Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Remotely Exploiting the ClamAV Antivirus Engine - CVE-2023-20032 Case Study

Recon Conference via YouTube

Overview

Dive into a comprehensive case study on exploiting CVE-2023-20032, a heap-buffer-overflow vulnerability in ClamAV, an open-source antivirus engine maintained by Cisco. Explore the challenges of remotely exploiting antivirus software and learn about a unique technique to bypass ASLR. Understand the potential impact of compromising ClamAV, which is widely used in email servers and appliances, potentially allowing attackers to access emails and control network traffic. Gain insights into the large attack surface exposed by antivirus engines and the difficulties posed by modern mitigations. Discover the lessons learned from developing a reliable exploit that achieves remote code execution, and consider how this technique can be applied to similar targets.

Syllabus

Recon 2023 Simon Scannell Remotely Exploiting An Antivirus Engine

Taught by

Recon Conference

Reviews

Start your review of Remotely Exploiting the ClamAV Antivirus Engine - CVE-2023-20032 Case Study

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.