March 2022 ISACA Puget Sound Chapter Meeting

When:  Mar 15, 2022 from 12:00 to 13:00 (PT)

How Automating CVE Analysis Led to Dozens of New DLL Hijacking Flaws

Tim Morgan will explain what DLL sideloading is, the variety of ways it can be exploited, and how big of a problem it is. As any seasoned security professional knows, many published security vulnerabilities and attacks are over-hyped. What makes something newsworthy is not always that it poses a significant risk to most organizations. One type of attack technique that often fails to receive enough attention is DLL sideloading (or DLL hijacking). Due to their widespread nature and the ease of exploit development, these flaws are unappreciated gems for digital adversaries.

The DeepSurface research team regularly performs analysis of thousands of CVEs to help understand how these impact customer environments. In order to save ourselves time analyzing a certain class of flaw, we developed a tool to automatically identify Windows services that are vulnerable to DLL sideloading. What we were surprised to find was that a shocking number of Windows services are vulnerable to these attacks in real world deployments.

In this talk, we provide an overview of DLL sideloading, the variety of ways it can be exploited, and just how big of a problem it is, based on our analysis of several customer environments. We conclude with a discussion of how to detect and defend against these issues.

Speaker Bio:

Tim Morgan is the founder and CTO of DeepSurface Security, where he designed an innovative risk-based vulnerability management product that helps security teams gain a much deeper understanding of the complex relationships present in their digital infrastructures.

After beginning his career as a software developer, he transitioned to application security and vulnerability research and, over the last 24 years has worked as a penetration tester, digital forensics researcher and application security expert.

In addition to his day-to-day work, Tim has presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.

Location: Virtual Meeting

Pricing: Members - Free; Non-members - $20

Instructional delivery method: Online

CPE credit(s): 1 hour

Refund Policy: Refunds up to 1 day before event


Online Instructions:
Login: Zoom details will be provided after registration