Explore anti-forensic techniques that exploit vulnerabilities in commercial forensic software components. Learn how a single malicious file can trigger arbitrary code execution across multiple forensic software products, posing significant risks to investigators. Dive into the process of fuzzing file viewer components using custom scripts, MiniFuzz, and kernel drivers for anti-debugging. Examine two specific vulnerabilities - heap overflow and infinite loop DoS - and witness demonstrations of arbitrary code execution and software hang-ups using crafted malicious files. Gain insights into advanced exploitation techniques, including overwriting function pointers and optimizing heap spraying with bitmap images. Conclude with a discussion on potential countermeasures to mitigate these security risks in forensic software.
Overview
Syllabus
Black Hat USA 2013 - Malicious File for Exploiting Forensic Software
Taught by
Black Hat
Related Courses
-
The Art of File Format Fuzzing
-
Injecting Malware into iOS Devices via Malicious Chargers
-
iOS Kernel Heap Armageddon Revisited
-
With BIGDATA Comes BIG Responsibility - Practical Exploiting of MDX Injections
-
Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing
-
Exploiting QSEE, The Raelize Way
