29C3 - Version 1.9

F/a{hr-p).l//a,n
2.9/C-3

Speakers
Julia Wolf
Schedule
Day Day 3 - 2012-12-29
Room Saal 6
Start time 11:30
Duration 01:00
Info
ID 5417
Event type Lecture
Language used for presentation English
Feedback

CVE-2011-3402 Technical Analysis

CVE-2011-3402 is well known as the Windows Kernel TrueType [Font] 0-day used in the "Duqu" attack(s). Recently this exploit has begun to appear in several crimeware exploit kits... Actually, not merely just the exploit, but the entire font file used by Duqu, now being harnessed to infect a large population with malware. This talk will mostly be an extremely low-level walk-through of the font program within this TrueType font, which is used to manipulate the Windows Kernel into executing the native x86 shellcode.