Twee Pwnie awards voor VU-informatici

Tijdens het jaarlijkse Black Hat-congres in Las Vegas heeft de VU-onderzoeksgroep van hoogleraar Systeem- en Netwerkbeveiliging Herbert Bos twee Pwnie awards gewonnen.

03-08-2017 | 15:14

Black Hat in Las Vegas is hét internationale evenement rondom baanbrekend beveiligingsonderzoek. De Pwnie Awards die daar worden uitgereikt, worden daarom ook wel de Oscars van de hackerswereld genoemd.

Pwnie for Most Innovative Research
Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos en Cristiano Giuffrida wonnen deze prijs met ASLR on the line.

Uit het juryrapport: “Exploit writers have been bending over backwards to try to defeat ASLR for the better part of a decade. Usually this requires finding some soon-to-be-patched memory disclosure bug. Of course this is a hard job and needs to be repeated for different browsers/ plugins/ versions, etc. Then these guys come along with a universal ASLR bypass based on timing of the caching of memory access. Of course this works using Javascript in most browsers by default and isn't really something you can fix very easy. Seems too easy, I think I'll keep looking for infoleaks like a real hacker.”

In 2016 won de onderzoeksgroep van Bos ook al de Pwnie Award for Most Innovative Research.

Pwnie for Best Privilege Escalation Bug
Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi en Cristiano Giuffrida wonnen deze prijs met Drammer: Deterministic Rowhammer Attacks on Mobile Platforms.

Deze prijs wordt jaarlijks toegekend aan ‘the researchers who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities’.