In this presentation, we detail a new attack vector against SMBv2, affecting all versions of IE, including the Spartan version shipped with Windows10. While attacks involving SMB have long time been common in LANs, our attack allows complete user compromise from the internet. By leveraging a series of bugs and malfunctions, we'll see how remote credentials theft or user impersonation can be performed without user interaction, extremely reliably, and from the Internet.
Jonathan Brossard is currently working as Principal Engineer in Product Security at Salesforce.com (San Francisco). Having published multiple security projects for over a decade, including the Rakshasa BIOS backdoor, research in exploit automation and proving (PMCMA), vulnerabilities and exploits against Microsoft Bitlocker, SAP, IE, and most BIOSes on the planet, he has presented some of his contributions to low level security at CCC, Black Hat, DEFCON, Syscan, HITB and other security conferences. On his spare time, Jonathan reviews whitepapers for the NoSuchCon (Paris) and Shakacon (Hawaii) conferences.
Hormazd Billimoria is a security engineer at Salesforce with an interest in web security. A long time code and security enthusiast from his high school days, he recently earned his masters degree from Carnegie Mellon. His past research includes side channel attacks for encrypted traffic and cross VM side channel attacks. In his spare time he loves breaking and finding security vulns in software that he uses everyday.