CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
SESSION
09/21 16:45 - 17:15 Threat Research Forum
Type Confusion in the Wild: from the security Blindspot to Abuse
Obfuscated File Extension (OFE) is a classic Web exploit technique. Hackers simply upload a JPG file to the server with arbitrary upload vulnerabilities, then use the contents of the image file as a PHP WebShell to execute. Boom! Take down the entire server.
However, in today's world of cyber attacks, has this technique never been used to attack non-Web enterprises and home computers? The answer is absolutely yes!
In this session, we will talk from the modern malware analyzer to the defense design of today's security solutions and their 1% defense blind spot. Then use several PoCs to explain how the attacker was able to increase the 1% to 100% blind spot for spoofing and winning the trust by security products by OFE tricks.
SPEAKER
Sheng-Hao Ma (@aaaddress1) is currently working as a threat researcher at TXOne Networks, specializing in Windows reverse engineering analysis for over 10 years. In addition, he is currently a member of CHROOT, an information security community in Taiwan. He has also served as a speaker and instructor for various international conferences and organizations such as DEFCON, HITB, Black Hat USA, VXCON, HITCON, ROOTCON, Ministry of National Defense, and Ministry of Education. He is also the author of the popular security book "Windows APT Warfare: The Definitive Guide for Malware Researchers".