Finally, some help with explaining Internet security to my non-geek friends! The Guide to Scary Internet Stuff video series will hopefully make my life a little easier. Explaining the intricacies of Internet security is a challenging task.
Some of my colleagues from Symantec and I attended Black Hat in Las Vegas this past week. Wednesday was the first day of talks and there were some very interesting topics discussed. For me, the highlights were the following talks:
In part one of this blog, I gave an overview of the exploitation flow for the recent DirectShow vulnerability. With no patch for this vulnerability available as of yet, the fact that we are seeing this exploit used more commonly in the wild is worrying.
In this article I will outline the stages involved in the full exploitation of the recent DirectShow vulnerability. In particular I will discuss a specific example of how this exploit was used in the wild.