Explore a 44-minute conference talk from x33fcon examining how a modern-day Stuxnet-like attack could be implemented using contemporary cyber tactics. Learn about the exploitation of emulated read-only filesystem vulnerabilities and NTFS glitches, starting with an analysis of Stuxnet's original operational mechanisms. Understand how the Windows ecosystem's evolution has impacted attack strategies, including Bring-Your-Own-Vulnerable-Driver (BYOVD) techniques and security measures like Device Guard Signature Enforcement (DSE) and Hypervisor-protected Code Integrity (HVCI). Discover innovative attack methods targeting weaknesses in emulated read-only file systems and previously undisclosed NTFS glitches that enable stealthy deployment of malicious drivers while maintaining system persistence. Master the creation of new indicators of compromise (IOCs) specifically designed to detect these modern attack variations, gaining valuable insights into filesystem vulnerabilities and their implications for cybersecurity defense strategies.
Overview
Syllabus
14. Alessandro Magnosi: Leveraging Emulated Read-Only Filesystems and NTFS Glitches for Inf. & Pers.
Taught by
x33fcon