QuickShell:分享即关爱——针对 QuickShare 的远程代码执行攻击链.pdf

编号:982138 PDF 104页 5.78MB 下载积分:VIP专享
下载报告请您先登录!

1、QuickShellSharing is caring about an RCE attack Sharing is caring about an RCE attack chain on Quick Sharechain on Quick ShareOr YairSecurity Research Team Lead at SafeBreach8 years in Security ResearchPast research in Linux,embedded,Android5 years Windows researchShmuel Cohen-Contributer6+years in

2、Security IndustryPast APT Malware Researcher4+years Windows researchAgendaWhy Quick ShareProtocol OverviewFuzzingResearch Approach Shift+Vulnerability DiscoveryRCE ChainTakeawaysGitHub+Q&AWhat is Quick Share?Quick ShareWhy Quick Share?Quick Share Windows VersionQuick Share Pre-installation“were work

3、ing with leading PC manufacturers like LG to expand Quick Share to Windows PCs as a pre-installed app.”Google:Quick Share Communication MethodsVarious communication methods1st time by Google on WindowsPrevious Research2019 by Daniele Antonioli,Nils Ole Tippenhauer,Kasper Rasmussen:“Nearby Threats:Re

4、versing,Analyzing,and Attacking Googles Nearby Connections on Android”About Nearby Connections APIOnly AndroidNo CVEshttps:/francozappa.github.io/publication/rearby/paper.pdfNearby&Chromium Open-Source ReposContain part of the code for Quick Share for Windows New Windows App New App New vulnsWindows

5、 app will be pre-installedVarious communication methods Various attack vectorsGoogles first Windows app to use these APIsSome of the code is open-sourceNo CVEsWhy Quick ShareResearch GoalFirst RCE in Quick ShareProtocol InvestigationInvestigating The“nearby”repoFinding the communication functions Se

6、nd&Recv:Protobuf and Offline FramesProtobuf and Offline Framesoffline_wire_formats.protoQuickSniff 1stToolHooking Quick Share to sniff sent and received Offline Frames on WindowsProtocol OverviewNearby Connections APIQuick Share ImplementationNearby Connections APIProtobuf BasedEncryption-Googles Uk

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(QuickShell:分享即关爱——针对 QuickShare 的远程代码执行攻击链.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠