The Key to COMpromise, Writing to the Registry (again), Part 4
In joined research between cirosec and Neodyme several vulnerabilities were found in Antivirus (AV) and Endpoint Detection and Response (EDR) products that could, in theory, allow privilege escalation to SYSTEM on millions of devices, assuming initial access was gained.
In this final part of our series on COM hijacking, we will examine a custom-named pipe IPC protocol implemented by Bitdefender Total Security and detail our approach to reverse engineering it. We will explore how we could use COM hijacking and this custom communication to gain SYSTEM privileges (CVE-2023-6154). Additionally, we will examine how to mitigate the vulnerabilities discussed throughout this series of blog posts. Lastly, we will demonstrate how COM hijacking can be exploited to perform a Denial-of-Service (DoS) attack on security products.
Find out more on our website at https://cirosec.de/en/news/the-key-to-compromise-part-4/.
#ITSecurity #cybersecurity #ITSicherheit #research #blog #vulnerabilities
In joined research between cirosec and Neodyme several vulnerabilities were found in Antivirus (AV) and Endpoint Detection and Response (EDR) products that could, in theory, allow privilege escalation to SYSTEM on millions of devices, assuming initial access was gained.
In this final part of our series on COM hijacking, we will examine a custom-named pipe IPC protocol implemented by Bitdefender Total Security and detail our approach to reverse engineering it. We will explore how we could use COM hijacking and this custom communication to gain SYSTEM privileges (CVE-2023-6154). Additionally, we will examine how to mitigate the vulnerabilities discussed throughout this series of blog posts. Lastly, we will demonstrate how COM hijacking can be exploited to perform a Denial-of-Service (DoS) attack on security products.
Find out more on our website at https://cirosec.de/en/news/the-key-to-compromise-part-4/.
#ITSecurity #cybersecurity #ITSicherheit #research #blog #vulnerabilities
The Key to COMpromise - Part 4 - cirosec
February 26, 2025 - In this final part of our series on COM hijacking, we will examine a custom-named pipe IPC protocol implemented by Bitdefender Total Security and detail our approach to reverse engineering it.ne@cirosec.de (cirosec)
