Explore the security vulnerabilities in Windows development environments through this conference talk from NULLCON Goa 2020. Discover how simply viewing or compiling untrusted source code can lead to remote code execution on a developer's workstation. Delve into the intricacies of Component Object Model (COM), type libraries, and Visual Studio's inner workings as the speaker demonstrates full exploit chains. Learn about the risks associated with common practices like downloading code from sharing platforms such as GitHub. Gain insights into securing development environments and understanding the potential dangers of interacting with untrusted code in integrated development environments for Windows.
Overview
Syllabus
COMpromise: remote code execution in Windows development environments | Stan Hegt | NULLCON Goa 2020
Taught by
nullcon