Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit
Chun Sung Park, Ki Taek Lee, Seungjoo Kim, Yeongjin Jang at Black Hat Europe 2019
In this talk, we share our adventure in applying coverage-based fuzzing to the RDP client, more specifically, virtual channels in RDP. In the RDP client, virtual channels deal with complex functionalities of RDP such as Sound, Graphics (GDI and RemoteFX), USB, Filesystem, SmartCard, etc., most of which involves parsing and allocation of dynamic data. Based on this fact, we set our main fuzzing targets as virtual channels with a hope of finding numerous crashes.
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#fuzzing-and-exploiting-virtual-channels-in-microsoft-remote-desktop-protocol-for-fun-and-profit-17789
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#fuzzing-and-exploiting-virtual-channels-in-microsoft-remote-desktop-protocol-for-fun-and-profit-17789