Cautious: A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe | allinfosecnews.com

Nov. 17, 2022, 5:22 p.m. | Black Hat

Black Hat www.youtube.com

...In this talk, we present a novel exploitation method pushing the dirty pipe to the next level. To be specific, given a vulnerability with a double-free ability, we will demonstrate that our exploitation method could obtain the dirty-pipe-like ability to overwrite an arbitrary file to escalate privilege. Exploits utilizing our method inherit the advantage of the dirty pipe that the code would work on any version of the kernel affected without modification. We argue that our new exploitation method is …

dirty pipe exploitation

More from www.youtube.com / Black Hat

Locknote: Conclusions and Key Takeaways from Day 2 2 weeks ago | www.youtube.com

black hat black hat europe board board members +15

Locknote: Conclusions and Key Takeaways from Day 1 2 weeks ago | www.youtube.com

black hat black hat europe board board members +16

Keynote: My Lessons from the Uber Case 2 weeks ago | www.youtube.com

addition best practices case convicted +16

Keynote: Industrialising Cyber Defence in an Asymmetric World 2 weeks, 1 day ago | www.youtube.com

adversaries challenge cyber cyber defence +10

The Black Hat Europe Network Operations Center (NOC) Report 2 weeks, 1 day ago | www.youtube.com

back black hat black hat europe center +14

My Invisible Adversary: Burnout 2 weeks, 5 days ago | www.youtube.com

adversary attackers attacks burnout +11

The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 2 weeks, 5 days ago | www.youtube.com

analysis ask bad codeql +10

A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 2 weeks, 6 days ago | www.youtube.com

attacks call cloudflare detection +10

Collide+Power: The Evolution of Software-based Power Side-Channels Attacks 2 weeks, 6 days ago | www.youtube.com

addition attacks build collide+power +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Cloud Technical Solutions Engineer, Security

@ Google | Mexico City, CDMX, Mexico

View on infosec-jobs.com

Assoc Eng Equipment Engineering

@ GlobalFoundries | SGP - Woodlands

View on infosec-jobs.com

Staff Security Engineer, Cloud Infrastructure

@ Flexport | Bellevue, WA; San Francisco, CA

View on infosec-jobs.com

Software Engineer III, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA

View on infosec-jobs.com

Software Engineering Manager II, Infrastructure, Google Cloud Security and Privacy

@ Google | San Francisco, CA, USA; Sunnyvale, CA, USA

View on infosec-jobs.com