Papers

The following is the archive of public research we have released in the past years about various topics, covering a wide range of security and design issues.

Although such content is rich of technical information, we try our best to make our papers readable and accessible to the largest audience.

PDF files automatically converted to HTML using pdf2htmlEX and with image quality reduced for optimizing bandwidth.

The papers are available on our blog too.

Exploiting Steam Lobbies and Matchmaking (PDF) - HTML

18 Sep 2014

Description of the security vulnerabilities that affected the Steam lobbies and all the games using the Steam Matchmaking functionalities.

Summary: A single attacker was able to easily deny the online experience of many multiplayer games sold on Steam.

Steam Service Security (PDF) - HTML

10 Jul 2014

How a malware or an exploit can use the Steam local service to escalate its privileges.

Summary: Unpatched local privilege escalation issues in the Steam Client Service.

Steam Voip Security (PDF) - HTML

04 Jul 2014

Overview and details about the security issues found in the Steam voice framework.

Summary: Description of various remote security vulnerabilities that affected the voip API used by Steam and various games.

Having fun via WiFi with Philips SmartTV (video)

26 Mar 2014

Video showing a design vulnerability affecting all the 2013 models of Philips SmartTV (6/7/8/9xxx), where the WiFi Miracast feature is enabled by default with the fixed password "miracast" and no PIN or request of permission for the new incoming WiFi connections.

Owning Render Farms via NVIDIA mental ray (PDF) - HTML

10 Dec 2013

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

Game Engines: A 0-Day's Tale (PDF) - HTML

20 May 2013

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing.

An Overview Of Online Poker Security (PDF) - HTML

10 Apr 2013

Security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry.

"Online Gaming (also known as Online Gambling and iGaming) is a successfully growing market, and Online Poker is its main sector with millions of players all around the world betting with real money..."

Battlefield Play4Free Arguments Injection (PDF) - HTML

22 Mar 2013

In this paper we will detail a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by REVULN at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.

Multiplayer Online Games Insecurity (white paper) (PDF) - HTML

22 Mar 2013

White paper of the presentation given at Black Hat Europe 2013

EA Origin Insecurity (when local bugs go remote... again) (PDF) - HTML

15 Mar 2013

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as attack vector against remote systems.

Call of Duty: Modern Warfare 3 NULL pointer dereference (PDF) - HTML

13 Nov 2012

In this paper we describe a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

Steam Browser Protocol Insecurity (when local bugs go remote) (PDF) - HTML

15 Oct 2012

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.

Presentations

The following are the slides of the talks we performed at some of the conferences listed on the Conferences section.

Reloading Java Exploits (PDF) - HTML

02 Jun 2014

Presented at Hack In The Box Europe 2014.

SmartTV Insecurity (PDF) - HTML

27 May 2014

Presented at PHDays IV 2014, from page 45 are available the full details of various vulnerabilities affecting:

Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch (PDF) - HTML

17 Jan 2014

Presented at S4 (SCADA Security Scientific Symposium) 2014

Smashing Exploit Detectors: The Java Exploits Case (PDF) - HTML

11 Nov 2013

Presented at CounterMeasure 2013

Exploiting Game Engines for Fun and Profit (PDF) - HTML

20 May 2013

Presented at NoSuchCon 2013

Multiplayer Online Games Insecurity (PDF) - HTML

22 Mar 2013

Presented at Black Hat Europe 2013

A 0-day's life: "Offense as Defense" (PDF) - HTML

08 Feb 2013

Presented at Suits and Spooks DC 2013

Owning Multiplayer Online Games (PDF) - HTML

13 Nov 2012

Presented at Power of Community 2012

Conferences

The following are some of the conferences that we have attended so far, in some occasions also as speakers.

The slides of the conferences in which we gave a presentation are available in the Presentations section.

Hack In The Box 2014

29 May 2014 - Amsterdam, Netherlands

Reloading Java Exploits: Long Live Old JRE!

Positive Hack Days (PHDays)

21 May 2014 - Moscow, Russia

Smart TV Insecurity

SCADA Security Scientific Symposium 2014

14 January 2014 - Miami, USA

Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch

Countermeasure 2013

07 November 2013 - Ottawa, Canada

Smashing Exploit Detectors: The Java Exploits Case

NoSuchCon 2013

15 May 2013 - Paris, France

Exploiting Game Engines For Fun And Profit

Suits&Spooks 2013 DC

08 Feb 2013 - Washington DC, USA

A 0-days life: Offense as Defense

Black Hat Europe 2013

12 Mar 2013 - Amsterdam, Netherlands

Multiplayer Online Games Insecurity

SCADA Security Scientific Symposium 2013

16 Jan 2013 - Miami, USA

Experimental Project for SCADA/HMI Defense

Power Of Community 2012

08 Nov 2012 - Seoul, South Korea

Owning Multiplayer Online Games

Top