Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Discover a critical security presentation from Black Hat that exposes the "Best Fit" feature in Windows - a long-existing but overlooked character conversion mechanism that creates significant security vulnerabilities. Learn how this system-wide behavior in Windows C/C++ Runtime and APIs can be exploited as a novel attack vector to bypass security mechanisms, execute argument injection attacks, and even achieve arbitrary code execution. The 40-minute talk by Orange Tsai and Splitline Huang from DEVCORE reveals vulnerabilities across numerous applications including Microsoft Office, cURL, PHP, Subversion, and Windows built-in executables. See demonstrations of how attackers can achieve remote code execution in PHP, Microsoft Office, and applications using vulnerable command line tools like pip, composer, and git. Gain insights into effective coding practices and design strategies to mitigate these risks that have lurked in Windows for decades.
