all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Kill Latest MPU-based Protections in Just One Shot: Targeting All Commodity RTOSes

Add to bookmarks
Feb. 2, 2024, 6:20 p.m. | Black Hat

Black Hat www.youtube.com

...In this talk, we will present severe security flaws that are universally present in the latest protections of commodity RTOSes, including Amazon's FreeRTOS, ARM's MbedOS, Microsoft's Azure ThreadX, Samsung's TizenRT, and rt-thread. These flaws encompass MPU misconfiguration, the absence of permission checks during mode switching, and more. We will describe our exploitation technique that takes advantage of these security flaws to easily escalate privilege and achieve arbitrary read and write. Through live-demos, we will showcase such exploitation targetting real-world products.... …

amazon arm azure flaws kill latest microsoft misconfiguration mode permission samsung security security flaws targeting

Visit resource

More from www.youtube.com / Black Hat

Startup Spotlight Competition at Black Hat 2 days, 18 hours ago | www.youtube.com
bhusa blackhat cybersecurity infosec +1
Locknote: Conclusions and Key Takeaways from Day 2 3 weeks ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 3 weeks ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 3 weeks ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 3 weeks, 1 day ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 3 weeks, 1 day ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 3 weeks, 5 days ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 3 weeks, 5 days ago | www.youtube.com
analysis ask bad codeql +10
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 3 weeks, 6 days ago | www.youtube.com
attacks call cloudflare detection +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs