Johnny cache and David Maynor: Device Drivers
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
English - June 04, 2006 23:10 - 57 minutes - 162 KB Video - ★★★★ - 4 ratingsTechnology News Tech News blackhat usa 2006 black hat vegas blackhat vegas hacking convention computer security speeches presentations spoken word video Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Application level security is getting better. Basic stack based string overflows have become rare, and even simple heap overflows are getting hard to find. Despite this fact there is still a huge avenue of exploitation that has not been tapped yet: device drivers. Although they don’t sound very interesting, they are full of simple security programming errors as they are often developed for performance and in tight time frames. The traditional thinking is that although the code is bad an attacker can’t really get to it. Development of reliable off the shelf packet injection techniques combined with the excessive complexity of the 802.11 protocol creates a perfect combination for security researchers. Ever seen a laptop owned remotely because of a device driver? Want to?