BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Defeating magic by magic:Using ALPC security featu res to\n compromise RPC services\n When: Friday\, Aug 9\, 10:30 - 11:1 5 PDT\n Where: LVCC West/Floor 1/Hall 1/Track 4 - [1]Map\n\n Descripti on:\n\n Advanced Local Procedure Call (ALPC) is an Inter Process Communi cation\n method in the Windows kernel. In the past few years\, Windows A LPC and\n RPC vulnerabilities have emerged in an endless stream. These\n vulnerabilities are mainly based on TOCTOU file operations\, memory\n corruption vulnerabilities in RPC services and ALPC syscalls in\n ntosk rnl.\n\n Windows kernel provides a variety of security measures to ensur e that\n the data and context accepted by the ALPC and RPC servers are s afe. We\n noticed the attack surface in the security mechanism of the AL PC\n kernel\, and we found a security flaw in this mechanism (magic) and \n successfully obtained the system privilege from unauthorized users\n (defeating magic by magic).\n\n In this talk\, we will first overview the communication mechanism of\n ALPC and RPC services. We will discuss the details of ALPC and RPC in\n the marshal/unmarshal process that has not been disclosed before.\n We'll also talk about the kernel security m echanism in ALPC syscalls.\n Then we will analyze some historical bugs i n ALPC and RPC\, and\n disclose the details of the vulnerability we foun d\, discussing how we\n bypassed the security mechanism through a small security flaw in\n security mechanisms. Later we'll discuss the exploita tion\, you will\n learn about the multiple ways. Finally\, We'll make co nclusions and\n share our opinions on this attack surface\, including so me tips and\n opinions on how to find these kinds of bugs.\n\n 1. A view into ALPC-RPC by Clement Rouault and Thomas Imbert Hack.lu\n 20 17\n\n 2. Exploiting Errors in Windows Error Reporting - Gal De Leon\n \n 3. Windows Internals\, Part 2\, 7th Edition\n\n Speakers:WangJunJ ie Zhang\,YiSheng He\n\n SpeakerBio: WangJunJie Zhang\, Senior Security Researcher at Hillstone\n Network Security Research Institute\n\n Wan gJunJie Zhang is a senior security researcher of Hillstone Network\n Sec urity Research Institute. His work involved exploit development and\n bu g hunting. He is currently focusing on windows components and kernel\n s ecurity and he has reported many vulnerabilities to Microsoft and\n RedH at and got acknowledgements. He was also listed on Microsoft Most\n Valu able Researcher from 2020 to 2023. He was also the speaker of\n CansecWe st 2023 and HITBSecConf Amsterdam 2023 conference.\n\n SpeakerBio: YiSh eng He\n\n YiSheng He is a member of OWASP\, (ISC)²\, CSA and other org anizations.\n He is the organizer of the DCG86020 event. He has obtained various\n international professional certifications such as CISSP\, CCS K\, CISA\,\n and participated in many open source security projects. He obtained a\n large number of CVE numbers and received acknowledgements f rom\n Microsoft\, Apple and other companies. He also participated in man y CTF\n competitions and won good ranking. His research interests includ e AIoT\n and WEB security. He was also the speaker of CansecWest 2023 an d\n HITBSecConf Amsterdam 2023 conference.\n\n '\n\n 1. #LVCCW_Level 1_Hall1\n\n\n DTEND:20240809T181500Z DTSTART:20240809T173000Z LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 4 SUMMARY:Defeating magic by magic:Using ALPC security features to compromi se RPC services END:VEVENT END:VCALENDAR