nedwill

In this talk, I discuss how to reliably find bugs in the Chrome IPC system with the goal of escaping the sandbox. I show how to enumerate the attack surface, how to identify the weak areas, and how to fuzz those areas efficiently to consistently produce bugs.

Since the win32k lockdown on the Chrome renderer process, full chain Chrome exploits on Windows have become very rare, with the most recent successful competition exploit occurring in 2015. By applying new fuzzing strategies, I was able to identify many vulnerabilities in the sandbox in the past year, one of which I used to demonstrate a full chain exploit at Hack2Win this year when combined with a teammate's RCE bug. In this talk I hope to show how I found these bugs by using extremely targeted fuzzing in a way that was easy to setup but reliably had great results, and briefly cover how we leveraged one use after free bug to fully escape the sandbox.

This talk will give a unique insight of what happens when consoles have been hacked already, but not all secrets are busted yet. This time we will not only focus on the Nintendo 3DS but also on the Wii U, talking about our experiences wrapping up the end of an era. We will show how we managed to exploit them in novel ways and discuss why we think that Nintendo has lost the game.

As Nintendo's latest game consoles, the 3DS and Wii U were built with security in mind. While both have since been the targets of many successful attacks, certain aspects have so far remained uncompromised, including critical hardware secrets. During this talk, we will present our latest research, which includes exploits for achieving persistent code execution capabilities and the extraction of secrets from both Wii U and 3DS. Basic knowledge of embedded systems, CPU architectures and cryptography is recommended, though we will do our best to make this talk accessible and enjoyable to all. We also recommend watching the recording of last year's C3 talk called "Console Hacking - Breaking the 3DS".

Other people: derrek naehrwert