George+Robert making the case for hunting reliable, arch-agnostic logic flaws. Revealing 1 logic flaw doesn't always disclose others.
-
-
-
Talking from experience with pwn2own
#youkillityoueatitpic.twitter.com/1fZFKHpnov
-
How do you find logic flaws? In a word, experience. Lots of vague advice: try threat modeling, identify trust boundaries, think really hard.
-
This talk summarizes pretty well another reason why I won't use Android. Rich IPC enables trivial attacks between sandboxed apps.
-
MWR is abusing a trick in Android Chrome to reflect Android IPC calls all over the place. Feels like exploiting XSS.
-
Here's the Chrome feature that enabled MWR's Pwn2own exploit. It allows attacks where forms can POST local data backhttps://groups.google.com/a/chromium.org/forum/m/#!topic/chromium-reviews/xEaI6q7lQdg …
-
and here's the fix from Chrome https://bugs.chromium.org/p/chromium/issues/detail?id=659492 …
- 2 more replies
New conversation -
-
-
Not as many people as you think at any given time are fuzzing.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Also '0day' fuzzing techniques. I can imagine being the only person in the world with afl-fuzz you would do ok...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I think this is true for some (most?) open source codebases unless you find an attack surface nobody has looked at (Stagefright?).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Fuzzing is large funnel to pri for further analysis. Not only approach, but ok start. We've seen diff teams use same tools w diff results.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.