RomHack 2025 - Leon Jacobs - 7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built

Описание: slides: https://romhack.io/wp-content/uploads...

---

Bloatware. We all hate it, and most of us are good at avoiding it. But some vendor tools – especially those managing critical drivers – can be useful when the Windows Update versions aren’t good enough for performance-critical computing.

What started as a routine driver update took a sharp turn when I confirmed a reboot modal… from my browser. Wait, my browser shouldn’t be able to do that!? To my disappointment (and maybe some surprise), it turned out to be arbitrary code execution – right from the browser. This kicked off a week-long deep dive, uncovering seven CVEs in seven days across several prominent vendors, all exploiting a common pattern: privileged services managing software on Windows with little regard for security.

In this talk, I’ll walk through the journey of discovery and exploitation of several vulnerabilities that lead to LPE/RCE. I’ll cover everything from the initial attack surface discovery, reverse engineering and finally exploitation of several vulnerabilities. By the end, participants will probably be uninstalling similar software mid-session. While the exploitation journey is fun and impactful, these are not the software bugs we should have in 2025. In fact, we have everything we need to do better.

---
Bio:
With over two decades in IT – 15 years focused on cybersecurity – Leon is the CTO of Orange Cyberdefense’s SensePost Team. His career has taken him from a Tier 1 ISP, a private investment bank and now into full-time consulting, giving him a broad, real-world view of security challenges across industries. Today, Leon spends his time researching and hacking everything from enterprise networks to web and mobile applications. Passionate about building and innovating, he’s a regular contributor to the InfoSec community, sharing tools, insights, and lessons learned to help push the field forward.