Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Critical Zero Days Remotely Compromise the Most Popular Real-Time OS

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a critical security presentation from Black Hat that unveils dangerous zero-day vulnerabilities in VxWorks, the most popular real-time operating system. Delve into the exploitation of these vulnerabilities on various devices, including printers and hospital patient monitors. Learn how these exploits can breach networks protected by NAT and firewalls through normal TCP connections. Understand the importance of TCP/IP stacks, their evolution since the 1990s, and the specific vulnerabilities in VxWorks. Witness live demonstrations of exploits, including a potentially life-threatening attack on a hospital bedside patient monitor. Gain insights into heap exploitation strategies and the lack of security features in affected systems. This 44-minute talk by Ben Seri and Dor Zusman provides a comprehensive look at the critical security implications for devices running VxWorks and the urgent need for improved security measures in real-time operating systems.

Syllabus

Introduction
Presentation Overview
Agenda
What is VXWorks
Where VXWorks is used
Why are TCPIP stacks important
TCPIP stacks in the 90s
Wing Nuke
IP Net
Impact evangelism
SonicWALL
Overview
How it works
Basic TCP
TCP Window
Urgent Data
Urgent Pointer
Data Mechanism
VxWorks
Example 5 Way Handshake
Patient Monitor
Three Easy Steps
Dump the Framework
No Security Features
Heap exploitation strategy
Live demo
Patient monitor demo

Taught by

Black Hat

Reviews

Start your review of Critical Zero Days Remotely Compromise the Most Popular Real-Time OS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.