Explore the critical role of instrumentation in identifying file system redirection vulnerabilities during this 27-minute conference talk by Asher Davila at HackMiami. Delve into the challenges posed by symlinks, hard links, and reparse points in Windows systems, and understand why traditional static testing falls short in detecting these complex issues. Learn how dynamic testing, particularly through binary instrumentation using Microsoft's Detours, can effectively uncover security vulnerabilities in privileged file system operations. Gain insights into a systematic approach for hunting file redirection bugs, and discover the limitations of static analysis compared to the power of instrumentation. Benefit from the expertise of Asher Davila, a Mexican vulnerability researcher specializing in binary analysis, exploitation, reverse engineering, and hardware hacking, as he shares his knowledge on IoT and OT vulnerability hunting and security strategies.
Overview
Syllabus
Hunting File System Redirection Bugs Through Instrumentation. Asher Davila
Taught by
HackMiami