Explore a comprehensive DEF CON 31 conference talk that delves into the security vulnerabilities of terminal systems, tracing back 60 years to the inception of the ASCII standard and its introduction of the Escape character. Learn about the historical evolution of terminals as essential tools for operating system interaction, and discover how underlying escape codes, defined by standards from the 1970s, create potential attack surfaces. Examine multiple remote code execution vulnerabilities found across various platforms, including Microsoft's terminal support, and understand how these security flaws can be exploited when combined with other vulnerabilities. Follow along as the research reveals critical findings about terminal security weaknesses and innovative exploit delivery methods, building upon HD Moore's foundational work from 20 years ago on terminal vulnerabilities and CVEs.
Overview
Syllabus
DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater
Taught by
DEFCONConference