A vulnerability in the scan engine can be triggered via email. Remote, wormable, and no user interaction required. That would be realistic, I've found and exploited dozens.
-
-
Replying to @taviso @artem_i_baranov
Why not make it a requirement that the exploit has to work against a computer that's turned off? That would be even harder. Totally implausible, but that seems like what you were going for
3 replies 1 retweet 14 likes -
Replying to @taviso
Triggering via email is not universal, because your email client can be configured to remove any attachments or this will be done by AV on email server side (corporate environment). Classic wormable vector implies sending crafted data directly to a process input (network port).
2 replies 0 retweets 0 likes -
Replying to @artem_i_baranov
No, if your *client* is removing the attachment, then a minifilter will still see it. This is a silly excuse, and by those standards your "must work behind NAT" requirement wouldn't qualify either.
1 reply 1 retweet 9 likes -
Replying to @taviso @artem_i_baranov
Why stop at $100k, why not offer a $1M prize and scope it so it's impossible? I don't get it.
1 reply 0 retweets 8 likes -
Replying to @taviso
Prices starting from $1M are related only for iOS 11 and are not related to security products.)
2 replies 0 retweets 0 likes -
Replying to @artem_i_baranov @taviso
"Wormable" email-based exploit for AV engine need standalone email client on user' PC, who use Gmail and should download your crafted file.
1 reply 0 retweets 0 likes -
Replying to @artem_i_baranov
No. Just prefetching activity and cache writes in Gmail is enough to trigger minifilter. How do you not know that, I've sent Kaspersky a working exploit that worked in Gmail before!
2 replies 7 retweets 57 likes -
Replying to @taviso @artem_i_baranov
Clearly they took it seriously and informed their engineers about it. Clearly.
1 reply 0 retweets 12 likes -
I love u both too, but if I did not download a file in Gmail from attachment, I doubt that FS stack will know about it.
1 reply 0 retweets 0 likes
Set up kd, put a breakpoint on your filter and db the data you see, then click around in Gmail. If you see untrusted data, I'm right. If you don't, then you're right. Hint: I'm right. 
-
-
Yes, u need to click Gmail and this is your first action. Wormable vector requires no user actions. That's why payout is high.
2 replies 0 retweets 0 likes -
Replying to @artem_i_baranov @aionescu
It works without user interaction because of prefetching, I've already explained this. Fine, don't click anything, just wait for someone to send you email and watch for activity.
2 replies 0 retweets 8 likes - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.