29C3 - Version 1.9
| Speakers | |
|---|---|
|
Julia Wolf |
| Schedule | |
|---|---|
| Day | Day 3 - 2012-12-29 |
| Room | Saal 6 |
| Start time | 11:30 |
| Duration | 01:00 |
| Info | |
| ID | 5417 |
| Event type | Lecture |
| Language used for presentation | English |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
CVE-2011-3402 Technical Analysis
CVE-2011-3402 is well known as the Windows Kernel TrueType [Font] 0-day used in the "Duqu" attack(s). Recently this exploit has begun to appear in several crimeware exploit kits... Actually, not merely just the exploit, but the entire font file used by Duqu, now being harnessed to infect a large population with malware. This talk will mostly be an extremely low-level walk-through of the font program within this TrueType font, which is used to manipulate the Windows Kernel into executing the native x86 shellcode.