Steam Service Security

How a malware or an exploit can use the Steam local service to escalate its privileges.

Steam Voip Security

Overview and details about the security issues found in the Steam voice framework.

Owning Render Farms via NVIDIA mental ray

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

Game Engines: A 0-Day's Tale

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing.

An Overview Of Online Poker Security

Security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry. Online Gaming (also known as Online Gambling and iGaming) is a successfully growing market, and Online Poker is its main sector with millions of players all around the world betting with real money [...]

Battlefield Play4Free Arguments Injection

In this paper we will detail a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by ReVuln at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.

EA Origin Insecurity (when local bugs go remote... again)

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as attack vector against remote systems.

Call of Duty: Modern Warfare 3 NULL pointer dereference

In this paper we describe a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

Steam Browser Protocol Insecurity (when local bugs go remote)

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.

Reloading Java Exploits


SmartTV Insecurity


Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch


Smashing Exploit Detectors: The Java Exploits Case


Exploiting Game Engines for Fun and Profit


Multiplayer Online Games Insecurity


Multiplayer Online Games Insecurity (white paper)


A 0-day's life: "Offense as Defense"


Owning Multiplayer Online Games

Offbreak

Offbreak is a tool that allows you to monitor a target application in order to detect when it tries to retrieve data from a file at a given offset. When such data is read Offbreak will trigger the default debugger, allowing you to analyze the target by starting from the location where it retrieves the data you are monitoring.

Having fun via WiFi with Philips SmartTV

It's quite interesting to notice that the recent firmware released by Philips for their 2013 models of SmartTV (6/7/8/9xxx) have the WiFi Miracast feature enabled by default ("DIRECT-xy") with a fixed password and no PIN or request of permission for new WiFi connections. The impact is that anyone in the range of the TV WiFi adapter can easily connect to it and abuse of all the nice features offered by these SmartTV models.

Mastering the Masters (Game Servers)

This video details how attackers may use master servers to perform mass-exploiting of game engine vulnerabilities.

An overview of Online Poker security

This video details a security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry.

Battlefield Play4Free Arguments Injection

This video details a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by ReVuln at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.

EA Origin Insecurity

In this video we will demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform.

The TV is watching you: Samsung 0-day

In this video we demonstrate one of our 0-day vulnerabilities affecting Smart TV, in this case a Samsung TV LED 3D. Smart TV can be used to browse the internet, use social networks, purchase movies and do many other things. This demo shows how a vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device itself remotely.

A showcase of some of our SCADA 0-day exploits

The 0-day vulnerabilities are all server-side and remotely exploitable. This video shows issues affecting the following vendors: General Electric, Schneider Electric, Kaskad, ABB/Rockwell, Eaton, Siemens. Please note that many other 0-day vulnerabilities owned by ReVuln affecting other well known SCADA/HMI vendors have been not included in this video.

CryENGINE 3 Remote Code Execution Vulnerability

Video presented at POC2012 demonstrating the exploitation of a 0-day in the current version of the famous CryTek game engine.

Steam Browser Protocol Insecurity (when local bugs go remote)

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.
Snippets of code, including but not limited to, proof-of-concept code, security bypass, etc.

Online Poker Security


SCADA Security


Digital Content Delivery Systems


Multiplayer Online Games Security


SmartTV Security