EDR Reloaded - Exploiting Endpoint Security Vulnerabilities for Remote Data Erasure

Discover the critical vulnerabilities in endpoint security controls that allow adversaries to remotely delete essential data from fully patched servers. Explore a brand-new category of vulnerability (CVE-2023-24860) affecting multiple well-known endpoint security products, enabling unauthenticated remote deletion of critical files like entire production databases. Learn about the root cause, multiple attack vectors, and the limitations of vendor patches. Witness demonstrations of remote database deletion, denial of service attacks, and the ability to bypass Microsoft's patch (CVE-2023-36010) to continue exploiting various database systems. Gain insights into the potential for self-cannibalism of security logs and the deletion of crucial configuration files. This 40-minute Black Hat conference talk, presented by Tomer Bar and Shmuel Cohen from SafeBreach, reveals the alarming implications of these vulnerabilities for both Linux and Windows systems and emphasizes the need for improved endpoint security measures.