Overview
Explore the exploitation of Windows Communication Foundation (WCF) endpoints for remote code execution and privilege escalation in this conference talk from BSidesSF 2019. Delve into the vulnerabilities discovered in 2018 affecting various software products, including VPN clients, network monitoring tools, and antivirus software. Learn about the unintended exposure of powerful capabilities and the bypassing of security mechanisms in WCF services. Gain insights into the process of identifying vulnerabilities and developing exploits, with a focus on a real-world example involving a 0-day privilege escalation in Check Point's ZoneAlarm antivirus product. Increase your awareness of WCF as a potential attack surface and acquire practical knowledge for finding and exploiting these types of bugs.
Syllabus
BSidesSF 2019 - Abusing WCF Endpoint for RCE and Privilege Escalation (Christopher Anastasio)
Taught by
Security BSides San Francisco