Zhiniang Peng and Fangming Gu

Detecting logical vulnerabilities of accessing Files and Registries on Windows System in Large Scale

Abstract

Logical vulnerabilities of accessing files and registries on windows system are getting more and more attention. It’s stable and easy to exploit than memory corruption vulnerability. However, finding such a vulnerability usually need lots of manual works. In this presentation, we purpose two way to detect this kind of vulnerabilities in Large Scale. One is runtime detection by monitoring system activities and pattern matching of these monitored data to filter our vulnerable operation of system. Another is static analysis by formalize those vulnerabilities and propose pattern matching on windows binary. We will talk about how we solve the problem we meet when realize those ideas. Besides, more than 20 EoP on Windows was found by our tools. we will also talk about some new exploitation trick to exploit them.

BIO

Dr. Zhiniang Peng (@edwardzpeng) is a security researcher at Qihoo 360 core security. He got his PhD in cryptography and published many academic papers in information security, and he has presented at cansecwest, ISC, zer0con, PacSec, Opcde, etc. Dr. Peng has designed several security products in data security and discovered several critical vulnerabilities in various fields. His current research interests include software security, threat hunting and applied cryptography.

Fangming Gu is a phd candidate majoring in system security at University of Chinese Academy of Sciences. His interests are mainly focused on dynamic tracking and program analysis.