Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Abusing WCF Endpoint for RCE and Privilege Escalation

Security BSides San Francisco via YouTube

Overview

Explore the exploitation of Windows Communication Foundation (WCF) endpoints for remote code execution and privilege escalation in this conference talk from BSidesSF 2019. Delve into the vulnerabilities discovered in 2018 affecting various software products, including VPN clients, network monitoring tools, and antivirus software. Learn about the unintended exposure of powerful capabilities and the bypassing of security mechanisms in WCF services. Gain insights into the process of identifying vulnerabilities and developing exploits, with a focus on a real-world example involving a 0-day privilege escalation in Check Point's ZoneAlarm antivirus product. Increase your awareness of WCF as a potential attack surface and acquire practical knowledge for finding and exploiting these types of bugs.

Syllabus

BSidesSF 2019 - Abusing WCF Endpoint for RCE and Privilege Escalation (Christopher Anastasio)

Taught by

Security BSides San Francisco

Reviews

Start your review of Abusing WCF Endpoint for RCE and Privilege Escalation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.