LAS VEGAS—BLACK HAT 2024—August 7, 2024 – SafeBreach, the pioneer in breach and attack simulation (BAS), today announced three members of its SafeBreach Labs research team will present at the Black Hat USA 2024 and DEF CON 32 conferences in Las Vegas this week. Alon Leviev, Or Yair and Shmuel Cohen are set to present two pieces of original research in three sessions across the conferences.
These talks mark an even bigger achievement for the SafeBreach Labs team, which has established an impressive track record over the last decade. The team has qualified to speak at every Black Hat USA and DEF CON USA event in the past six years, boasting 18 talks between them. They have also made an additional five appearances at Black Hat Europe and Black Hat Asia.
This year’s research talks will demonstrate a number of significant vulnerabilities in the Microsoft Windows operating system that impact the Windows Update process and Google’s Quick Share data transfer utility. Details for each session are included below.
- Windows Downdate: Downgrade Attacks Using Windows Updates
- At Black Hat on Wednesday, August 7 – 10:20 am PT
- At DEF CON on Sunday, August 11 – 10 am PT
- Security Researcher Alon Leviev will present his discovery of several vulnerabilities that allowed him to take over the Windows Update process to craft fully undetectable, invisible, persistent, and irreversible downgrades on critical OS components, elevate privileges, and bypass security features. He will show how, as a result, he was able to make a fully patched Windows machine vulnerable to thousands of past vulnerabilities, turning fixed vulnerabilities into zero-days and making the term “fully patched” meaningless on any Windows machine in the world.
- QuickShell: Sharing is Caring about an RCE Attack Chain on Quick Share
- At DEF CON on Saturday August 10 – 11:30 am PT
- Security Research Team Lead Or Yair and Senior Security Researcher Shmuel Cohen will discuss how they were able to fuzz and identify logic within the Quick Share application for Windows that they could manipulate or bypass to discover 10 unique vulnerabilities. They were then able to assemble several of the vulnerabilities into an innovative and unconventional RCE attack chain that allowed them to run code on Windows computers with Quick Share installed.
“The fact that the SafeBreach Labs team has once again been invited to present their research at these prestigious conferences speaks volumes about their work and their expertise,” said Tomer Bar, VP of Security Research at SafeBreach. “We are proud of the work the SafeBreach Labs team is doing. It not only has a significant impact on our customers—who can leverage this world-class research in the SafeBreach platform—but also the greater cyber security community.”
This announcement comes on the heels of Bar being named to the BlackHat Europe review board and SafeBreach’s 10-year anniversary, which the company celebrated earlier this year. Since its founding in 2014, SafeBreach has helped organizations take a more proactive approach to security by building a powerful BAS platform. It is utilized by some of the largest financial services, healthcare, manufacturing, and transportation organizations in the world to validate security control performance, identify gaps, and take remedial action to strengthen security posture and reduce overall business risk. SafeBreach is the only BAS vendor to maintain a 24-hour service-level agreement (SLA) to add new attacks to its Hacker’s Playbook based on critical US-CERT and FBI Flash alerts, so customers can immediately test against the latest threats. With the industry’s most advanced threat research team, SafeBreach is able to ensure its playbook boasts an unmatched collection of 30,000+ attacks.
For more information about the sessions or to schedule a time to connect with SafeBreach experts at Black Hat USA 2024 on August 6-9 and DEF CON on August 10-13, visit https://www.safebreach.com/black-hat-usa-2024/.