Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a technical conference talk from Black Hat that delves into four zero-day vulnerabilities discovered within OpenVPN repositories affecting millions of endpoints worldwide. Learn about the complex exploit chain that enables remote code execution through OpenVPN's plugin mechanism, followed by NT System service exploitation and named pipe instance manipulation, ultimately achieving privilege escalation and kernel code execution via BYOVD (bring your own vulnerable driver). Understand the technical intricacies of how these vulnerabilities were uncovered in OpenVPN's multi-process system, spanning across Windows, iOS, macOS, Android, and BSD platforms. Gain valuable insights into mitigation techniques and defense strategies through a comprehensive demonstration of the complete attack chain, including RCE, LPE, and KCE vulnerabilities. Senior Security Researcher Vladimir Tokarev from Microsoft presents this 34-minute session, offering detailed root-cause analysis and practical defensive measures against these critical security risks.
