Overview
Syllabus
black hat EUROPE 2021
Reparse Points
File Redirection Attacks
File Redirection Mitigations #3
Make the exploitation harder
The unique vulnerability discovery strategy
Reset Solitaire
Root cause: vulnerable code
Challenges
Re-visit the vulnerability
File Operations Timeline
Race Window #0
Success rate expectation
Stability, stability, stability!
Reparse Data Structure
Reparse Point Tag
The memory corruption vulnerability model
Find the target - dynamic
Memory corruption vulnerability examples
Desktop bridge activation
Create the client
Read reparse point in Appinfo service
Set reparse point for OOB read
Out of bounds read crash
Race condition
MSRC response and timeline
The new attack surface impact
Future bug hunting insights
Summary
Taught by
Black Hat