Пожалуйста, обратите внимание, что пользователь заблокирован
OLE object are still dangerous today — Exploiting Microsoft Office
Modern Chrome Exploit Development
slides: тыкOLE is a mechanism that allows users to create and edit documents containing items or "objects" created by multiple applications,and Microsoft Office provides an interface to support the OLE mechanism, which allows users to easily use some OLE objects in documents, such as Sound clips, spreadsheets, and bitmaps. While this design is user-friendly, the interface can load any CLSID, even if these objects are not intended for Office. This significantly expands the attack surface because any Windows machine will have thousands of COM objects designed to work in various scenarios. The presence of this attack surface has been discovered as early as 2010, and there have been many zero-day vulnerabilities in the following years. With the iteration of the windows system, many new com objects appeared in win10 and win11, but are they safe? With such questions in mind, we analyzed these COM objects and discovered 10+ new vulnerabilities, including two critical ones, which attackers could easily exploit for remote code execution in Office. In this talk, we will share the details of these vulnerabilities and how to exploit them. Additionally, we will propose effective fixes and protective measures.
Modern Chrome Exploit Development
post: тыкWe will delve into the comprehensive process and challenges faced during the development of the exploit chain. This includes discussing the V8 sandbox bypass, with a special emphasis on hijacking the latest Chrome V8 rip, focusing beyond just the lower 4 bytes. Additionally, we'll cover the reliable technique for jumping to LONG shellcode without relying on ROP, and the distinctions between untrusted processes and Chrome's rendering process. In the context of Chrome's sandbox, we've utilized CVE-2023-21674. Our discussion will reveal in-depth details of the ALPC kernel exploit, and the construction process for its proof of concept (PoC). We will also touch upon the transition from use-after-free (UAF) vulnerabilities to arbitrary read/write primitives, and the method of object memory replace from the Chrome render process to the kernel heap, and methods to bypass numerous API restrictions. Lastly, we'll highlight crucial considerations and key points when developing real-world exploits.