEs related to abusing the functionality exposed by WCF services in .NET programs. These were found in products such as VPN clients, commercial network monitoring tools, and antivirus software. In some cases, these services accidentally exposed stronger capabilities than intended (for example, the ability to run arbitrary code). In other cases, sensitive features have been locked down, but the security mechanisms are faulty and can be bypassed.

The aim of this presentation is to spread awareness of WCF as an attack surface and to demonstrate how to get started finding and exploiting these bugs. This will be accomplished by reviewing the vulnerability identification and exploit development process for a recent 0-day privilege escalation in Check Point's flagship antivirus product ZoneAlarm.

avatar for Christopher Anastasio

Christopher Anastasio

Security Analyst, Illumant
Chris Anastasio is a penetration tester at Illumant, bug bounty hunter, amateur exploit dev, and bad coder. He’s been working in Infosec professionally for 5 years and as a hobbyist for many more. He cofounded the Dark Corner (darkcorner.org), a monthly hacker meet up in Palo Alto... Read More →

Monday March 4, 2019 11:00am - 11:30am PST
City View