How SUDO on Linux was HACKED! // CVE-2021-3156
The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit. https://ift.tt/2QQp8gV Article: https://ift.tt/3sIaKEw Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN PwnFunction's Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLI_rLWXMqpSkAYfar0HRA7lykydwmRY_2 Full CVE-2021-3156 Advisory: https://ift.tt/3xdbULX Qualys Blog: https://ift.tt/39hzM75 milek7's blog on fuzzing sudo: https://ift.tt/3otu5Hi 00:00 - Intro and Motivation 01:33 - afl: Fuzzing argv[] 03:22 - afl: sudo vs. sudoedit 04:27 - afl: Fuzzing setuid Process 06:49 - Fuzzing Conclusion 07:11 - Code Review: Identify Risky Code Through Isolation 09:39 - Code Review: Bypass Safe Conditions 11:15 - Exploit Strategy: Modern Mitigations 12:25 - The service_user Object Overwrite Technique 13:48 - Heap Feng Shui via Environment Variables 14:57 - Bruteforce Script to Find Exploitable Conditions 15:39 - Find and Analyse Useful Crashes 16:31 - Exploitability Analysis Conclusion 17:13 - Qualys Researchers Knew nss From Stack Clash 17:47 - Sudoedit Exploitable on macOs? 18:32 - Research Conclusion 19:27 - Outro -=[ ❤️ Support ]=- → per Video: https://ift.tt/2Ixgzmk → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://ift.tt/2T93fZJ → Subreddit: https://ift.tt/1Yl6ANY → Facebook: https://ift.tt/2sdAhu7
The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit. https://ift.tt/2QQp8gV Article: https://ift.tt/3sIaKEw Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN PwnFunction's Binary Exploitation Playlist: https://www.youtube.com/playlist?list=PLI_rLWXMqpSkAYfar0HRA7lykydwmRY_2 Full CVE-2021-3156 Advisory: https://ift.tt/3xdbULX Qualys Blog: https://ift.tt/39hzM75 milek7's blog on fuzzing sudo: https://ift.tt/3otu5Hi 00:00 - Intro and Motivation 01:33 - afl: Fuzzing argv[] 03:22 - afl: sudo vs. sudoedit 04:27 - afl: Fuzzing setuid Process 06:49 - Fuzzing Conclusion 07:11 - Code Review: Identify Risky Code Through Isolation 09:39 - Code Review: Bypass Safe Conditions 11:15 - Exploit Strategy: Modern Mitigations 12:25 - The service_user Object Overwrite Technique 13:48 - Heap Feng Shui via Environment Variables 14:57 - Bruteforce Script to Find Exploitable Conditions 15:39 - Find and Analyse Useful Crashes 16:31 - Exploitability Analysis Conclusion 17:13 - Qualys Researchers Knew nss From Stack Clash 17:47 - Sudoedit Exploitable on macOs? 18:32 - Research Conclusion 19:27 - Outro -=[ ❤️ Support ]=- → per Video: https://ift.tt/2Ixgzmk → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://ift.tt/2T93fZJ → Subreddit: https://ift.tt/1Yl6ANY → Facebook: https://ift.tt/2sdAhu7
Comments
Post a Comment