HITBSECCONF2010 - DUBAI IS OVER!
THANK YOU TO ALL THE SPEAKERS AND ATTENDEES WHO MADE IT OVER TO JOIN US!

CONFERENCE MATERIALS
CONFEENCE PHOTOS

Gynvael Coldwind (Researcher, Hispasec)

Presentation Title A Case Study of Recent Windows Vulnerabilities
Presentation Abstract

During the lecture I will demonstrate and explain recent Microsoft Windows vulnerabilities discovered by Mathew ‘j00ru’ Jurczyk and myself. At this time most of the vulnerabilities are not public, and they are scheduled to be patched in April (a week before the Dubai conference).

One of the published vulnerability is the MS10-011 “CSRSS Local Privilege Elevation Vulnerability”. A successful exploitation of these vulnerabilities leads to local privilege elevation or DoS conditions, and (mostly) only Windows up to XP are affected. Even though the exploitation of these vulnerabilities is not very practical (they are not of “click and you’re root” type), the way they work, from a technical point of view, may still be very interesting for other security researchers.

About Gynvael Coldwind

Gynvael Coldwind is a researcher, specializing in reverse engineering, vulnerability research, penetration testing and tool programming. He currently works with Hispasec and previously created static unpackers for an anti-virus company. He maintains a website at: http://gynvael.coldwind.pl/