Dailydave mailing list archives
Lessons learned from 50 bugs: Common USB driver vulnerabilities
From: Andy Davis <Andy.Davis () nccgroup com>
Date: Tue, 15 Jan 2013 10:47:23 +0000
At INFILTRATE 2012 I presented "Undermining Security Barriers - Further Adventures with USB"[1]. I have just released a white paper entitled "Lessons learned from 50 bugs: Common USB driver vulnerabilities"[2], which analyses the first 50 USB bugs I discovered using the techniques I talked about last year and discusses the most likely locations for USB bugs in the various descriptors and class-specific data structures, which will hopefully be helpful to others researching USB security. Cheers, Andy 1 - http://www.nccgroup.com/media/18320/usb_-_undermining_security_barriers.pdf 2 - http://www.nccgroup.com/media/190706/usb_driver_vulnerabilities_whitepaper_january_2013.pdf ________________________________ Andy Davis Research Director NCC Group Kings Court Kingston Road Leatherhead, KT22 7SL Telephone: +44 1372 383900 Mobile: +44 7545 503298 Fax: +44 1372 383901 Website: www.nccgroup.com<http://www.nccgroup.com> Email: Andy.Davis () nccgroup com<mailto:Andy.Davis () nccgroup com> [http://www.nccgroup.com/_client/images/global/nccgroupIT.jpg] <http://www.nccgroup.com/> ________________________________ This email is sent for and on behalf of NCC Group. NCC Group is the trading name of NCC Group Security Services Limited (Registered in England CRN: 4474600). Registered Office: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF. The ultimate holding company is NCC Group plc (Registered in England CRN: 4627044). Confidentiality: This e-mail contains proprietary information, some or all of which may be confidential and/or legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then delete the original. If you are not the intended recipient you may not use, disclose, distribute, copy, print or rely on any information contained in this e-mail. You must not inform any other person other than NCC Group or the sender of its existence. For more information about NCC Group please visit www.nccgroup.com<http://www.nccgroup.com> P Before you print think about the ENVIRONMENT For more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br> This email message has been delivered safely and archived online by Mimecast. </a>
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Lessons learned from 50 bugs: Common USB driver vulnerabilities Andy Davis (Jan 17)