logo
allArticlesConferencesPresentations

Reversing the Root: Identifying the Exploited Vulnerability in 0-days Used In-The-Wild

Conference:  BlackHat USA 2020

2020-08-05

Summary

The presentation discusses the process of reverse engineering vulnerabilities and shares case studies to demonstrate different techniques and approaches.
  • The presentation covers four categories of techniques for reverse engineering vulnerabilities
  • The speaker shares case studies of different approaches to reverse engineering vulnerabilities, including analyzing patches and descriptions of exploits
  • The importance of in-depth knowledge of the target and exploit depth is emphasized
  • The speaker encourages sharing of techniques and innovation in the reverse engineering process
The speaker shares a story of how getting one more detail allowed them to identify a vulnerability with a high level of confidence, highlighting the importance of challenging assumptions and having a precise understanding of the vulnerability

Abstract

Over the past 12 months, Project Zero has analyzed eleven 0-day vulnerabilities that were exploited in the wild. One of the very important parts of these analyses is to do a root cause analysis on the vulnerability that is being exploited. To identify the root cause vulnerability, we've employed a variety of techniques to varying degrees of success: binary patch diffing, putting the exploit sample into a test case minimizer, source code patch diffing, manually reverse engineering the exploit, and "bug hunting" based on known details of the exploit. Rather than discussing these exploited vulnerabilities in detail, this talk will instead cover the reverse engineering techniques to determine the vulnerability in the first place. For these 11 different 0-days, we used five different techniques to determine their root cause. This talk will detail the factors that go into when each technique is used, how we used the technique, and lessons learned from when it's been successful and when it hasn't.Each technique will include case studies across a variety of platforms: from OS kernels, to Javascript engines, to apps, and more. This allows us to see similarities and differences in the reverse engineering techniques across targets. For each case study, we'll show a walk through of how the reversing technique allowed us to determine the vulnerability (or not), and discuss what we might do differently next time. This talk will be a detailed tour of reverse engineering a variety of vulnerabilities that were exploited in the wild, all in less than an hour.
Materials:
Slides
Tags:

Post a comment

Related work

Story of Jailbreaking iOS 13

Conference:  BlackHat EU 2020
Authors:
2020-12-10

2021 - Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us

Conference:  Defcon 29
Authors:
2021-08-01

Infecting The Embedded Supply Chain

Conference:  Defcon 26
Authors:
2018-08-01

Ret2page: The Art of Exploiting Use-After-Free Vulnerabilities in the Dedicated Cache

Conference:  Black Hat USA 2022
Authors:
2022-08-11

Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13

Conference:  Black Hat Asia 2023
Authors: Yong Wang
2023-05-11

Everything has Changed in iOS 14, but Jailbreak is Eternal

Conference:  BlackHat USA 2021
Authors:
2021-08-05