Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

EDR Reloaded - Exploiting Endpoint Security Vulnerabilities for Remote Data Erasure

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Discover the critical vulnerabilities in endpoint security controls that allow adversaries to remotely delete essential data from fully patched servers. Explore a brand-new category of vulnerability (CVE-2023-24860) affecting multiple well-known endpoint security products, enabling unauthenticated remote deletion of critical files like entire production databases. Learn about the root cause, multiple attack vectors, and the limitations of vendor patches. Witness demonstrations of remote database deletion, denial of service attacks, and the ability to bypass Microsoft's patch (CVE-2023-36010) to continue exploiting various database systems. Gain insights into the potential for self-cannibalism of security logs and the deletion of crucial configuration files. This 40-minute Black Hat conference talk, presented by Tomer Bar and Shmuel Cohen from SafeBreach, reveals the alarming implications of these vulnerabilities for both Linux and Windows systems and emphasizes the need for improved endpoint security measures.

Syllabus

EDR Reloaded: Erase Data Remotely

Taught by

Black Hat

Reviews

Start your review of EDR Reloaded - Exploiting Endpoint Security Vulnerabilities for Remote Data Erasure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.