Game Engines: A 0-Day's Tale
This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing.An Overview Of Online Poker Security
Security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry. Online Gaming (also known as Online Gambling and iGaming) is a successfully growing market, and Online Poker is its main sector with millions of players all around the world betting with real money [...]Battlefield Play4Free Arguments Injection
In this paper we will detail a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by ReVuln at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.EA Origin Insecurity (when local bugs go remote... again)
In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as attack vector against remote systems.Call of Duty: Modern Warfare 3 NULL pointer dereference
In this paper we describe a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.Steam Browser Protocol Insecurity (when local bugs go remote)
In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.
Exploiting Game Engines for Fun and Profit
- Presented at NoSuchCon 2013
- Download our presentation
Multiplayer Online Games Insecurity
- Presented at Black Hat Europe 2013
- Download our presentation
Multiplayer Online Games Insecurity (white paper)
- Presented at Black Hat Europe 2013
- Download our white paper
A 0-day's life: "Offense as Defense"
- Presented at Suits and Spooks DC 2013
- Download our presentation
Owning Multiplayer Online Games
- Presented at Power of Community 2012.
- Download our presentation
Offbreak
Offbreak is a tool that allows you to monitor a target application in order to detect when it tries to retrieve data from a file at a given offset. When such data is read Offbreak will trigger the default debugger, allowing you to analyze the target by starting from the location where it retrieves the data you are monitoring.
Mastering the Masters (Game Servers)
This video details how attackers may use master servers to perform mass-exploiting of game engine vulnerabilities.An overview of Online Poker security
This video details a security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry.Battlefield Play4Free Arguments Injection
This video details a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by ReVuln at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.EA Origin Insecurity
In this video we will demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform.The TV is watching you: Samsung 0-day
In this video we demonstrate one of our 0-day vulnerabilities affecting Smart TV, in this case a Samsung TV LED 3D. Smart TV can be used to browse the internet, use social networks, purchase movies and do many other things. This demo shows how a vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device itself remotely.A showcase of some of our SCADA 0-day exploits
The 0-day vulnerabilities are all server-side and remotely exploitable. This video shows issues affecting the following vendors: General Electric, Schneider Electric, Kaskad, ABB/Rockwell, Eaton, Siemens. Please note that many other 0-day vulnerabilities owned by ReVuln affecting other well known SCADA/HMI vendors have been not included in this video.CryENGINE 3 Remote Code Execution Vulnerability
Video presented at POC2012 demonstrating the exploitation of a 0-day in the current version of the famous CryTek game engine.Steam Browser Protocol Insecurity (when local bugs go remote)
In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.
Snippets of code, including but not limited to, proof-of-concept code, security bypass, etc.
- Bypassing prompts of Origin & Steam links (via Real Player): a way to abuse the Real Player embedded browser to bypass all the "security" prompts made by the usual browsers.
Online Poker Security
- Online Gaming (also known as Online Gambling and iGaming) is a successfully growing market, and Online Poker is its main sector with millions of players all around the world betting with real money. During our assessment we took in consideration several well known online poker solutions, and we demonstrated that a malicious attacker can compromise these systems and compromise remote systems. We released a detailed paper and a demonstration video showing some of the issues we found.
SCADA Security
- We conducted an assessment of various SCADA solutions of vendors such as: General Electric, Schneider Electric, Kaskad, ABB/Rockwell, Eaton, Siemens. We were able to find dozens of server-side vulnerabilities, allowing potential attacker to take control of the SCADA systems remotely. Some of the 0-day issues we found are reported in our demonstration video.
Digital Content Delivery Systems
- Digital delivery systems are very big platforms, used by millions of people around the world. We conducted two assessments related to two well-known digital content delivery systems: EA's Origin and Valve's Steam. We found several issues, including two new remote attack vector that are exposed by such platforms. We detailed Origin Insecurity and Steam Insecurity in two of our papers, additionally we released two demonstration videos [Origin] [Steam].
Multiplayer Online Games Security
- We assessed several well-known multiplayer games, with big player-base. We found a number of different issues, most of them allow potential remote attackers to compromise victims' systems remotely. Some of the multiplayer games we assessed include: Call Of Duty: Modern Warfare 3 in which we found a way that allows attackers to perform Denial Of Service attacks against game servers and BattleField Play4Free, where we found a way to compromise players' systems by performing an argument injection attack on the game client via web. Additionally we released a demonstration video showing the risk of the issue we found.
- We conducted a research focusing on game engines security, we detailed a number of different issues and we demonstrated how an attacker may use master servers to perform mass-exploiting of game engine vulnerabilities.
SmartTV Security
- We conducted a security assessment of a set of Samsung's SmartTv. Samsung is the leading company for SmartTv devices. During our assessment we found several issues, most of them allowing malicious people to compromise or take control of the remote victim's device. We released a video demonstrating the impact of some of the issues we found.
