TyphoonCon 2020 Speaker
Boris Larin is a Senior Security Researcher in the Global Research and Analysis Team at Kaspersky.
In his current role, Boris is responsible for finding zero-days exploited in the wild. Boris is very passionate about reverse engineering and has been practicing it for the last decade, performing vulnerability research on different CPU architectures and systems. Recently he has become the first researcher to take part in the private Sony PlayStation bug bounty program. Boris also specializes in discovery of supply chain attacks and he is originally discovered ASUS “Operation ShadowHammer” and a few others. His latest write-ups about zero-day exploits and the inner workings of commonly exploited software can be found on Securelist.com.
Alexey Kulaev is a Senior Malware Analyst in Exploits and Network Threats Detection Team at Kaspersky. In his current role, Alexey is responsible for development of exploit detection technologies. In his free time he likes to examine attack surface of video games consoles (such as PS4 or Xbox One) by developing web browser exploits for them. Besides that, he is publicly known as one of the most active developers of PS4 console hacking scene.
Boris Larin | Senior Security Researcher at Kaspersky.
Location: Courtyard by Marriott Seoul Namdaemun, Seoul, Korea
Title: Technical analysis of “Operation WizardOpium” zero-day exploits
Date: June 18th, 2020
BIO
Boris Larin (@oct0xor) is a Senior Security Researcher in the Global Research and Analysis Team at Kaspersky. In his current role, Boris is responsible for finding zero-days exploits in the wild. Boris is very passionate about reverse engineering and has been doing it for the last decade, performing vulnerability research on different CPU architectures and systems. Recently he had become the first researcher participating in the private Sony PlayStation bug bounty program.
Boris also specialize in discovery of supply chain attacks and he is the original discoverer of ASUS “Operation ShadowHammer” and a few others. His latest write-ups about zero-day exploits and the inner workings of commonly exploited software can be found on Securelist.com.
LECTURE DETAILS
At the end of 2019 we have caught a new unknown exploit that was distributed with waterhole-style injection on a Korean-language news portal. After removing multiple layers of obfuscation it appeared that we have found a zero-day that was exploiting unpatched vulnerability in one of the recent versions of Google Chrome. The final payload of this attack had no definitive links with any known threat actors and we have called it “Operation WizardOpium”. In our presentation, we would like to focus on analysis of exploits and vulnerabilities used in “Operation WizardOpium” as our further research revealed the use of multiple unatched vulnerabilities.
