06-28, 15:30–16:00 (US/Eastern), Grand Salon
The Microsoft CryptoAPI provides functionality to perform digital certificate authentication, management and storage, encryption and decryption of data and encoding and decoding of structured data. These are critical pieces of secure communications and present a rich attack surface, much of which is accessible via network protocols. This presentation will look at a vulnerabilitiy research effort into this area of the Windows operating system.
The road to finding remote code execution vulnerabilities is often paved with tears. Bugs may appear obvious in hindsight but in practice finding a weakness in the code and then actually triggering it can be anything but simple. Several RCE vulnerabilities were discovered during the research, the techniques used to find them and the journey to reaching them via a remote code path will be presented.
Erik is a Principal Security Developer with Field Effect. With almost 20 years experience in the computer security field he has found vulnerabilities across a wide range of software and operating systems including Windows, MacOS, iOS and Android.