29C3 - Version 1.9

F/a{hr-p).l//a,n
2.9/C-3

Referenten
Julia Wolf
Programm
Tag Day 3 - 2012-12-29
Raum Saal 6
Beginn 11:30
Dauer 01:00
Info
ID 5417
Veranstaltungstyp Vortrag
Sprache der Veranstaltung englisch
Feedback

CVE-2011-3402 Technical Analysis

CVE-2011-3402 is well known as the Windows Kernel TrueType [Font] 0-day used in the "Duqu" attack(s). Recently this exploit has begun to appear in several crimeware exploit kits... Actually, not merely just the exploit, but the entire font file used by Duqu, now being harnessed to infect a large population with malware. This talk will mostly be an extremely low-level walk-through of the font program within this TrueType font, which is used to manipulate the Windows Kernel into executing the native x86 shellcode.

Archived page - Impressum/Datenschutz