ChaMd5 Team 00后登上国际安全顶会BlackHat!
日前,全球顶尖安全技术会议BlackHat Asia在新加坡召开,ChaMd5 Team成员zhefox受邀参会并作主题演讲。
议题介绍
《A Glimpse Into The Protocol: Fuzz Windows RDP Client For Fun And Profit》
At the end of June 2023, we decided to conduct vulnerability research on the Windows RDP client. Initially, we read some publicly available blogs and modified two open-source Windows RDP fuzzing projects. During this process, we successfully identified an old Windows RDP client vulnerability but did not discover any new vulnerabilities.
Just when we were hesitating, we studied Yuki Chen's presentation slides at Blackhat USA 2023. Subsequently, we decided to incorporate race conditions into the vulnerability research of the Windows RDP protocol, leading us to eventually uncover several remote code execution vulnerabilities in Windows RDP client.
This presentation will share the entire process of our Windows RDP client vulnerability research: why we chose Windows RDP as the target, how we collect public information to initiate research, how we modified open-source fuzzing tools to improve them, and how we overcame challenges to discover several remote code execution vulnerabilities in Windows RDP clients. We will also share details of the discovered Windows RDP client vulnerabilities.
At the end of this presentation, we will integrate the experiences mentioned above and give some recommendations for Windows RDP vulnerability defence.
目前,该议题的演讲PPT已经在BlackHat官网公开,有兴趣的读者请点击文末“阅读原文”了解更多精彩内容。
- END -
关注公众号:拾黑(shiheibook)了解更多
[广告]赞助链接:
四季很好,只要有你,文娱排行榜:https://www.yaopaiming.com/
让资讯触达的更精准有趣:https://www.0xu.cn/

随时掌握互联网精彩
赞助链接
排名
热点
搜索指数
- 1 中国是世界绿色发展的坚定行动派 7904154
- 2 中国这两个邻国又到战争边缘 7808092
- 3 “中国赢下了这一轮” 7712173
- 4 航天员乘组拍下“太空全家福” 7618056
- 5 不要欺负七旬老人唐国强 7519801
- 6 成本9元素颜霜标38元卖出500多万 7428942
- 7 #小米猿辅导式超长加班该如何叫停# 7328375
- 8 妥协换不来尊重 日本又给打了个样 7235602
- 9 Create2025百度AI开发者大会 7141801
- 10 儿子悄悄考上北大妈妈惊成静止画面 7043079