TYPHOONCON 2020 SPEAKER

Boris Larin & Alexey Kulaev

TyphoonCon 2020 Speaker

Boris Larin | Senior Security Researcher at Kaspersky. 
Location: Courtyard by Marriott Seoul Namdaemun, Seoul, Korea
Title: Technical analysis of “Operation WizardOpium” zero-day exploits
Date: June 18th, 2020

BIO

Boris Larin (@oct0xor) is a Senior Security Researcher in the Global Research and Analysis Team at Kaspersky. In his current role, Boris is responsible for finding zero-days exploits in the wild. Boris is very passionate about reverse engineering and has been doing it for the last decade, performing vulnerability research on different CPU architectures and systems. Recently he had become the first researcher participating in the private Sony PlayStation bug bounty program. 

Boris also specialize in discovery of supply chain attacks and he is the original discoverer of ASUS “Operation ShadowHammer” and a few others. His latest write-ups about zero-day exploits and the inner workings of commonly exploited software can be found on Securelist.com.

LECTURE DETAILS

At the end of 2019 we have caught a new unknown exploit that was distributed with waterhole-style injection on a Korean-language news portal. After removing multiple layers of obfuscation it appeared that we have found a zero-day that was exploiting unpatched vulnerability in one of the recent versions of Google Chrome. The final payload of this attack had no definitive links with any known threat actors and we have called it “Operation WizardOpium”. In our presentation, we would like to focus on analysis of exploits and vulnerabilities used in “Operation WizardOpium” as our further research revealed the use of multiple unatched vulnerabilities.