Emulating Hypervisors: a Samsung RKP case study (OffensiveCon 2020)
Hello, I'm Aris Thallas, a computer security researcher working at CENSUS. Back in February 2020 I had the pleasure of presenting my work on proprietary hypervisor emulation and bug discovery at the OffensiveCon 2020 conference.
GDCM buffer overflow in ImageRegionReader :: ReadIntoBuffer
CENSUS ID: | CENSUS-2016-0001 |
CVE ID: | CVE-2015-8396 |
Affected Products: | Applications using GDCM versions < 2.6.2 and the ImageRegionReader :: ReadIntoBuffer API call |
Class: | Integer Overflow or Wraparound (CWE-190) |
Discovered by: | Stelios Tsampas |
Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.
5th InfoCom Security Conference
CENSUS was one of the sponsors of the 5th InfoCom Security conference, that was held on April 1st, 2015 at the Divani Caravel hotel in Athens, Greece. At the 17:30 session, our director of Security Testing services Mr Nikolaos Tsagkarakis delivered a presentation entitled “‘Malicious’ Technologies” in which he showed how technologies and techniques used by attackers can be used for the production of more secure systems.
How to enhance penetration testing through vulnerability research
The slides from my short presentation on “How to enhance penetration testing through vulnerability research” from the 3rd Infocom Security conference, are now available here (in Greek).