BornHack 2021 Info Program Villages Sponsors Teams Maps Facilities Phonebook
BornHack 2021 Info Program Villages Sponsors Teams Maps Facilities Phonebook
 
Schedule Events Speakers Call for Participation
Schedule Events Speakers Call for Participation

Return to schedule

Hafnium from the inside Feedback

The process from initial IR call to discovering the 0-day later called 2021-26857. Brief discussion of the submission process with Microsoft and a technical look on the actual exploit. No longer fully NDA'd, so I can share the exploit, slightly redacted. Will have a working demo, might have produced a full PoC by August.

CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.

*Customer in the IR case have requested that as little as possbile is shared, so I would prefer not to have it recorded.

Speakers for Hafnium from the inside:

Lars W. Birch

Metadata for Hafnium from the inside

To be recorded: No

URLs for Hafnium from the inside

No URLs found.

Schedule for Hafnium from the inside

  • Sunday, Aug 22nd, 2021, 15:00 (CEST) - Sunday, Aug 22nd, 2021, 16:00 (CEST) at Speakers Tent