Leon Jacobs
With over two decades in IT - 15 years focused on cybersecurity - Leon is the CTO of Orange Cyberdefense’s SensePost Team. His career has taken him from a Tier 1 ISP, a private investment bank and now into full-time consulting, giving him a broad, real-world view of security challenges across industries. Today, Leon spends his time researching and hacking everything from enterprise networks to web and mobile applications. Passionate about building and innovating, he’s a regular contributor to the InfoSec community, sharing tools, insights, and lessons learned to help push the field forward.
Session
Bloatware. We all hate it, and most of us are good at avoiding it. But some vendor tools – especially those managing critical drivers - are still necessary, often because the drivers available through Windows Update just aren’t good enough for performance-critical computing.
What started as a routine driver update took a sharp turn when I confirmed a reboot modal… from my browser. Wait, my browser shouldn’t be able to do that!? To my disappointment (and maybe some surprise), it turned out to be arbitrary code execution - right from the browser. This kicked off a week-long deep dive, uncovering seven trivial vulnerabilities in seven days across several vendors, all exploiting a common pattern: privileged services managing software on Windows with little regard for security.
In this talk, I’ll walk through the journey of discovery and exploitation of several vulnerabilities that lead to LPE/RCE, along with a tool to inspect and manipulate Windows Named Pipe communications.