Exploiting Blind Memory Corruption in Cloud Services
DAY 2
11:30-
12:10
Memory Corruption is not commonly associated with Cloud Security. While taken seriously, it is a theoretical risk that is rarely reported to be exploited successfully. We believe that there are multiple reasons: Cloud services are typically written in Memory Safe languages and run behind Load Balancers that introduce variability that defeats common Exploit techniques. Finally, attackers are missing crucial information about the binary they are targeting, such as offsets for ROP chains etc.
In this talk, we explain how attacking Cloud services differs from conventional Memory Corruption targets and challenges that attackers need to overcome. We then go in-depth into an end-to-end vulnerability chain that resulted in Remote-Code-Execution on Google Cloud’s Artifact Analysis backend.
Our goal for this talk is to demonstrate that exploiting Memory Corruption vulnerabilities is feasible, even when using Memory Safe languages and without attacker knowledge of the backend binary.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
Technical
-
-
Share :
Speakers
-
Anthony Weems
アンソニー・ウィームズ
Anthony Weems is a Staff Security Engineer on Google's Cloud Vulnerability Research team.
-
Stefan Schiller
ステファン・シラー
Stefan Schiller is a Security Engineer in Google’s Cloud Vulnerability Research team. He has been passionate about software and programming since his early childhood. With a background in red teaming, he has been working in the field of offensive IT security for quite a while now.
-
Simon Scannell
サイモン・スキャネル
Simon is a self-taught Vulnerability Researcher at Google who is passionate about playing CTF, traveling, and sports. He has come up with ways to find 0days in some of the most popular web applications such as WordPress, MyBB, and Magento2. He has also developed exploits for the Linux Kernel and Counter-Strike: Global Offensive.