Agenda
09:00
Attendant Registration Time
10:00
Welcome Speech
10:10
English
Red
Exploit Development
Fuzzing
Advancements in JavaScript Engine Fuzzing
Carl Smith
11:00
Break
11:20
Mandarin
🍊
Red
Exploit Development
A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned
Orange Tsai
English
Red
Communication
How to hijack a VoLTE network
Pavel Novikov
Mandarin
Blue
Crypto
打造公平的遊戲轉蛋:在不洩漏原始碼的前提下驗證虛擬轉蛋的機率
Jing Jie Wang, 李安傑
12:00
Lunch
13:00
English
Red
Exploit Development
Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings.
Poh Jia Hao
Mandarin
Red
Communication
Reverse Engineering
Decrypting the Secrets of Network Connectivity Devices through Hardware Attacks
Ta-Lun Yen
Mandarin
Red
Exploit Development
BYOVD
Uncovering Kernel Exploits: Exploring Vulnerabilities in AMD's Windows Kernel Drivers
Zeze
13:40
Break
14:00
Mandarin
Red
Exploit Development
Endpoint Security or End of Security? Exploiting Trend Micro Apex One
Lays, Lynn
English
Red
Electron
ELECTRONizing macOS privacy - a new weapon in your red teaming armory
Wojciech Reguła
Mandarin
Red
Exploit Development
Fuzzing
搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘
Pumpkin
Elk on Sesame Street - Cybersecurity Analysis in Action with ELK and BERT
Sheng-Shan Chen, Yuki Hung
14:40
Tea Time
15:10
Mandarin
Red
BYOVD
LPE
現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法
馬聖豪
English
Red
Exploit Development
Electron
Virtual
What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps
Li Jiantao
協會時間
Allen Own, CK
15:50
Break
16:00
Lightning Talk
freetsubasa & Hazel, NoBody
16:30
Closing
17:20
收場
Mandarin
Red
Exploit Development
BYOVD
Uncovering Kernel Exploits: Exploring Vulnerabilities in AMD's Windows Kernel Drivers
R2
Site
13:00 ~ 13:40
Sat, Aug 19
Talk
Type

WDM (Windows Driver Model) drivers are a specific type of Windows kernel driver that utilizes DDI (Device Driver Interfaces) to facilitate communication between drivers. They are responsible for interacting with hardware components. However, if a kernel driver is vulnerable, it can be exploited by attackers to escalate privileges or execute malicious kernel code, which is commonly known as a BYOVD (Bring Your Own Vulnerable Driver) attack.

In this session, I will present five CVEs related to AMD's Windows kernel drivers, specifically CVE-2023-20556, CVE-2023-20561, CVE-2023-20562, CVE-2023-20560, and CVE-2023-20564. These vulnerabilities were discovered through a combination of fuzzing and manual reverse-engineering techniques. Among them, three are denial of service vulnerabilities, and two are elevation of privilege vulnerabilities found in AMD products, namely AMD μProf and AMD Ryzen Master, which are related to AMD's CPU. The denial of service vulnerabilities are caused by a lack of input buffer validation, controlled by an attacker, leading to null pointer dereference. The other two elevation of privilege vulnerabilities are a result of insufficient access control, allowing an attacker to write into arbitrary virtual and physical memory, respectively.

After months of communication with the AMD PSIRT, the assignment of five CVEs has been confirmed, and the date for public disclosure has been established. AMD PSIRT has displayed a commendable response to these security issues and has actively addressed them.

Zeze

Zeze is a volunteer staff in HITCON and a security researcher at TeamT5, specializing in Windows security. He has successfully uncovered and reported tens of CVEs related to the Windows kernel. Zeze is a member of the NTU DCNS Lab and is a participant in the BambooFox and ⚔️TSJ⚔️ CTF teams. Furthermore, Zeze has presented as a speaker at HITCON 2022, VXCON 2022, and CYBERSEC 2023, where he discussed various topics related to the Windows kernel.

© 2023 HITCON, All Rights Reserved.