BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Internal Server Error: Exploiting Inter-Process Comm
 unication\n   with new desynchronization primitives\n   When: Saturday\, A
 ug 13\, 17:00 - 17:45 PDT\n   Where: Caesars Forum - Academy 401-410\, 421
  (Track 3) - [1]Map\n\n   SpeakerBio:Martin Doyhenard \, Security Research
 er at Onapsis\n   Martin is a security researcher at the Onapsis Research 
 Labs. His work\n   includes performing security assessment on SAP and Orac
 le products and\n   detecting vulnerabilities in ERP systems. His research
  is focused on\n   Web stack security\, reverse engineering and binary ana
 lisis\, and he is\n   also an active CTF player.\n\n   Martin has spoken a
 t different conferences including DEFCON\, RSA\, HITB\n   and EkoParty\, a
 nd presented multiple critical vulnerabilities.\n\n   Twitter: [2]@tincho_
 508\n\n   Description:\n   In this talk I will show how to reverse enginee
 r a proprietary HTTP\n   Server in order to leverage memory corruption vul
 nerabilities using\n   high level HTTP protocol exploitation techniques. T
 o do so\, I will\n   present two critical vulnerabilities\, CVE-2022-22536
  and\n   CVE-2022-22532\, which were found in SAP's proprietary HTTP Serve
 r\, and\n   could be used by a remote unauthenticated attacker to compromi
 se any\n   SAP installation in the world.\n\n   First\, I will explain how
  to escalate an error in the request handling\n   process to Desynchronize
  data buffers and hijack every user’s\n   account with Advanced Response
  Smuggling. Furthermore\, as the\n   primitives of this vulnerability do n
 ot rely on header parsing errors\,\n   I will show a new technique to pers
 ist the attack using the first\n   Desync botnet in history. This attack w
 ill prove to be effective even\n   in an “impossible to exploit” scena
 rio: without a Proxy!\n\n   Next I will examine a Use-After-Free in the sh
 ared memory used for\n   Inter-Process Communication. By exploiting the in
 correct deallocation\,\n   I will show how to tamper messages belonging to
  other TCP connections\n   and take control of all responses using Cache P
 oisoning and Response\n   Splitting theory.\n\n   Finally\, as the affecte
 d buffers could also contain IPC control data\,\n   I will explain how to 
 corrupt memory address pointers and end up\n   obtaining RCE.\n\n   '\n\n 
   1. https://defcon.outel.org/consolidated_page.html#CaesarsAcademyBR\n   
 2. https://twitter.com/tincho_508\n\n\n
DTEND:20220814T004500Z
DTSTART:20220814Z
LOCATION:DC - Caesars Forum - Academy 401-410\, 421 (Track 3)
SUMMARY:Internal Server Error: Exploiting Inter-Process Communication with 
 new desynchronization primitives
END:VEVENT
END:VCALENDAR