In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. I will present a complementary approach to fuzzing called MTE. By using MTE, I managed to get over 60 CVEs, all are logical vulnerabilities, in 60 days across many major software vendors like Microsoft, Facebook, Intel, and more.
Some things never die – In this session, we’ll show that a huge amount of software is still vulnerable to DLL Hijacking and Symlinks abuse and may allow attackers to escalate their privileges or DoS a machine. We will show how we generalized these two techniques within an automated testing system called Ichanea, with the aim – finding new vulnerabilities.
Our mindset was – choose software that is prone to be vulnerable: installers, update programs, and services. These types of software are often privileged. Therefore, they are good candidates for exploitation using symlink or DLL Hijacking attacks. We’re only scratching the surface; we are positive that there are additional attack vectors that could be widely implemented to achieve similar results.