Explore the world of email client and server vulnerabilities in this 43-minute Black Hat conference talk. Delve into research conducted at Microsoft on Outlook and Exchange, uncovering potential attack vectors and bugs in targets without scripting capabilities. Learn about identifying valid entry points, understanding the attack surface, and discovering "scary dragons" in email exploits. Examine specific vulnerabilities such as RTF issues, audio objects, invoke monikers, and Windows chat links. Gain insights into bug fixes, common marshalling techniques, and Exchange-specific vulnerabilities. Equip yourself with knowledge to hunt for bugs and catch dragons in email security landscapes.
Overview
Syllabus
Introduction
Email Exploits
Attack Surface
Why Im doing this
TAF
RTF Issues
Video Interrupt
Audio Objects
Invoke monikers
Windows chat links
Video controller
Bug fixes
Common marshalling
Exchange
XR PCM
PostReply
Conclusion
Taught by
Black Hat
