Investigating the Practicality and Cost of Abusing Memory Errors with DNS

DEF CON 23

Presented by: Luke Young
Date: Saturday August 08, 2015
Time: 16:00 - 16:50
Location: Track Three

In a world full of targeted attacks and complex exploits this talk explores an attack that can simplified so even the most non-technical person can understand, yet the potential impact is massive:

Ever wonder what would happen if one of the millions of bits in memory flipped value from a 0 to a 1 or vice versa? This talk will explore abusing that specific memory error, called a bit flip, via DNS.

The talk will cover the various hurdles involved in exploiting these errors, as well as the costs of such exploitation. It will take you through my path to 1.3 million mis-directed queries a day, purchasing hundreds of domain names, wildcard SSL certificates, getting banned from payment processors, getting banned from the entire Comcast network and much more.

Luke Young

Luke Young (@innoying) - is a freshman undergraduate student pursuing a career in information security. As an independent researcher, he has investigated a variety of well-known products and network protocols for design and implementation flaws. His research at various companies has resulted in numerous CVE assignments and recognition in various security Hall of Fames. He currently works as an Information Security Intern at LinkedIn.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats