__ __         __   ________  __ 
  / // /__ _____/ /__/ ___/ _ \/ / 
 / _  / _ `/ __/  '_/ (_ / // / /__

Torta Ahogada Track

Hunting file system redirection bugs through instrumentation

In recent years, the security landscape of file systems has been increasingly challenged by vulnerabilities related to file redirection mechanisms such as symbolic links, hard links, and reparse points in Windows systems. This talk will focus on the limitations of traditional static testing methods in identifying these complex vulnerabilities. It will argue for the necessity of dynamic testing. A primary focus will be on how Microsoft's Detours can be pivotal in unveiling these issues, due to its capability to dynamically trace and intercept API calls.

Asher Davila
Vulnerability Researcher en Palo Alto Networks

Tony Palma
root@hackgdl.net Discord Twitter LinkedIn Instagram