Raptor at INFILTRATE 2019

2019 marks 20 years of my professional career in information security. What better way to celebrate this milestone than to give a talk at INFILTRATE?

For those who are not in the loop, “INFILTRATE is a deeply technical conference that focuses entirely on offensive security issues. Groundbreaking researchers demonstrate techniques that you cannot find elsewhere. Learn computer and network exploitation, vulnerability discovery, and rootkit & trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of hard-core thought-provoking technical meat”.

The title of my talk is: “A bug’s life: story of a Solaris 0day”. Here’s the abstract: “In this talk, I will cover the fascinating story of a Solaris 0day bug discovered 18 years ago and still alive as of today. I intend to show how the original discoverer researched the vulnerable software, how it happened that I stumbled upon his work and rediscovered the vulnerability in 2004, and how it remained unpatched for all these years. A reliable exploit tested on Solaris 10 1/13 (Update 11) will be presented and commented”.

The talk was accepted and Dave Aitel posted a terrific speaker introduction, which I’m still planning to put up on my wall 😉

Even better, my presentation wasn’t just a regular talk: in an unexpected turn of events, I had to step in and give my talk as the conference’s opening keynote.

I’m not gonna say more, ’cause I don’t wanna reveal the contents of the presentation here… So, without further ado, here are the links to the video and to my party pack (which includes the slide deck and the official advisory, along with bonus 0day exploits for multiple platforms and other goodies):

https://vimeo.com/335197685
https://github.com/0xdea/raptor_infiltrate19

INFILTRATE 2019 was a total blast! It left me with the will to hack stuff and enjoy it like it was 1999. Once again, I would like to thank all who made it possible. You rock!

I would also like to thank Jon Trulson (maintainer of the open source CDE project), Alan Coopersmith, and Ritwik Ghoshal (Oracle Security team) for their smooth and professional handling of my vulnerability report, especially given the unusual circumstances.