Sunnyvale, California — July 20, 2021. SafeBreach, provider of the leading continuous security validation platform in large and global-scale enterprises to validate security controls, today announced its experts will again present novel insights and research discovering two critical 0-day vulnerabilities at the upcoming Black Hat USA and DEFCON 2021 conference in Las Vegas, Nevada. Among the premier cybersecurity events in the world, the annual conference convenes the most innovative and creative researchers and hackers to present new exploits, discuss trends and findings, and collaborate on pressing cybersecurity policy issues. This is the fourth consecutive year that SafeBreach researchers have presented findings.
Senior Security Researcher Peleg Hadar and Guardicore’s Security Researcher Ophir Harpaz will present “hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day“ on the Reverse Engineer and Cloud + Platform Security tracks on August 4 at 10:20 am PT at Black Hat. The talk will present hAFL1, a novel kAFL-based fuzzing infrastructure for Hyper-V devices, and demonstrate how hAFL1 was recently used to identify a critical 0-day in Hyper-V vmswitch – an arbitrary read vulnerability that, until only a few weeks ago, could take down big portions of Azure cloud infrastructure.
SafeBreach Labs director of security research Tomer Bar and security Researcher Eran Segal, will present “Our Journey Back To The Future Of Windows Vulnerabilities and the 0-days we brought back with us” on the Demo, Tool, and Exploit tracks on August 6 at 11:00am PT at DEFCON. The talk will present the results of a “time travel” experiment to go back to 2016 to search for patterns of Windows vulnerabilities since then and automatically classify those vulnerabilities to build a database of across all patch-diffs for that period. The researchers will show how they used the database to discover root causes of multiple classes of vulnerabilities to highlight opportunities for exploitation which led to the discovery of multiple additional unpatched exploits based on past exploits and root cause groupings. The team will then demonstrate the tools they created for this novel analysis and explain how other researchers can use them to more efficiently identify exploits by sifting through patterns illuminated through classification and grouped analysis of 0-days and vulnerabilities.